The Daily Blog |


					HOT PICKS • U.S. IT Salary Survey 2008 • Rolling Review: SOA Appliances • XKL Brings New Life To Dark Fiber

IMMERSE YOURSELF:

Storage & Servers

Lead Analyst:

Jordan Wiens

More analysis, strategies and news at our
Data Privacy
Immersion Center

Subcribe to This Blog's
RSS Feed

SPECIAL EVENT BLOGS:

• BrainShare 2008

IMMERSION CENTER BLOGS:

• Network Access Control
• Virtualization
• Application Performance Optimization
• Data Center
• Data Privacy
• 802.11n
• SOA/Web Services

MORE TOPCS:

• Security
• Wireless
• Application Infrastructure
• Collaboration
• Network and Systems Management
• Network Infrastructure
• Storage and Servers
• Enterprise Applications
• Business Strategy
• Personal Technology
• Podcasts
• NWC Inc
• NWC Labs
• Techno-Oddities

MORE GREAT BLOGS

Ars Technica
bMighty
Boing Boing
Geek.com
InformationWeek
IT Toolbox
TechCrunch

ARCHIVES

SYNDICATE

RSS 2.0

April 13, 2008
nMap, A Free And Must-Have Tool For Security Pros, Just Saved Me
By Randy George

As I go through my mailbox and sort through the 1,000 different security products that I'm seemingly pitched on every week, I couldn't help but smile as I reflected on the fact that some my favorite, and most useful tools, are free.

Call me crazy, but I'm in the habit of routinely hacking myself. If you're in the security space, you should get into the habit of doing it to. Probing your critical servers for security holes helps you get out in front of potential security threats before the bad guys can exploit them.

We're not all lucky enough to have IT budgets that provide for expensive IDS/IPS/NBA systems. But don't fret, there are some troubleshooting tools out there that can help you, for free, and I'll make a habit of sharing those with you in my blog as I discover them.

One such tool I use all the time is called nMap. I frequently use nMap in my Windows environment to gather information on what TCP ports are listening for connections on a given PC or server. I recently remotely scanned my own laptop from a server to check the health of my system. I was perplexed to see that nMap told me that port 25 was listening on my laptop. I then did a quick telnet to port 25 of my laptop and was greeted with:

220 tc4400.asdf.com Microsoft ESMTP MAIL Service, Version: 6.0.2600.33
11 ready at Sat, 12 Apr 2008 17:19:00 -0400

If I were to see this prompt on my exchange server, I would be happy, but to see it on my own laptop made me cringe. A couple cups of coffee later, I realized that I enabled the SMTP Server on my local IIS install, and had the server open for anonymous SMTP relay. That's a filet mignon for worms looking for PC's to zombie and turn into SPAM bot's.

The point: If I weren't in the habit of probing and hacking the machines I care about, my mistake would have certainly resulted in me finding out the hard way. And you don't necessarily need sophisticated tools to do it. A freeware tool was more than adequate for pointing out this security issue.

If you know of any great freeware security tools, PLEASE, share them with the community and myself. I know its cliché, but in the security arena more so than any other area of IT, knowledge is power.

-- Posted at 05:35 PM in Data Privacy Immersion Center

SEND TO:	reddit	Yahoo MyWeb
Google	Digg	del.icio.us

This is a public forum. CMP Media and its affiliates are not responsible for and do not control what is posted herein. CMP Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.

Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of CMP Media LLC and may be edited and republished in print or electronic format as outlined in CMP Media's Terms of Service.

Important Note: This comment area is NOT intended for commercial messages or solicitations of business.

Ready to take that job and shove it?
Open | Close

Post Your Resume

Employers Area

News & Features

Blogs & Forums

Career Resources

Browse By:
State | City

SPONSOR

RECENT JOB POSTINGS

Featured Jobs:

ISIS Papyrus America seeking Software Pre-Sales Analyst in Southlake, TX

Agilent Technologies seeking Business Manager in Bangalore, IN

Covidien seeking Principal Validation Test in Boulder, CO

T-Mobile seeking Unified Subscriber Database Engr in Bellevue, WA

20th Century Fox seeking Sr. Production Software Engineer in Los Angeles, CA

For more great jobs, career-related news, features and services, please visit our Career Center.

CAREER NEWS

10 Search Engines You Don't Know About

Go beyond Google and get vertical. These specialized search sites will help you find the business information you need -- fast.

Yahoo Profits Fall 23%, Cuts 1,000 Jobs

Ari Balogh was named to the post of chief technology officer as the companys for a "realignment" of employees.

More articles from our career center


Today's Most Popular Stories • Rolling Review: LANDesk Patch Manager • Rolling Review: Windows 2008 Server PowerShell • XKL Brings New Life To Dark Fiber • StillSecure Steps Up
Today's News Analysis • IT Spending May Not Be So Recession-Proof, After All • Clearwire: Mobile WiMax Before The End Of The Year • SOA Can Deliver On Promise With Right Strategies In Place • VMware: Virtualization Offers A Way To Recover From Disaster
REPORTS Analyize In-Line NAC strategies and products.	ANALYTICS Plan and design your enterprise blade server deployments

InformationWeek U.S. IT Salary Survey 2008

Salaries for business technology professionals are falling. Here's what you need to know in order to make good hiring decisions and personal career choices. Purchase Today: $299

ROLLING RIGHT ALONG

Follow key Network Computing Reviews from conception to completion. This Week: Holistic APM.

Emerging Enterprise Podcast Series: Secrets to Success

Microsite of the Week

Powerful Information at Your Fingertips

About Us | Contact Us | Site Map | Media Kit | Briefing Centers