Sniffing out security problems in Windows networks

[Farelf]

Considering that panicked network administrators occasionally come here with their "help me - something's compromised on my network, we're on the SCbl, our AV & malware detection can't find the source, what do we do?" I wonder if this webcast is of any help? http://searchwindowssecurity.techtarget.co...1275289,00.html

Sorta soothing to my mind, which is the start of the process (skill set doesn't need to be high, novice users get to discover stuff immediately, the man says). I know it's not *quite* that simple but as a start? Lots of linked resources too. Heh, and since most/many of those discussions include the advice "hire someone who knows what they're doing," that aspect is unobtrusively represented as well. When I accessed this on Firefox I had to click somewhere to enable the (necessary) visual part of the presentation - paranoid browser settings.

[jongrose]

The broadcast was fairly good and touched on a couple applications he mentioned that can be used to monitor network traffic. I haven't used the ones he's mentioned (except Cain and Abel, available at www.oxid.it, which he didn't mention). There is a freeware packet sniffer called WireShark that has the same features of the ones he referred to, although it is more complex and takes some time to setup and learn. However, a novice admin can have some trouble figuring out the different protocols and what should and shouldn't be going on on a network for that matter. I also wanted to mention insecure.org's Top 100 security tools, most of which are freeware. insecure is the group that makes the nmap port scanning tool which works very well for network vulnerability testing as well, although it uses a command line interface. Some of the software they have listed are intrusion detection systems, network vulnerability testers, and things along those lines. This whole category might make for a good section to add to the wiki for admins who don't know how to determine what's wrong with their network if they're ending up on blacklists and what-not, but it all depends on the skill and education level of that admin to know where to start with the subject matter.

Another set of security tools I thought I would bring up (some of which contain the tools listed in the top 100 above) are some very simple firewall systems that can be loaded on low end PCs and used to protect a network, at varying degrees of success depending upon the size of it. Basically, these are prepackaged firewalls loaded into *nix OS builds that can be dropped into a machine and configured to filter out certain protocols, scan for viruses, encrypt traffic, etc.

• Astaro Security Gateway free for home & non-corporate users
  
• IPCop - Info
  
• Smooth Wall Express - Info
  
• m0n0wall - Info
  
• pfSense - Info
  
• Firestarter
  

More info about these can be found on other sites around the net.