Tuesday, May 21, 2013

Network perimeter security: How to audit remote access services

There are a few ways to audit your domain for Internet-facing remote access services. If you’re looking to audit your network perimeter with free tools, then something like Nmap would be the way to go. Do your research before firing away at your perimeter with a port scanner, though; you don’t want to inadvertently create a denial of service by pummeling the network with port scans (obviously make sure you have permission from your superiors as well). Also, when using Nmap, make sure you fingerprint the open ports you find on the network to determine what’s running behind them. Using the Nmap –sV command on a port will often times show you the application listening on the port. This comes in handy when someone is running software on a non-standard port to exit your firewall.

Another tool that’s recommended when looking to audit remote access services is Nessus. There are multiple plug-ins available that can scan your port and determine if you are running particular remote access services. However, unlike Nmap, Nessus will let you know if a particular vulnerability will allow remote access into your organization unintentionally. This tool looks for vulnerabilities, whereas Nmap gives you hard facts as to what’s listening in your environment. There are many other tools that could be used, but these two are common and come at no charge.

Another way to prevent rogue services from listening on your network is by locking down what’s allowed to leave your organization. Many people still don’t perform egress filtering on their firewalls; this is a common way to prevent botnets, misconfigurations and malicious insiders from allowing remote connections into your network. Also, filtering traffic leaving the network with an IPS or next-gen firewall (NGFW) will enable you to inspect the allowed firewall traffic for malicious use. Many times, attackers take advantage of normally open ports, such as port 80, port 443, etc., to transmit data out of your network without you noticing.

Read the rest of the article here:

No comments:

Post a Comment