As I go through my mailbox and sort through the 1,000 different security products that I'm seemingly pitched on every week, I couldn't help but smile as I reflected on the fact that some my favorite, and most useful tools, are free. Call me crazy, but I'm in the habit of routinely hacking myself. If you're in the security space, you should get into the habit of doing it to. Probing your critical servers for security holes helps you get out in front of potential security threats before the bad guys can exploit them.
We're not all lucky enough to have IT budgets that provide for expensive IDS/IPS/NBA systems. But don't fret, there are some troubleshooting tools out there that can help you, for free, and I'll make a habit of sharing those with you in my blog as I discover them.
One such tool I use all the time is called nMap. I frequently use nMap in my Windows environment to gather information on what TCP ports are listening for connections on a given PC or server. I recently remotely scanned my own laptop from a server to check the health of my system. I was perplexed to see that nMap told me that port 25 was listening on my laptop. I then did a quick telnet to port 25 of my laptop and was greeted with:
220 tc4400.asdf.com Microsoft ESMTP MAIL Service, Version: 6.0.2600.33 11 ready at Sat, 12 Apr 2008 17:19:00 -0400
If I were to see this prompt on my exchange server, I would be happy, but to see it on my own laptop made me cringe. A couple cups of coffee later, I realized that I enabled the SMTP Server on my local IIS install, and had the server open for anonymous SMTP relay. That's a filet mignon for worms looking for PC's to zombie and turn into SPAM bot's.Randy George has covered a wide range of network infrastructure and information security topics in his 4 years as a regular InformationWeek and Network Computing contributor. He has 13 years of experience in enterprise IT, and has spent the last 8 years working as a ... View Full Bio