DeveloperSide.NET Forums
December 10, 2019, 06:46:11 PM *
Welcome, Guest. Please login or register.

Login with username, password and session length
News:
 
   Home   Help Search Login Register  
Pages: [1]
  Print  
Author Topic: Tools to Test Your Servers Security  (Read 29333 times)
0 Members and 1 Guest are viewing this topic.
ProBlazer
Member
*
Posts: 22


View Profile
« on: September 16, 2006, 07:47:45 PM »

What tools (preferably free) is everyone using to test the security of their web servers.

I'm pretty new to this yet, and I'm hosting a server out of my home for streaming music to where ever I am.  

I'm running Apache, Tomcat, SQL, and PHP5.  What recomendations do you all have?
Logged
Jorge
Customer, Basic Support
Guru
*****
Posts: 544

jorge_schrauwen@msn.com
View Profile WWW
« Reply #1 on: September 16, 2006, 10:05:43 PM »

I usually start by doing a port scan of the computer and close all port that shouldn't be open.

I then install a firewall Kerio ServerFirewall is great and configure this carfully.

Also i check my error logs and access logs for fishy stuff.
Logged

admin
Administrator
Master of All Subjects
*****
Posts: 3272


View Profile WWW Email
« Reply #2 on: September 16, 2006, 10:11:00 PM »

Its all setup secured by default.
Logged

DeveloperSide.NET
Advanced PHP and MySQL Solutions for your Web Design and Development needs with Web.Developer Server Suite.
DeliriumServers
Customer, Basic Support
Jr. Member
*****
Posts: 61

delirium.martin@gmail.com a5m0deu5
View Profile WWW
« Reply #3 on: September 16, 2006, 11:20:55 PM »

there are actually a great deal of these types of testing tools out on the net, however many are ment for linux or are hard to run

the best one that I have used is Nessus (the windows version)

you can find out about it here

http://www.nessus.org/index.php
Logged

es, i'm crazy
majika
Member
*
Posts: 14


View Profile
« Reply #4 on: May 16, 2007, 07:03:44 PM »

I am what you would call a security type of person who like to test things out and spen time trying new ideaas on penatration testing etc, that aside I would recommend Dameware NT Utilities or better still X-Scan v2.5 or GFI Languard.

A nice couple of article to read about Vulnerability Assessment and IP Scanning (YOUR OWN LOCALHOST OF COURES :) can be found here and a full write up about the tools used and a bit more info on them can also be found here. here
Logged
admin
Administrator
Master of All Subjects
*****
Posts: 3272


View Profile WWW Email
« Reply #5 on: May 16, 2007, 08:16:16 PM »

IMHO, having a router is step 1... Since it will do DNAT, which has the effect of blocking any incoming connections that were not initiated from the inside.

I used to use Netgear [my last one died on me a year or two ago], but Linksys has moved up since, and the WRT54GS is a thumbs up... It will run a custom Linux based firewall/router firmware. Its also very cheap, and with the mentioned firmware, will have the same features as a router that you can expect to pay thousands for.

My last blog post here... http://www.devside.net/blog/category/web-server/ has some other info, CIS and SANS.
« Last Edit: September 21, 2007, 10:27:26 PM by admin » Logged

DeveloperSide.NET
Advanced PHP and MySQL Solutions for your Web Design and Development needs with Web.Developer Server Suite.
japreja
Member
*
Posts: 10


View Profile WWW
« Reply #6 on: September 21, 2007, 09:57:44 PM »

I have heard of an organization that monitors, for free, your site from hacking attempts, A friend of mine used it and they notify the FBI or other agency immediatly upon discovering a hack attempt and they also call you within ten minutes or so.  I dont know the organizations name but I do know it is out there someplace.  I was at his house when he got the call, his site used to be calld kidslinux but I don't think he runs it any more.  It was neet to see it on the news.

Maybee someone here knows what is called.
Logged
Esthet
Member
*
Posts: 1


View Profile
« Reply #7 on: February 18, 2008, 08:42:23 PM »

http://www.maxpatrol.com/ is a good security scanner. Here http://www.maxpatrol.com/download/mp7demo.zip is the demo lacking some original heuristic mechanisms, potentially unsafe checks for DoS-vulnerabilities, online updates for vulnerabilities database and some scheduler & reports generating features... but still very useful.
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.9 | SMF © 2006-2009, Simple Machines LLC Valid XHTML 1.0! Valid CSS!