General discussion
-
CreatorTopic
-
August 13, 2004 at 10:35 am #2289221
exposing ones dns on the internet
Lockedby sgt_shultz · about 19 years, 8 months ago
would anyone possibly enlighten me as it has been too long since i browsed ‘hacking revealed’…
would you talk to me about the kinds of things a security auditing tool would look for, if i had one, (hint hint) to probe my public servers. basic kitchen sink stuff most of interest but all ears to everything. i think you don’t need to be specific if you just help me get the idea. i would like more of a clue about exposing dns on the internet too if possible. have a great weekend and thanks in advance.Topic is locked -
CreatorTopic
All Comments
-
AuthorReplies
-
-
August 13, 2004 at 11:10 am #2702675
Reply To: exposing ones dns on the internet
by willcomp · about 19 years, 8 months ago
In reply to exposing ones dns on the internet
Sarge, you are probably looking for a more sophisticated tool, but Steve Gibson’s Shields Up does a pretty good job of exposing individual PC vulnerabilities. http://www.grc.com, or google shields up.
Happy hacking
Dalton
-
August 14, 2004 at 11:17 am #2705283
Reply To: exposing ones dns on the internet
by willcomp · about 19 years, 8 months ago
In reply to Reply To: exposing ones dns on the internet
Zaf,
Thanks for your very good response. I learned something from it.
Dalton
-
-
August 13, 2004 at 12:02 pm #2702662
Reply To: exposing ones dns on the internet
by sgt_shultz · about 19 years, 8 months ago
In reply to exposing ones dns on the internet
many thanks. what kinds of things does it look for?
-
August 13, 2004 at 3:13 pm #2705378
Reply To: exposing ones dns on the internet
by zaferus · about 19 years, 8 months ago
In reply to exposing ones dns on the internet
Hey Sgt,
DNS exposure occurs if your DNS server can be contacted from the Internet side. With a proper DMZ zone for public servers this should be avoidable as long as your DMZ servers are not domain controllers.
If they are you can lower the risk by setting your DNS replication to not allow any requests. The first thing a serious hacker wants to do is information gather, and that’s your phone book.
But to avoid any successful requests its best to not have any DC’s in the DMZ.Sheilds up is good for a simple port scan, but it doesn’t get into port vulnerabilities. I wish it were so simple as running an Internet site test on your network and call it a day.
First of all assess your vulnerabilities by port:
If you run 1-1 NAT where all port requests on to your DMZ get passed through you are going to have a tough time of it. Exception based security is much better (con’t next msg)-
August 13, 2004 at 3:17 pm #2705375
Reply To: exposing ones dns on the internet
by zaferus · about 19 years, 8 months ago
In reply to Reply To: exposing ones dns on the internet
With exception based security you only open access to the ports that are used. This is by FAR your best first step to securing a DMZ. If you only are serving port 21, 80 and 443 for instance, only requests on those ports will go through to the set DMZ server. This keeps a hacker from doing a port 389 (LDAP) based attack for instance.
Change your MAC address on your firewall if you can as well. The first part of your default MAC address is the manufacturer of your NIC – which is normally the manufacturer of your firewall. This now tells the hacker what type of protection you are using and makes an attack strategy easier. Set it to something not in use and reveal nothing to the enemy. (con’t next msg)
-
August 13, 2004 at 3:28 pm #2705374
Reply To: exposing ones dns on the internet
by zaferus · about 19 years, 8 months ago
In reply to Reply To: exposing ones dns on the internet
Now is where I actually answer your question!
With this basic security in place now you are most vulnerable to attacks on the specific ports that are still exposed but are used to serve legitimate public side information.
New vulnerabilities surface all the time, so there is no way to ensure air tight security here – that’s just reality.
Keeping your patches up to date on both the server OS and the application serving the data (which is too often overlooked!) is a key first step. Shutting down unused services is also very important and often overlooked. This process is a basic server “hardening”. Microsoft has an internal security scanning utility you can use to check your servers for known vulnerabilities.
