How test a Security system/setup

Hi Gurus:

Just a question. Now that I have put my hopefull improved security system into effect, I want to have it tested safely of course.

When I had McAfee and Hackerwatch I seem to recall having a site/service that would probe your site and give a report on which ports were open, etc etc.

Can anyone point me in a direction that they know is safe and useful.

I was always a developer that did testing for any new system.

Help please.

Escalader

 

Besides a basic port probe from Shields Up and several of the firewall "leaktests", there are sites that offer more comprehensive testing. I have my system audited a couple times a year at Security Space. They have a no risk audit available. Registration required. They also have a multitude of single tests, including many that target weaknesses in specific firewall brands.
Rick

 

Rick:

Thanks, I tried your ShieldsUp scan.

Since my PC is hiding behind a router, and a H/W firewall, plus the software firewall it found everything stealthed and I ended up with all "perfect scores".

The web page seems to imply this is not a true test and I need to remove/disable all these shields so as to do a "real" test.

Sort of like saying remove all an accounting systems controls so we can show how you need them!

This doesn't make sense to me. I must be missing something.

Please advise.

Escalader

 

Hi everybodies

About the Gibson's Shields Up tests: this test check only how your FW manage TCP packets + Flag SYN on different ports and nothing more...

There are the tests sites mentionned by herbalist
and:

These tests looks more complete than GRC Shields Up:
http://www.pcflank.com/

These ones for the web browser:
http://gemal.dk/browserspy/
http://bcheck.scanit.be/bcheck/
etc.

Finally this site dedicated to Leak Test:
http://www.firewallleaktester.com/

 

Does removing the front end H/W firewall and router make sense to anybody?
If so why?

I will check out you other testing services. How do these guys make money if it is free? I'm suspicious of "free", there is always a price even if it is not clear!

Here is another one for your consideration and comment.


http://scan.sygate.com/

Escalader

 

Hi Escalader

Yes.
To check if the software firewall (as a second layer) really protect your system...

Steve Gibson of Gibson Research Corp. make money buy selling is recovery software "SpinRite 6".

PCFlank seems to be sponsored by Outpost Firewall...

One remark: You're suspicious with "free" services and help.

Let me tell you there's a lot of poeple giving their times and skills for free on the web. Wilderssecurity Forums is a good example. Nobodies are paid for this... (On the other hand many guy makes a lot of money with internet:
may be we're [poor] crackpots... )

Not bad...

 

Visted Quebec many times! Great place, good people, language not an issue for me anyway. So much for what we hear in our media!

Thanks for your explaining on the front end removal of H/W firewalls! Now I get it!

This would mean that I have to be dead sure the probe firm/sofware is
SAFE!

I'm not suspicious of Wilders type guys like you and I, just the firms that provide freebies.... but your points are good...

which web browser tester is best or would you pick if you could just have 1?

Your pesky friend

Escalader

 

A company like Security Space gets the majority of their business from big customers. Besides PCs, they audit entire networks. Individuals are a very small percentage of their business and a source of word of mouth advertizing.
Before they offered a premium home version, AntiVir supported the free version with the commercial version. Same reasoning.
While it's true that a lot of free stuff on the net has ad support or some more devious reason behind it, there's just as much high priced scamware out there, as well as overpriced commercial software. There's also a lot of high quality code available for little or nothing. With software, product research is everything, and places like this one are good places to start. If you think about it, answering forum posts and writing code aren't that different. The cost for both is time. Although the internet is crawling with scammers, spammers, crackers, etc, there's also a lot of generous people who give of their time to help others, just because it's needed. Makes no difference whether they're writing code for a security app, a tool for removing a tough pest, or helping someone configure a security package. It's all giving of your time for the common good. The individuals who answer posts at forums get a lot of recognition because their efforts are visible, but our work would be much harder if not impossible if there weren't some very talented and giving people behind the scenes, making and maintaining the tools we need. Here's an example.
Regarding the browser, the 2 most popular alternates are FireFox and Opera. Both are more secure than IE6 as installed. I like the Mozilla suite, now called (gag) Sea Monkey. Which is more secure depends on many things, with configuration topping the list. IE6 can benefit the most from tightening the configuration. As installed, it's pretty bad but can be greatly improved. I like Mozilla and Firefox for the tabbed browsing feature. If I understand correctly, IE7 will have tabbed browsing. Took years and a lot of lost customers, but M$ finally got the message. Too late IMO.
Rick

 

Hi Escalader

I guess Gemal test is the most comprehesive. You may use it to ajust your browser parameters to keep things safe when surfing...

The best is to avoid Internet Explorer and use Opera or Firefox (which is slower but a bit more flexible IMHO...).

