5. Attack Your Own System: Portscanners

Attacking your own system with the tools crackers are likely to use is a simple and effective procedure --- knowledge is everything, particularly if it's the same knowledge as a potential intruder will have. Use it to close potential holes.

5.1. Satan, Saint...

SATAN was designed as a tool tool to help systems administrators. It recognizes several common networking-related security problems, and reports the problems without actually exploiting them.

SATAN itself is apparently no longer under development, however, SAINT, the Security Administrator's Integrated Network Tool, is an updated and enhanced version of SATAN. More information can be found in the on-line documentation

5.2. Portscanners

Every port --- both TCP and UDP --- which is open on a system is a potential entry point for an intruder. It is therefore essential to know all about every port that's open --- and why. The only way to be sure is to use a portscanner such as nmap or nessus. The "cracker's eye view" of a system these utilities provide is be invaluable.

5.2.1. nmap

Naive portscanning can be obvious --- you'll see lots of entries in system logs. Enter nmap which can perform stealth scans, that is send TCP packets designed to trigger a response from a target machine without completing a connection (and therefore without creating a log entry). nmap can perform both TCP and UDP scans.

For details see the nmap website; see also Checking Your Work with Scanners, Part I: nmap, Linux Journal, May 2001.

5.2.2. Nessus

Nessus is a security scanner --- a specialised portscanner. Nessus uses a database of signatures of software which one can expect to find listening on ports to make educated guesses to determine what applications/packages are running. Armed with this information Nessus supplied details of known vulnerabilities.

For details see the web site; see also Checking Your Work with Scanners, Part II: Nessus, Linux Journal, June 2001.

...previousup (conts)next...



About this document:

Produced from the SGML: /home/isd/public_html/_unix_security/_reml_grp/unix_security_survey.reml
On: 10/11/2004 at 9:49:32
Options: reml2 -i noindex -l long -o html -p multiple