Network Security Research etc.?

**Eclipse2003** · 09-22-2006, 07:26 AM

Anyone know of a good free software that can be used to scan for vulnerabilities in a network? Also, does anyone have any links with good discussions about network security (what softwares to use, how hackers can get into your network, how to prevent, why simple firewalls on standard routers may not be enough, etc.)? I am trying to learn alot about network security and figured this was a good place to ask for advice. Thanks guys.

Tobywuk · 09-22-2006, 01:58 PM

im tying to learn the same thing, and will be going on to do a degree in System security next year.

First place i started with was a program called Nmap.

newhouse1390 · 09-22-2006, 09:03 PM

ISS- Unix Security (our use) MBSA (Windows vulnerabilities)

**Cellus** · 09-24-2006, 11:15 AM

nmap and Nessus are great scanners to find vulnerabilities. They are the same tools crackers like to use, and (if used on your own network with permission) are legal. I should note that Nessus is designed to run off a Linux environment, however it is a lot more user-friendly.

nmap
Nessus

One tool I have found immensely useful is the CIS Benchmark and Scoring Tool, which is basically MBSA on steroids. The CIS tool for Windows is very straightforward (it'll ask you a couple questions, then scans your computer) and displays results with answers with instructions on how to fix problems using a very nice .xml page. The CIS tool for Linux is bit more complicated, however it fixes problems/weaknesses on-the-fly as you answer questions. The Linux one just comes with a .conf file - you will also need to download and install Bastille to run the questions.

There are two things that come with the Windows tools - the Benchmark guide (PDF) and the Scoring tool. The Benchmark is a good reference that displays preferable settings depending on how restrictive you want things, all displayed in a neat table. You may refer to it from time to time when securing your system after running the Scoring tool. The Scoring tool will ask questions and scan your system, displaying results in its "Benchmark Report". You will need to set the paramaters of the scan (very easy) by selecting the environment the system is running in. For example, "Legacy Standalone" is good for a one-off system that is not a workstation in a domain (such as a home computer). "Enterprise" is mainly geared towards workstations and servers (where applicable). "Specialized Security" is for the extremely security conscious, and to be honest should not be used unless you know exactly what you are doing. Its recommended settings are extremely restrictive, if not sometimes not even feasible.

Note: Do not apply all the security measures in the CIS tools as you can cause yourself to be permanently locked out of your own system. Make sure to read the solutions carefully and that they do not conflict with anything you have already implemented. A perfect score with the tool is not realistically possible, as the highest score would have your system unusable by users (too many restrictions and lockouts). Be aware of the choices you make. I found a final score of ~80-85 in Windows (using Legacy Standalone as an example) to be acceptable while having everything working. Depending on your system hardware and what you use the system for, you preferable score may vary. A slightly lower score is to be expected when having network services running (and/or using the Enterprise benchmark), as the tool gets rather picky about those.

http://www.cisecurity.org

Addendum: In terms of a foundation of knowledge in security, the CompTIA Security+ certification is good to have. At the very least you should look into finding reference material for the certification, which you can find easily with the help of your favourite search engine or a trip to the library/bookstore.

**Eclipse2003** · 11-15-2006, 12:27 PM

Ok I downloaded and ran a couple of those programs on my home laptop and now I have to reboot a few times before I am able to boot up completely. It gets locked on the Loggin In screen. I am running XP Home Edition. When I am able to finally to log in, it comes up with a login prompt in the background and says "Unable to log you in due to an account restriction." And I click Ok and then it comes up to the normal Log In screen where you just click a name and you log in. Any ideas on how to fix this? I have uninstalled both programs but not sure what it changed. Thanks for the help.

newhouse1390 · 11-15-2006, 01:58 PM

Try booting up in safe mode and logging in using the administrator account.

**Eclipse2003** · 11-15-2006, 02:02 PM

I can log in in Normal Mode successfully if I reboot a few times. I just want to figure out what was changed and how to change it back. What will logging into Admin account from Safe Mode do?

newhouse1390 · 11-15-2006, 08:14 PM

I am sorry I must have read too quickly.

Quote:

Note: Do not apply all the security measures in the CIS tools as you can cause yourself to be permanently locked out of your own system. Make sure to read the solutions carefully and that they do not conflict with anything you have already implemented. A perfect score with the tool is not realistically possible, as the highest score would have your system unusable by users (too many restrictions and lockouts). Be aware of the choices you make. I found a final score of ~80-85 in Windows (using Legacy Standalone as an example) to be acceptable while having everything working. Depending on your system hardware and what you use the system for, you preferable score may vary. A slightly lower score is to be expected when having network services running (and/or using the Enterprise benchmark), as the tool gets rather picky about those.

I can't give you an explanation as to why this has happened typically it is due to a recent hardware or software change. When people get too into securing their system they eventually lock themselves out

. I would back up all data, start in safe mode, run system restore to a point prior to the machines abnormal reboot behavior.

**Cellus** · 11-18-2006, 02:01 AM

You are not the first person to have locked himself out after putting a lock on every door and throwing the keys inside... only to find you can't get back in. It's best to find a balance. Afterall, the A in IT Security's CIA model is Accessibility. What's the point in locking down a system only to have caused a Denial of Service on yourself?