You may also add these extensions related to privacy and security (in Ff):

- CustomizeGoogle 0.51 - {fce36c1e-58d8-498a-b2a5-66ad1cedebbb}: http://www.customizegoogle.com/
See this:
EFF's Six Tips to Protect Your Online Search Privacy
http://www.eff.org/news/archives/2006_09.php#004900

This one is a MUST! Control Javascript for each site.
- NoScript 1.1.4.3 - {73a6fe31-595d-460b-a920-fcc0f8843232}: http://noscript.net

Removes "Middle-man" redirection when you click on a link:
- Redirect Remover 1.1 - {fe0258ab-4f74-43a1-8781-bcdf340f9ee9}: http://xeen.reversestudios.com/?page=rdr

Control the referer (allow by site, disable or send a fake...)
- RefControl 0.8.7 - {455D905A-D37C-4643-A9E2-F6FEFAA0424A}: http://www.stardrifter.org/refcontrol/

Usefull tool:
- ShowIP 0.8.03 - {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}: http://l4x.org/showip

You may also use these ones:
- Adblock Filterset.G Updater 0.3.0.4 - filtersetg@updater: http://www.pierceive.com/
- Adblock Plus 0.7.1.2 - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}: http://adblockplus.org/
- Add N Edit Cookies 0.2.1.0 - {bb6bc1bb-f824-4702-90cd-35e2fb24f25c}: http://addneditcookies.mozdev.org/


Also. Be informed there: http://secunia.com/

Check the special report for IE, Opera and Firefox: vulnerabilities , patches and so on...

One remark about Secunia: don't signed for their mailing list. There is too many useless informations in their News Letters... Checking the site from time to time is better.

Stay safe but don't become paranoid! ;-)

 

Hello "Everybodies":

Thanks for all the help, advice and information ! Outstanding!

I have enough info to keep me busy for quite a while!

Yes, one must not be paranoid so once my upgraded security system is tested and adjusted based on the test results I will relax a bit and pursue life more normally!

Escalader (crazy Canuck?) well just a bit eccentric maybe....

Have a good weekend everybody and thanks again!

 

Usefull Link on Blocking Ports! and Scanning Services Data verifiy 1st before use!

The following info came from the ZA User Forum, thought it might help others!

http://www.chebucto.ns.ca/~rakerman/trojan-port-table.html

Scanning Services

* Shields Up! from Gibson Research Corporation
* Symantec Security Check nice scanner that checks for Mac or PC specific ports and trojans. You can also just Scan for Viruses.
* Sygate Security Scan scans for known vulnerable ports
* dslreports.com: Secure-Me (now also called broadbandreports.com)
* AuditMyPC.com has scans and information. Scan worked fine using Mac IE.
* PC Flank: Test Your System has a variety of different scans
* Panda ActiveScan free online virus scan for Windows. PC PitStop AntiVirus Center also uses Panda.
* TrendMicro HouseCall Free online virus scan for Windows.
* BitDefender Scan OnLine free antivirus scan for Windows. Also used by Help Net Security (net-security.org)
* GFI EventLogScan.com security event log scanner for Windows NT, 2000, XP
* GFI Email Security Testing Zone mostly for testing Microsoft Windows Outlook and Outlook Express email vulnerabilities
* McAfee.com - Free Services includes SecurityCenter, Free Virus News, World Virus Map and Internet Connection Speedometer. You can also use FreeScan to scan for viruses. Or if you want to just upload a specific file to check it, you can use WebImmune.
* Kaspersky offers Free online [single] virus scan You upload the file, you don't have to have an account (unlike WebImmune).
* Computer Cops Offers a variety of scans. Also has useful security news.
* HackerWhacker Comprehensive scan. Also has many useful links.
* ExtremeTech Syscheck categorized and rated links to different online scanning services for Windows computers
* advICE:Support:KB: How can I scan myself from across the Internet?
* Inprotect.com Nessus and Nmap scanning
* Windows Live Safety Center (beta) check for viruses and other issues
* CNET CatchUp offers free scanning of your Windows computer to detect needed security updates and identify spyware (discontinued)

 

herbalist, which pricingpackage should one take for a full desktop check? The reason I ask is that english ain´t my native language, and I feel that the sites info is a little bit confusing to understand.

Regards, C.

 

id say the best plan for the average computer is the "Desktop Audit" at $19.95 USD/yr.

it doesnt scan all your ports or check for all vulnerabilities, but thats not necessary anyhow.

 

Excuse me for butting in:

I saw this thread and it almost parallels a thread here that might be of interest to you guys who posted here.

LOL
I have even virtually duplicated the list of those scan sites mentioned here in that other thread.
https://www.wilderssecurity.com/showthread.php?t=146098

The thread discusses how fdisr snapshotscan be used as a type of sandbox/freeze/rollback device.

Regards.

 

I use the free audit, which they call the No risk audit. The difference between the "no risk" audit and their standard audit is in the report. The no risk tells you how many "meduim" and "high" risk vulnerabilities it finds, while the standard or "paid" audit names each vulnerability specifically. There's no difference in the audits themselves. You can open an account at Security Space without having to buy a package. I've had one there since 2003, when I ran my first "No Risk" audit. Instead of signing up for a pricing package, run the no risk audit first and see if it finds any medium or high risk vulnerabilities in your system. If it does, then you can either choose a package or run single tests until you identify them. The single tests are also free. If the no risk audit doesn't find any serious vulnerabilities in your system, save your money.
Rick

 

Hi Herb et al:

I clicked on the No Risk Aduit link and my system said there is problem with their certificate. "it is from a company you have chosen not to trust"

Why would that happen?

