Finding Security Holes

Have you checked your server for open security holes and other hacking techniques?

Security is very important for all web sites. You don’t want to allow unauthorized access to your company data and presentation or customer files. Your web server and e-commerce system must be secured against hackers and industry espionage. Imagine that you’ve spent a lot of money on creating and promoting your e-commerce presence and then your competitor hacks into your server to alter the home page or to redirect your visitors to their own web site.

Outside companies offer security audits but these are time consuming and expensive. The open source community offers many tools which let you achieve the same results. One of the most well known tools was SATAN (System Administrator Tool for Analyzing Networks). It’s a network security analyzer which scans systems connected to the network noting the existence of well known, often exploited vulnerabilities. For each type of the problem found, SATAN offers a tutorial that explains the problem and what can be done. It started the development of many more tools.

The Computer Incident Advisory Capability (CIAC) Organization of the U.S. Department of Energy provides regular security bulletins about new exploits on all platforms and systems. It’s advisable to subscribe to their bulletins if you are responsible for the security of your network and servers. Several networking tools are also reviewed.

CERT the home of the well-known CERT(R) Coordination Center is located at Carnegie Mellon University. They analyse internet security vulnerabilities and publish information to improve security on the Internet and networked systems.

The SANS Institute provides timely news and trends about Internet security. The The Internet Storm Center provides you with a list of the most recent threads on the Net.

Nessus is a program which tests thousands of security holes in web servers. It can test web servers on all platforms. It’s highly acclaimed and recommended to secure your web server. Please make sure to check with your hosting provider to see if you can run the scanner against your own site. Some hosting providers will recognize this as an attack and block all further access from your computer to your site or the whole network.

Leave a Reply