09-22-2006, 07:26 AM	#1 (permalink)
Eclipse2003 TSF Enthusiast Join Date: Apr 2005 Location: Ohio Posts: 1,156 OS: XP	Network Security Research etc.? Anyone know of a good free software that can be used to scan for vulnerabilities in a network? Also, does anyone have any links with good discussions about network security (what softwares to use, how hackers can get into your network, how to prevent, why simple firewalls on standard routers may not be enough, etc.)? I am trying to learn alot about network security and figured this was a good place to ask for advice. Thanks guys.

09-22-2006, 09:03 PM	#3 (permalink)
newhouse1390 Member, Networking Team Join Date: Jan 2005 Location: Ohio Posts: 1,040 OS: Windows Server 2003	ISS- Unix Security (our use) MBSA (Windows vulnerabilities) __________________ Because you can read this thank a teacher, because it's English thank a soldier.

09-24-2006, 11:15 AM	#4 (permalink)
Cellus Moderator Networking Team Join Date: Aug 2006 Location: Canada Posts: 2,664 OS: Windows Vista Business SP1, Windows XP Professional SP3 My System	nmap and Nessus are great scanners to find vulnerabilities. They are the same tools crackers like to use, and (if used on your own network with permission) are legal. I should note that Nessus is designed to run off a Linux environment, however it is a lot more user-friendly. nmap Nessus One tool I have found immensely useful is the CIS Benchmark and Scoring Tool, which is basically MBSA on steroids. The CIS tool for Windows is very straightforward (it'll ask you a couple questions, then scans your computer) and displays results with answers with instructions on how to fix problems using a very nice .xml page. The CIS tool for Linux is bit more complicated, however it fixes problems/weaknesses on-the-fly as you answer questions. The Linux one just comes with a .conf file - you will also need to download and install Bastille to run the questions. There are two things that come with the Windows tools - the Benchmark guide (PDF) and the Scoring tool. The Benchmark is a good reference that displays preferable settings depending on how restrictive you want things, all displayed in a neat table. You may refer to it from time to time when securing your system after running the Scoring tool. The Scoring tool will ask questions and scan your system, displaying results in its "Benchmark Report". You will need to set the paramaters of the scan (very easy) by selecting the environment the system is running in. For example, "Legacy Standalone" is good for a one-off system that is not a workstation in a domain (such as a home computer). "Enterprise" is mainly geared towards workstations and servers (where applicable). "Specialized Security" is for the extremely security conscious, and to be honest should not be used unless you know exactly what you are doing. Its recommended settings are extremely restrictive, if not sometimes not even feasible. Note: Do not apply all the security measures in the CIS tools as you can cause yourself to be permanently locked out of your own system. Make sure to read the solutions carefully and that they do not conflict with anything you have already implemented. A perfect score with the tool is not realistically possible, as the highest score would have your system unusable by users (too many restrictions and lockouts). Be aware of the choices you make. I found a final score of ~80-85 in Windows (using Legacy Standalone as an example) to be acceptable while having everything working. Depending on your system hardware and what you use the system for, you preferable score may vary. A slightly lower score is to be expected when having network services running (and/or using the Enterprise benchmark), as the tool gets rather picky about those. http://www.cisecurity.org Addendum: In terms of a foundation of knowledge in security, the CompTIA Security+ certification is good to have. At the very least you should look into finding reference material for the certification, which you can find easily with the help of your favourite search engine or a trip to the library/bookstore. __________________ TSF Networking Team Virus/Trojan/Spyware Removal Help Donate! Last edited by Cellus; 09-24-2006 at 11:31 AM.

11-15-2006, 01:58 PM	#6 (permalink)
newhouse1390 Member, Networking Team Join Date: Jan 2005 Location: Ohio Posts: 1,040 OS: Windows Server 2003	Try booting up in safe mode and logging in using the administrator account. __________________ Because you can read this thank a teacher, because it's English thank a soldier.

11-18-2006, 02:01 AM	#9 (permalink)
Cellus Moderator Networking Team Join Date: Aug 2006 Location: Canada Posts: 2,664 OS: Windows Vista Business SP1, Windows XP Professional SP3 My System	You are not the first person to have locked himself out after putting a lock on every door and throwing the keys inside... only to find you can't get back in. It's best to find a balance. Afterall, the A in IT Security's CIA model is Accessibility. What's the point in locking down a system only to have caused a Denial of Service on yourself? __________________ TSF Networking Team Virus/Trojan/Spyware Removal Help Donate!

09-22-2006, 01:58 PM	#2 (permalink)
Tobywuk Registered User Join Date: Aug 2006 Posts: 11 OS: XP Pro	im tying to learn the same thing, and will be going on to do a degree in System security next year. First place i started with was a program called Nmap.

11-15-2006, 12:27 PM	#5 (permalink)
Eclipse2003 TSF Enthusiast Join Date: Apr 2005 Location: Ohio Posts: 1,156 OS: XP	Ok I downloaded and ran a couple of those programs on my home laptop and now I have to reboot a few times before I am able to boot up completely. It gets locked on the Loggin In screen. I am running XP Home Edition. When I am able to finally to log in, it comes up with a login prompt in the background and says "Unable to log you in due to an account restriction." And I click Ok and then it comes up to the normal Log In screen where you just click a name and you log in. Any ideas on how to fix this? I have uninstalled both programs but not sure what it changed. Thanks for the help.

11-15-2006, 02:02 PM	#7 (permalink)
Eclipse2003 TSF Enthusiast Join Date: Apr 2005 Location: Ohio Posts: 1,156 OS: XP	I can log in in Normal Mode successfully if I reboot a few times. I just want to figure out what was changed and how to change it back. What will logging into Admin account from Safe Mode do?