 

Is this the message you get? If it is, you can either choose "proceed" or use the "view certificate", then install the certificate from there. The purpose of the certificate is to show that the site is who it claims to be. You can get details about the certification by clicking on the padlock symbol on the lower right of the browser window status bar. The alert will be a bit different for Mozilla or Firefox, but it's the same idea. If you use a filtering app like Proxomitron, you'll see the alert because the browser expects one from the site, but gets the one from Proxomitron instead, which isn't a problem as Proxomitron also checks the certificates.
Rick

 

Herb:

Thanks, I went ahead and used FF to register for No Risk Audit.

Finally succeeded that way.

With IE6 the certificate business I did check and it indicated the certificate was not from proper registration authority or some such words. Not exactly the kind of thing one would expect from a security service is it. Try that yourself with IE if you have it.

I initiated an audit, but it went so slow I exited. Is there any point to this if I do it with my H/W and S/W firewalls in place? Must seem like a dumb ? but with shields up test they said remove them to do a proper test?

I'm confused I guess. Why lower guards to test secuity?

 

for shields up (or any port test), they say to disable your hardware firewall because it intercepts the internet traffic. thus your router (hardware firewall) would be tested instead of your computer (personal firewall).

edit: wow those tests are slow. firefox or IEtab no difference.

 

They are slow tests. Many of their audits are commercial networks or other big customers. When you ask for a particular test, you're put on a cue list, so much of the time is spent waiting your turn. I've had quicker results when I run the tests in the early morning hours, around 2-3AM. Even then, they're still slow. Most of the time, a full audit takes about 2 hours for my system. From the FAQ on their site:
How long does it take to run an audit?
This depends on the type of audit you launched, the network between us and you, and how your system is configured. For unprotected (no firewalls or packet filtering), the times are roughly

* Basic Audit: 30 seconds
* Single Vulnerability Test: 5-60 seconds
* Desktop Audit: 10 minutes
* Standard Audit: 20 minutes
* Advanced Audit: 90 minutes

For systems that are shielded by packet filtering of one form or another, the times are closer to

* Basic Audit: 10 minutes
* Single Vulnerability Test: 60 seconds
* Desktop Audit: 30 minutes
* Standard Audit: 1.5 hours
* Advanced Audit: 2.5 hours (on rare occasions, up to 8 hours).
It's your choice if you want to shut down your firewall for the audit. You could shut down the firewall for the audit itself, then run a separate port scan (basic test, which is free) with the firewall on. Beyond that, you can go to the single tests and pick ones from the separate categories that apply to your firewall. While there is a specific section of just firewall tests, there's a lot of overlap in the categories, so you're likely to find single tests in other categories that would have their results affected by the presence of a firewall. The biggest issue with the single tests is that the categories cover many operating systems, requiring you top search thru a lot of tests that don't apply to you. They're worth looking thru though. They have tests for specific browsers and firewalls, even a few for Proxomitron.
Rick

 

Herb:

Thanks for all your patience in dealing with my questions, maybe you will be rewarded in the great network in the sky someday!

When I see the word firewalls I have 3, the 4 port router, an actual AlphaShield H/W firewall that protects both my computers that share the ISP service, so it is between the modem and the 4 port router, and last but not least the software firewall, which in my case happens to be ZA Pro.

So what I am asking if not completly unreasonable what would the order of battle be for me that you would advise? It is easy for me to remove the alphashield, and disable ZA Pro temporarily, not so easy to reset the router so one of the ports is "unprotected" although linksys gave me a scary procedure to do just that!

Another thought would be when the second PC isn't being used, plug the modem staight into my PC for the 2 hour audit in the dead of night?

I'm kind of leaning that way.

All comments welcome!!

 

yes that would work well.

 

There's always PC Security Test by AxBx
http://www.pc-st.com/us/

AxBx also makes viruskeeper so I was a little hesitant to try their security test...but it seems to be accurate as I had a perfect score in the hacking, spyware, and virus tests.

 

Toby:

I ran a test a while back using shields up gibson I think, got a perfect score as well. I didn't believe my systems deserved 100%.

Turns out if you are hiding behind a router or h/w firewall like I was you always get 100%.

Don't know if any of this applies to you but if it does, be carefull not to be too confident.

IMHO of course

 

I should have mentioned that the program is mainly focused on testing your AV, AS, and HIPS software. It tries to add certain components to your system's registry, startup processes, memory, etc) to determine if your software can prevent them from making changes to your system. It also tries to execute the harmless eicar test file. The "hacker" section of the test just performs basic port scanning.