The best scanning tool suite I’ve seen is by Eeye digital solutions. They have the entire gambit of products to handle security scans and IDS from all sides. But it is also incredibly expensive.
SonicWALL used to have it if you made an account even without a registered product you got a free scan using their scanning utility. It’s pretty good and gives you a very nice report afterwards. Even if you have to pay for it – it’s a good tool.
Commercially there is about 1001 companies that are more than happy to run scans on your WAN IP range – but lots of them don’t do much for the big bucks they can charge. If you have the time and Linux background Snort is the best scanning and intrusion detection system there is. It’s free and has just tons of add ons that other people have developed. Just remember that lots of the add-ons are privately developed and there is always a risk they also have a darker motivation to get you to run them…
-
August 13, 2004 at 3:38 pm #2705373
Reply To: exposing ones dns on the internet
by zaferus · about 19 years, 8 months ago
In reply to Reply To: exposing ones dns on the internet
*whew* I could literally talk all day about this, but I am a security specialist! In a way because there is no “silver bullet” is why I am employed in this position. But if you follow the above steps and run an independant scan or two you will be better off than 99% of the public servers out there (trust me on this one!). At least this makes you unattractive to most hackers who are looking for easy prey (the low hanging fruit thing).
Antivirus on your server probably goes without saying…
And of course a good firewall is worth it’s weight in gold, especially if it does deep packet inspection – but it should at least do stateful packet inspection.
http://www.microsoft.com/technet/security/tools/default.mspx
Link for Microsoft security tools
Also http://www.mysonicwall.com will make you an account (not sure if the one scan is still free).
http://www.snort.org/
Snort is the best tool out there that I know of. It’s used by both security and hackers ; )http://www.packetstormsecurity.org/
Packetstorm is a great place where security minds gather. It has good white papers and discussions. Always a good bookmark to have.Zaf
-
August 13, 2004 at 3:42 pm #2705372
Reply To: exposing ones dns on the internet
by zaferus · about 19 years, 8 months ago
In reply to Reply To: exposing ones dns on the internet
Reading this over I see that I say that Snort and Eeye are both the best tools I know of; let me clarify this!
I would recommend Eeye if you can afford it, but Snort is next in line and is certainly affordable as it is free!
Zaf
-
August 16, 2004 at 3:38 pm #2704497
Reply To: exposing ones dns on the internet
by zaferus · about 19 years, 8 months ago
In reply to Reply To: exposing ones dns on the internet
Thanks for the positive feedback. If anyone has some questions just post a comment I’ll see if I can help.
Zaf
-
August 24, 2004 at 12:45 pm #2711925
Reply To: exposing ones dns on the internet
by sgt_shultz · about 19 years, 8 months ago
In reply to Reply To: exposing ones dns on the internet
i was looking for more. see hacking revealed.
-
-
August 14, 2004 at 4:24 pm #2705257
Reply To: exposing ones dns on the internet
by sgt_shultz · about 19 years, 8 months ago
In reply to exposing ones dns on the internet
willcomp, thanks for the reply. i will get you next time around.
-
August 14, 2004 at 4:30 pm #2705256
Reply To: exposing ones dns on the internet
by sgt_shultz · about 19 years, 8 months ago
In reply to exposing ones dns on the internet
so grateful, Zaf. am all ears for anything else you care to add. taking home your reply for bedtime reading. yum. you have no idea how much this is helping me…
-
August 14, 2004 at 4:31 pm #2705255
Reply To: exposing ones dns on the internet
by sgt_shultz · about 19 years, 8 months ago
In reply to exposing ones dns on the internet
Point value changed by question poster.
-
August 24, 2004 at 12:45 pm #2711924
Reply To: exposing ones dns on the internet
by sgt_shultz · about 19 years, 8 months ago
In reply to exposing ones dns on the internet
This question was closed by the author
-
-
AuthorReplies