Testing Network Security

So throughout the series we've been talking about things from firewall's and
physical security and installing anti-malware tools.

All these different issues.

And the end result of all this is what a safe network.

Well that's the big challenge.

How do you know that your network safe.

The answer is unfortunately in most cases you don't know that there's simply so
much complexity out there in terms of networks.

I know that you've got a firewall installed at your gateway router but maybe you
set up an access control is that's letting something through.

You're not supposed to or I know that you have an individual system that's running
a good anti-malware program.

But what was the last time it was updated.

So there's a lot of issues that come into play that we really have to say to
ourselves is our network vulnerable and well it happens.

So if you've got a lot of money you've got professionals who come out and beat your
network to a pulp and show you all these horrible scary vulnerabilities.

But for most of us what we're really trying to do more than anything else is
inspect systems for open ports open ports are the bane of our existence.

Now I'm not talking about ports that you've intentionally opened although sometimes
those are things that should be inspected as well.

But I'm just talking about installing a piece of software that opens a port or
updating the firmware on a router which opens up ports or hitting a checkbox on a
switch configuration screen that opens a port.

So ports are being opened all the time and we don't know about it.

So what we need to be able to do is to scan systems to look for more than anything
else open ports.

So these vulnerabilities just need to be checked and then once you know it you may
want and uncheck them or do whatever you need to do.

But we need a tool that's going to allow us to see what's happening in terms of the
vulnerabilities of our network.

Now for the network plus there are two different vulnerabilities scanners that are
mentioned and they're both actually very good.

There's Nessus and then there's Nmap.

Now I like them both but unmap has a very pretty graphical front end for us Windows
users.
So I'm going to show you and Nmap let me show you how this works.

Now this is Nmap so all I did well to be technically correct this is not in map
this is Zen map which is a graphical user interface for and map which is actually
running in the background.

And because I'm lazy and I don't like to type see these long drawn out commands
like this actually this is a fairly short when you could get a lot crazier than
this.

So all you need to do is type in a target IP address and then I could go ahead and
run the scan and it has a built in scans and Xining look for all kinds of stuff.

Now what I've done here is I've actually run a scan on my router.

So I want to see what's happening on my router.

Now there's not actually a whole lot happening.

That's why it's a good one to show.

But the when it's most interesting is right here.

So here's open ports on my router.

Now if you take a look it's port 80 and port 443.

And if you've been paying attention in the episodes you know that that's HTTP and
secure HTTP So it's actually good.

I want these ports to be open now but this would be interesting if for example I
only wanted to access my router through secure HTTP then maybe I wouldn't want this
one open.

Now keep in mind also this guy can do is scan for us he doesn't actually fix
anything.

It's up to us to go through and actually go through all the testing.

The important thing to appreciate is that even though open ports are the big
problem most of these scanners can do a lot more than this.

They can check for things like Do you have services running on a particular system
that you don't want running.

They can go through and take a look at the typology of your network and suddenly
find other devices that you didn't even know were out there.

So these are really handy tools.

And the cool part about these two is that they're free.

How can you beat that.

Scanning is a good thing.

But we also want the ability to know when bad guys are doing stuff.

And that's why we have things like intrusion detection intrusion detection is good
but then sometimes it's in our best interest to let the bad guy do whatever he's
doing so that we could figure out why this person is attacking us.

Does that make sense to you where we could actually come in and watch the guy do
stuff.

Now we do this all the time that we do this.

What are called honeypots or honeynets, a honeypot is nothing more than a computer
that looks acts Barks smells tastes like a server of some type but it's not really
a server.

It's kind of a fake server.

It looks like a little honeypot and it attracts bad guys like bees and we will and
will actually record their keystrokes to figure out what they're doing.

A honeynet is exactly like a honeypot except it manifests as a complete network.

So there would be multiple computers now using honeypots can be pretty hairy to say
the least because let's say you have a honeypot that's acting as a web server.

In that case you would have to go through some pretty intense stuff to make it look
like a web server to a bad guy.

So while that works fine.

There's also a lot of very simplistic tools and that's what I'm going to show you
right now.

These are freeware tools that allow you to make a quick Do It Yourself honeypot.

So the honeypot that I'd like to show you is called honeybot this is a very simple
honeypot.

And I also like it because it's free but it does a pretty good job.

But I want to do is let me start this app and now my honeypots, honey pots
running.

So I've got my other little computer here and what I'm going to do is I'm actually
going to try to get to what's a web server.

So this is actually pretending to be a web server and I'm going to use my little
computer here.

And here we go.

So if we take a look we'll see that there is incoming data and it gives us the IP
address of the remote device which is just my little netbook next to me and it
shows that people are actually trying to get in.

Now that's pretty much all that this particular honeypot can do.

But you could get very advanced honeypots that will literally emulate a complete
web server.

So if you want to see how people are trying to hack into IIS to access your
index.HTM file to corrupt it.
Well there are honeypots out there that cost big moolah that will let you do stuff
like that in this case this honeypot is really just maybe a click above just
intrusion detection because it's real time information in terms of the ports and
it's trying to attack and all that.

The other thing that's kind of cool though that even with this little simplistic
tool we actually when we get onto the onto the site it brings up a web page and
everything so it really is in essence a very simplistic web server but just enough
so that we can actually watch the bad guys do the evil voodoo that they do well.

So these are some pretty fun toys and I'll tell you just between Nessus and Nmap
alone any nerd worth their salt is going to download a copy and play with it.

There are a lot of fun.

And I actually use these quite a bit in my office life and whenever I'm testing my
networks when it comes to honeypots and honeynet So I've got to be honest with you
I just don't find myself in that situation where I'm actually trying to find out
what bad guys are doing.

So while vulnerability scanners are incredibly common the chances of you using a
honeypot or a honeynet in the real world pretty small.

Open ports allow access into a computer or device

Nmap can scan a system and identify any open ports, services, and devices

Honeypots and honeynets are designed to bait would-be-hackers