Jump to content

Sniffing out security problems in Windows networks


Farelf
 Share

Recommended Posts

Considering that panicked network administrators occasionally come here with their "help me - something's compromised on my network, we're on the SCbl, our AV & malware detection can't find the source, what do we do?" I wonder if this webcast is of any help? http://searchwindowssecurity.techtarget.co...1275289,00.html

Sorta soothing to my mind, which is the start of the process (skill set doesn't need to be high, novice users get to discover stuff immediately, the man says). I know it's not *quite* that simple but as a start? Lots of linked resources too. Heh, and since most/many of those discussions include the advice "hire someone who knows what they're doing," that aspect is unobtrusively represented as well. When I accessed this on Firefox I had to click somewhere to enable the (necessary) visual part of the presentation - paranoid browser settings.

Link to comment
Share on other sites

The broadcast was fairly good and touched on a couple applications he mentioned that can be used to monitor network traffic. I haven't used the ones he's mentioned (except Cain and Abel, available at www.oxid.it, which he didn't mention). There is a freeware packet sniffer called WireShark that has the same features of the ones he referred to, although it is more complex and takes some time to setup and learn. However, a novice admin can have some trouble figuring out the different protocols and what should and shouldn't be going on on a network for that matter. I also wanted to mention insecure.org's Top 100 security tools, most of which are freeware. insecure is the group that makes the nmap port scanning tool which works very well for network vulnerability testing as well, although it uses a command line interface. Some of the software they have listed are intrusion detection systems, network vulnerability testers, and things along those lines. This whole category might make for a good section to add to the wiki for admins who don't know how to determine what's wrong with their network if they're ending up on blacklists and what-not, but it all depends on the skill and education level of that admin to know where to start with the subject matter.

Another set of security tools I thought I would bring up (some of which contain the tools listed in the top 100 above) are some very simple firewall systems that can be loaded on low end PCs and used to protect a network, at varying degrees of success depending upon the size of it. Basically, these are prepackaged firewalls loaded into *nix OS builds that can be dropped into a machine and configured to filter out certain protocols, scan for viruses, encrypt traffic, etc.

More info about these can be found on other sites around the net.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...