Login | Register   
LinkedIn
Google+
Twitter
RSS Feed
Download our iPhone app
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX


advertisement
 

Free Web Server Protection: Build a Managed Security Solution with Open Source Tools

Building a complete managed security solution for your Web server doesn't have to cost money with the open source tools currently available. Apply these tools to gain a better assessment of the risks your Web servers face.


advertisement

esigning a managed security solution (MSS) for your Web servers will cost you, but it doesn't have to be money. Time and diligence are the only things you need to expend when you deploy various freely available tools that you can use to build your Web server MSS.

Port Scanners
First of all, to build a complete MSS you need to be aware of any unauthorized activity on your network and your Web servers. Use port scanners to footprint your environment and determine whether you've left doors open to intruders via the Web. These scanners detect rogue machines running on your server and even rogue servers running on your network by initiating TCP connections to the ports and IP address ranges that you specify and checking whether each port has an open connection.

Make sure you specify only the ports that make sense for you on your target scan list. You probably don't want to scan the entire range of 65,535 available ports, so limit the your target range to the ones that most concern you (e.g., ports 80, 8080, 443, and 3128 are common Web-related services ports).



The port scanners will return a wealth of data. Some of them can identify the operating system running on a target machine or even retrieve the banner off a connected, but unauthorized, server. However, the most useful information a scanner will produce for security purposes is server IP addresses, corresponding open ports, and banners from the servers. With these three pieces of data, you can gain a big picture understanding of the Web-related activity on your network.

The following is a list of freely available port scanners you can download implement into your managed security solution:

  • NmapNmap is the best known port scanner. It can perform various scans, identify a target machine's operating system, and even tell you whether the TCP ISN it generates is random enough for strong security. Nmap runs on both Windows and Unix platforms, but it does not retrieve the port banner.
  • FScan and SuperScanFScan is a small, fast command-line tool that runs only on the Windows platform. It grabs banners, if any exist. SuperScan also is a free scanner that runs on Windows. It offers a graphic user interface through which you control your scans and view your results.
  • NessusNessus is more than just a port scanner. It scans for client/server architecture vulnerabilities as well. You can use it as a port scanner to scan your specified IP range and port, and then run it as a vulnerability scanner afterwards.
  • WotWeb—This small tool written and released freely by Robin Keir not only scans ports but also generates a list of IP addresses, open ports, and the banners it grabs from open ports. Because its results are in the ASCII format, you can easily import them into a spreadsheet for future reference.

What's It All Mean?
You have to understand your port scanner's output format so you can grab just the information you need. For example, with FScan, you can use the '-o' switch to generate its output to a text file. When it detects an open port on a certain host, the following result would be shown:


10.0.0.31          80/tcp  
   HTTP/1.1 400 Bad Request[0D][0A]Server: Microsoft-IIS/4.0[0D][0A]Date: Mon
   , 15 Oct 2001 20:04:00 GMT[0D][0A]Content-Type: text/HTML[0D][0A]Content-L
   ength: 87[0D][0A][0D][0A]<HTML><head><title>Error</title></head><body>The 
   parameter is incorrect. </body></HTML>

The first line displays the IP address and the port number (80 in this case). Now you can extract the information we need using this regular expression:


 ([\d\.]+)\s+(\d+)\/tcp

The first variable will be the IP address, and the second will be the port number. You will then have a list of servers and the ports open on them. The same method can be applied to the other port scanners.



Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Sitemap
Thanks for your registration, follow us on our social networks to keep up-to-date