To better prepare for the inevitable attacks on my systems, I keep several tools on hand that analyze Windows 2000 and later systems; some support legacy platforms as well. Start with a Microsoft Baseline Security Analyzer (MBSA) report so that you can review the security status of the OS and common Microsoft applications and install all security updates appropriate for the system; not every system needs every security hotfix Microsoft publishes. Next, use Nmapwin to evaluate your system's exposure. When Nmapwin locates open ports that you think should be closed, run Active Ports on the target machine to identify which process or component is listening on that port.
MBSA. Run this utility locally or remotely to report on the security patch status of Windows, Microsoft Exchange Server, Microsoft SQL Server, Microsoft Internet Explorer (IE), and Windows Media Player (WMP). MBSA provides hotlinks to Microsoft security fixes and recommends security-related adjustments for these products. You can find the latest version of MBSA at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/tools/mbsahome.asp.
Nmapwin. After you install all required security hotfixes, probe the Internet connection to evaluate your firewall's exposure. Next, probe the server's local area connection to see how well the internal network is protected. Nmapwin uses a variety of stealth techniques to report on open ports. You might be surprised when the utility reports open ports that you thought were closed. You can download this tool at http://www.insecure.org/tools.html.
Active Ports. When Nmapwin discovers an open port you think should be closed, run Active Ports on the system. The port monitor tracks ports as they open and close in real time and, in most cases, identifies the process that's listening on each port. You can download this tool at http://www.ntutility.com/freeware.html.
Netcat. This powerful stealth tool tests the security between and among systems using the port of your choice. You can download Netcat at http://netcat.sourceforge.net.
Register
charliep November 15, 2003