For top security, put best practices in action

If you have the time, plus a bit of Columbo in you, taking a hands-on approach to security by learning how to hack will give you a jump on your hands-off colleagues. You can learn about new vulnerabilities and exploits days before vendors turn them into anti-virus definitions, OS patches, and IDS (intrusion detection system) signatures. If your curiosity takes you far enough, you'll become expert at finding network holes by applying hackers' tools and knowledge.

Mainstream hackers share their knowledge willingly, even with the IT people who make a living preventing hackers' attacks. Respondents to the 2002 InfoWorld IT Security Survey already use Internet security resources; 54 percent read security-oriented Web sites, even though some useful information may be classified as out of bounds. Choose your level of engagement according to your interests, skills, and the degree of risk you're willing to accept. The resources cover the spectrum from filtered, high-level vulnerability alerts to snarky, detailed exploit travelogues and tools.

You can pick up free security documentation, tips, vulnerability alerts, and tools from several utterly safe avenues. Security vendors' and consultancies' sites are easy to find, but because they sell products and services, most don't give much away. Start by tapping into http://www.cert.org and other security alert sites for high-level summaries of new vulnerabilities -- that's how 86 percent of respondents stay on top of widely publicized threats. Then move on to safe sites that offer more detailed information and free, useful tools for testing and tuning your network's defenses.

The Bugtraq mailing list and the SecurityFocus Web site (http://www.securityfocus.com points to both) are safe places to learn about new exploits. Hackers compete to uncover fresh vulnerabilities and submit them to Bugtraq; it's a hacking rite of passage and keeps Bugtraq busy and relevant. Symantec (the most trusted security software vendor according to surveyed readers) recently acquired SecurityFocus, so the direction of the site and the list could take a less open, more commercial direction, perhaps keeping the best bits of Bugtraq for itself.

The http://www.freshmeat.net Web site is a searchable repository for open-source software and documentation. Most of the software is written for Linux, but a project's home page link may point to Solaris, BSD, Windows, and other ports of popular tools. The freshmeat.net database is huge, so search with narrow keywords, such as "exploit," "vulnerability," "scanner," and "cracker." Remember that back doors can be buried even in published source code; always run new noncommercial tools in isolation first. Be sure you understand them thoroughly before you let them near your network.

You can find a free, widely used network scanner called Nmap at http://www.insecure.org. This cross-platform tool scans your network the way hackers do, looking for vulnerable services. This site is an excellent resource for security information. Under the Security Tools link sits a comprehensive if slightly dated list of the top 50 open-source and commercial security tools identified by Nmap users. It also maintains Web archives of the best security mailing lists, including Bugtraq, and helps you subscribe to them.

We wouldn't think of running a Windows network without the tools at http://www.sysinternals.com. This freeware collection provides basic yet indispensable tools for monitoring system and network facilities. If you suspect you're under attack, the Sysinternals tools help you drill into processes and network connections. You can monitor changes to your registry and file systems in real time. It's helpful to watch malware open back doors and interfere with your programs. Like the most worthwhile tools, Sysinternals' software helps you act on what you find. You can kill processes and close network connections with a button click. Sysinternals sells beefed-up commercial versions of its tools, but its freeware isn't crippled or time-bombed.

No harm can come from subscribing to a mailing list or reading safe Web sites. The risk of using hacking tools, exploit knowledge, or powerful cross-purpose tools is harming your network -- or your career. Large companies have stringent security policies; 86 percent of survey respondents actively enforce those policies. Just accessing some of these sites and tools could get you fired. Before you take an active approach to security management, make sure your bosses approve of what you're doing.

No one outside your IT security organization should engage in internal hacking, no matter how well-meant those efforts might be. If your company wants a jump on published security information, the best way may be to drop a few of its own people into the trenches. An IT security detail equipped with an isolated lab, powerful tools, and the knowledge to use them safely can be an invaluable asset. No hat on earth is whiter than the one on your head.

Join the newsletter!

Error: Please check your email address.

More about CERT AustraliaIT PeopleSecurityFocusSymantec

Show Comments

Market Place