+ AllTopix Home
+ About Us
+ Register Today
+ New Posts
+ Search Forums
+ Today's Posts
+ Funny Pictures
+ Funny Videos
+ Member Gallery
+ YouTube Videos
+ Mark Forums Read
+ Contact AllTopix



+ Crowdgather
Go Back   AllTopix > General Talk > Technology & Internet Zone
Reload this Page How to Identify Server Vulnerabilities and Services when Conducting Security Assessme


Reply
 
LinkBack Thread Tools
Old 02-27-2009, 04:38 PM   #1
Greenhorn
 
Join Date: Feb 2009
Posts: 1
sarwar is on a distinguished road
Default How to Identify Server Vulnerabilities and Services when Conducting Security Assessme
permalink

One of the methods that hackers are able to hack into a computer / server is by exploiting the vulnerabilities of the operating systems or via active services in the server. Don't be surprised there may be other active Windows services running in Web Design Services PC or Server that you do not require. You do not conquer hacking but with these services and Operating Systems patches up to date, it is harder for hackers to penetrate into your systems.

I have conducted Security Assessment for a number of companies' servers and have observed services such as FTP, IIS, SMTP, SQL running in their servers that the administrators are not aware of.

The rule of thumb is ensure your server or PC is patched up to date and unnecessary services disabled. If there is budget to spare, invest in a reputable IPS (Intrusion Prevention Systems) to complement the firewall. An intruder with some basic attacking skills can break into a server (even remote control the server) by exploiting the vulnerabilities if they are not patched properly. Once the intruder has command line access to the server, he/she can then escalate to super user status (there are a number of ways to do that). This is where real damage can be done.

Further, he/she can then use this server as a platform to attack other servers. I have conducted penetration test in a test environment and it is not that difficult to break into a Window server. So it is best that these threats are not taken lightly and secure them by applying the latest patches and disable services that are not required.

How to Check for Vulnerabilities:
a) One of the tools to check for vulnerabilities and services is by running Nessus Vulnerability Scanner.
b) Once you have download and install Nessus, please ensure you get the latest vulnerabilities update so that it can detect the recent threats. This is a great tool as it is fast and simple to use.
c) Simply type in the IP Address for the server to be scanned and start the scanning.
d) Nessus will then produce a Web-Based report of the discovered vulnerabilities.
sarwar is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Reply

« How to adjust the skin transparency level | Hi.. any help!!!! »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
AP: Case against Chiranjeevi for conducting road shows WorldNews Collected News 0 02-14-2009 03:14 PM
'We can completely identify with Obama' WorldNews Collected News 0 09-16-2008 12:58 AM
Prosecutor: Tapes Show Pellicano Was Conducting Wiretaps AllTopix Film, TV & Movie News & Reviews 0 08-27-2008 03:36 AM
Report: Pentagon Misled Congress on NORAD Vulnerabilities WorldNews Collected News 0 06-17-2008 09:47 AM



All times are GMT +1. The time now is 08:10 AM.


Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0

© 2006 - 2009 Alltopix Forums | About Alltopix Forums | Advertising Opportunities | Legal | A member of the Crowdgather Forum Community


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24