security penetration test

Is there a free security network penetration test that will show me a list of problems that my network might have regarding security?  I want to try and fill the holes if there are any.
mkramer777Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jorge diazSECommented:
If you don't mind dealing with a sales call i'd advise to download the 30 trail of nexpose. Commercial vulnerability scanners have more scanning and reporting capabilities than the free one.  That'll make your job of "patching the holes" way easier too.
0
btanExec ConsultantCommented:
Quite a list in the link
zmap - Open source network scanner that enables researchers to easily perform Internet-wide network studies.

nmap - Free security scanner for network exploration & security audits

Nexpose - Commercial vulnerability and risk management assessment engine that integrates with Metasploit, sold by Rapid7

LOIC - Open source network stress tool for Windows.

SlowLoris - DoS tool that uses low bandwidth on the attacking side
https://github.com/enaqx/awesome-pentest/blob/master/README.md#network-vulnerability-scanners

Do make sure you whitelist the scanner in the firewalls so that the scanner will be fruitful. In fact target also the default setting in each device like default admin account and unnecessary service like ftp, telnet, etc open. These are point for further penetration.
0
masnrockCommented:
What is the size of your network? How many sites and users?

OpenVAS (vulnerability scanner) and NMap (network scanner that can identify open ports and also help identify some vulnerabilities) are two tools that are entirely free. Advanced IP Scanner is another free port scanner that is available. You can also try Kali Linux, which has a large number of security tools all in one bundle.

But at the end of it all, you would be best served getting a commercial product where you can constantly monitor for vulnerabilities. Tenable has SecurityCenter, but that only makes sense for larger companies IMO due to the sheer cost. They also make Nessus, which only has a 7 day trial period. Nexpose isn't cheap, but far more cost friendly. You may even be able to find companies that can have a hosted instance for you.

I would also encourage you to review your firewall rules on the regular basis. A common error is keeping ports open from systems that are no longer in use. Or even having systems running that were supposed to be decommissioned. I dealt with one company that got hit with ransomware through brute force on a Remote Desktop server that was supposed to have been no longer in operation.

Have you been keeping your software and systems patched? Those are sources of vulnerabilities as well. How do handle patch management?

How are people accessing resources remotely today? You might want to review how people are doing it now. Or maybe even consider multi factor authentication.

Also take a look at your processes for on and off boarding staff. Are you terminating access quickly? Are you allowing people to have generic accounts that are shared?

I know I am going a bit beyond the scope of your question, but wanted to be sure you were thinking about different aspects of security in the process of your review.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

mkramer777Author Commented:
Thanks for the advice.   Maybe you could tell me if I am doing enough for security.  For remote users we use Cisco Any Connect an then have each user RDP to the server with a password.  Cisco also has a password of course.  For patch management we use Solar Winds MSP.    We also have Cisco Web Security for internet scanning and in about 10 days we will be switching over to a SonicWall (right now we use Cisco ASA for firewall)   Endpoint protection is Sophos Cloud.  And outlook 365 we use the online advanced threat protection.  Do you think this will suffice or am I missing a key element of security?
0
masnrockCommented:
You require VPN in order to use RDP? That's a great thing. Is that server accessible directly from the outside at all? (Basically, can it be accessed remotely without VPN?)

You do have a patch management solution, that's also a huge plus. Think upon what your current patch management policies and procedures are.

You did answer a question that would've eventually come up, which would've been regarding web security. At least you are filtering. If you wanted an extra layer of protection, you could look at Cisco Umbrella, which deals with filtering of DNS requests, so malicious can get blocked before the actual page is fully requested (by no means required, just throwing that out there). But I will ask this: Since you are moving to a Sonicwall, did you get the CGSS subscription which includes things like web filtering?

Sounds like you have a lot of good pieces there. Policy also matters as well, along with some of the other things that were brought up along the way in this convo (i.e. procedures in terms of providing access and terminating accounts, whether users have or require admin rights on their machines, and so on).
0
btanExec ConsultantCommented:
For remote users we use Cisco Any Connect an then have each user RDP to the server with a password.  
You would consider remote user to have 2FA to enhance the authenticity as password alone is consider weak. It is mandated at my side as policy but we also advocate user to using a strong password.
We also have Cisco Web Security for internet scanning and in about 10 days we will be switching over to a SonicWall (right now we use Cisco ASA for firewall)  
May want to check if the WAF can address Application DoS like slowloris. At the same in even of HTTPS traffic, the deep inspection may be lacking as there is no decryption at the perimeter. It will based more on endpoint scan of the received data.
Endpoint protection is Sophos Cloud.  And outlook 365 we use the online advanced threat protection.
you probably need to consider the data recovery and backup as well, specifically in event a malware like ransomware does get through, will data backup be readily to recover. Understand that Sophos InterceptX address the ransomware attack, and the ATP is good but probably you should check that SPF and DKIM is implemented. ATP is good in detecting the Pasby Hash attack or similar lateral movement to penetrate the other server by reusing weak password hash. can further ask how about the recovery aspect. Other candidate may include Carbonite.
0
mkramer777Author Commented:
I also have carbonite on every machine in the company.  And to asnwer a question above:  The only way to get to servers is through VPN.   I also got CGSS filtering with the SonicWall.  This will eventually replace Cisco Web Security as it is overlap.
0
masnrockCommented:
I also got CGSS filtering with the SonicWall.  This will eventually replace Cisco Web Security as it is overlap.
Just wanted to make sure you didn't inadvertently create a gap of some sort.

And it's good that btan brought up this part, because I very much agree with it:
.. and the ATP is good but probably you should check that SPF and DKIM is implemented..

Sounds like you have a pretty good groundwork. So that, along with good policies and some of the suggestions on here, will definitely really have you in great shape.
0
btanExec ConsultantCommented:
Hopefully my reply has helped but apparently not.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.