DeveloperSide.NET Forums

DeveloperSide.NET => Tools of the Trade => Topic started by: ProBlazer on September 16, 2006, 07:47:45 PM



Title: Tools to Test Your Servers Security
Post by: ProBlazer on September 16, 2006, 07:47:45 PM
What tools (preferably free) is everyone using to test the security of their web servers.

I'm pretty new to this yet, and I'm hosting a server out of my home for streaming music to where ever I am.  

I'm running Apache, Tomcat, SQL, and PHP5.  What recomendations do you all have?


Title: Tools to Test Your Servers Security
Post by: Jorge on September 16, 2006, 10:05:43 PM
I usually start by doing a port scan of the computer and close all port that shouldn't be open.

I then install a firewall Kerio ServerFirewall is great and configure this carfully.

Also i check my error logs and access logs for fishy stuff.


Title: Tools to Test Your Servers Security
Post by: admin on September 16, 2006, 10:11:00 PM
Its all setup secured by default.


Title: Tools to Test Your Servers Security
Post by: DeliriumServers on September 16, 2006, 11:20:55 PM
there are actually a great deal of these types of testing tools out on the net, however many are ment for linux or are hard to run

the best one that I have used is Nessus (the windows version)

you can find out about it here

http://www.nessus.org/index.php


Title: Re: Tools to Test Your Servers Security
Post by: majika on May 16, 2007, 07:03:44 PM
I am what you would call a security type of person who like to test things out and spen time trying new ideaas on penatration testing etc, that aside I would recommend Dameware NT Utilities (http://anonymouse.org/cgi-bin/anon-www.cgi/http://www.dameware.com) or better still X-Scan v2.5 or GFI Languard.

A nice couple of article to read about Vulnerability Assessment and IP Scanning (YOUR OWN LOCALHOST OF COURES :) can be found here and a full write up about the tools used and a bit more info on them can also be found here. here (http://anonymouse.org/cgi-bin/anon-www.cgi/http://www.vulnerabilityassessment.co.uk/vuln.htm)


Title: Re: Tools to Test Your Servers Security
Post by: admin on May 16, 2007, 08:16:16 PM
IMHO, having a router is step 1... Since it will do DNAT, which has the effect of blocking any incoming connections that were not initiated from the inside.

I used to use Netgear [my last one died on me a year or two ago], but Linksys has moved up since, and the WRT54GS is a thumbs up... It will run a custom Linux based firewall/router firmware. Its also very cheap, and with the mentioned firmware, will have the same features as a router that you can expect to pay thousands for.

My last blog post here... http://www.devside.net/blog/category/web-server/ has some other info, CIS and SANS.


Title: Re: Tools to Test Your Servers Security
Post by: japreja on September 21, 2007, 09:57:44 PM
I have heard of an organization that monitors, for free, your site from hacking attempts, A friend of mine used it and they notify the FBI or other agency immediatly upon discovering a hack attempt and they also call you within ten minutes or so.  I dont know the organizations name but I do know it is out there someplace.  I was at his house when he got the call, his site used to be calld kidslinux but I don't think he runs it any more.  It was neet to see it on the news.

Maybee someone here knows what is called.


Title: Re: Tools to Test Your Servers Security
Post by: Esthet on February 18, 2008, 08:42:23 PM
http://www.maxpatrol.com/ is a good security scanner. Here http://www.maxpatrol.com/download/mp7demo.zip is the demo lacking some original heuristic mechanisms, potentially unsafe checks for DoS-vulnerabilities, online updates for vulnerabilities database and some scheduler & reports generating features... but still very useful.