Network Scanning - Shareware

Network scanning and security should not be taken lightly. It can be time consuming, and if you try to do it yourself, odds are you will fall victim to "analysis paralysis", and never go beyond being one SP behind Microsoft's current release.

The best advice is to hire an IT consulting company which specializes in security scanning at reasonable pricing.

If you can't bring yourself to do that, we recommend purchasing commercial scanning software such as ISS's Internet Scanner (best of class in almost every comparison we've seen), or Harris Corp's STAT (shortcoming is that it can only scan Win NT/2K machines), and taking the time and training to learn how to use them. Go To Special Pricing Offer.

However, if you are dead set on scanning and securing your network with free software, here's our recommendation on how to accomplish that.

Network Mapping - The first step is to map out the network. To do this, you need to determine what hosts and services are alive in a certain network block or IP range. For this purpose, there are several comprehensive, easy to use Win-based scanning tools.

(If you've never used port scanners before, please try to resist the temptation to play hacker - if you port scan the wrong machine, you could wind up feeling like you kicked a beehive when the real hackers come looking for you. Stay inside your known range, and you should be fine.)

Try SuperScan by the folks at Foundstone, Inc. This GUI application also provides a variety of scanning options. It also comes with some advanced features that enable you to control the speed of your scan, a progress meter, set time-out time for pings and hostname resolve. It even comes with a very useful help file.

Fscan – If you're a command line kind of person, also check out Foundstone’s Fscan, a command line scanner that scans both UDP and TCP.

Available at http://www.foundstone.com/rdlabs/tools.php

Enumeration - takes footprinting a step further; Enumeration is typically used to obtain information on valid account names, network resource, shares and applications. Although much of the information obtained through enumeration may appear harmless once any of these are found it is not too difficult to crack the password or find a vulnerability associated with operating system shares or production applications.

Winfingerprint is a Win32 based security tool that is able to determine OS, enumerate users, groups, shares, transports, services, event log, service pack and hotfix level, and date and time. Winfingerprint takes advantage of Windows null sessions; default unauthenticated session to a Windows NT box. If the network administrator has not disabled this default setting a hacker could obtain vital information on both users and shares.

Available at http://winfingerprint.sourceforge.net/

Password Analysis - Unauthorized access is typically obtained in two ways, with a valid username and password or by escalating existing user privileges. Although it's a long-established hacker technique, guessing fixed passwords is still a concern for every SysAdmin.

LC3 is @Stake's latest version of the very popular password auditing and recovery tool L0phtcrack. LC3 is an excellent Windows NT and Windows 2000 tool that provides excellent statistics for reporting such as the time frame it took to crack each account. It also offers several ways to obtain encrypted passwords. Again, please restrain yourself, and only run this against machines in your own domain.

Available at http://stake.com/research/lc3/index.html

Security Updates and Hotfixes - CNET has a very useful online utility called "CatchUp", which requires you to download and install a small app (cnetcup13.exe, 772K), and thereafter you can scan any mapped drive for missing Security Fixes on many, many applications and OS's. CAUTION - read up on each of the upgrades and hotfixes it recommends, before you download and install, as the service does not guarantee that the cure will not be worse than the disease.

Available at http://catchup.cnet.com

For Unix Users - you only have to use one tool to do all of the above, and even more - Nessus. With Nessus, security checks are done entirely through external plug-ins. As of August 6, 2000, there’s an impressive library of 479 plug-ins which fall into 17 families. In addition to this wide variety of existing plug-ins, Nessus comes with its own scripting language that allows one to write additional security tests called Nessus Attack Scripting Language (NASL).

Clearly Nessus is a very capable security scanner that scans for a large variety of security holes. Nessus also exhibits a number of attractive features including flexibility, extensibility (via NASL), timely availability of new security tests, testing efficiency (resulting from information sharing via the knowledge base), encrypted communications, and open source policy.

Available at http://www.nessus.org/download.html

Internet Scanning - The last option to consider is commercial scanning from the outside of your network. This won't provide as much information (you hope!) as internal scans, but if you are primarily concerned about outside threats, they might be all you need, and certainly are priced very affordably. We like Beyond Security's "Automated Scanning" service.

Available at http://www.automatedscanning.com/

Send us an email.

Request More Information