Main »

Security Tools

• Profiling a web server OS - NetCraft Web Server Query - reports a site's operating system, web server, and netblock owner and a graphical view of the time since last reboot for each of the computers serving the site. When first visited, no uptime data is available, but is captured over subsequent days. My initial sites of interest are as follows (check back on Friday 3/10):
  • http://uptime.netcraft.com/up/graph?site=devriesonline.net
  • http://uptime.netcraft.com/up/graph?site=sedonaweb.com
  • http://uptime.netcraft.com/up/graph?site=sedona.bz
  • http://uptime.netcraft.com/up/graph?site=flctn.com
  • http://uptime.netcraft.com/up/graph?site=flctn.org
  • http://uptime.netcraft.com/up/graph?site=faithlutheranonline.org
• Other web server profiling tools include netcat and nmap.
• Info harvesting with search engines, such the following Google searches
  • site:www.example.com intitle:admin intitle:login --> searching for administrative content
  • site:www.example.com intitle:”Index of etc” --> objective is to find directory listings
  • site:www.example.org filetype:xls --> searching for common file types
  • Note that in each of the examples, additional terms can be added to narrow the search results
• Establish a server baseline scan of ports that are open. This is the expected list to file away for comparison when you have a question about your server. Baseline data will make future results easier to read for differences.
• Information sources for Information Security
  • SecuriTeam
  • CERT
  • Security Focus
• SANS is an excellent source of security materials. some of the white papers on the site can provide a general blueprint for thinking about security in general or focused on a specific application. For example, Guide to Discovering Web Application Insecurities, Before Attackers Do from March 2005 is listed on this page from SANS InfoSec Reading Room - Web Servers

Passwords

I'm not sure that this category is appropriately tagged "security", possibly anti-security! But it is important to understand that use of appropriate passwords is an element of security. CIRT Default Password listings by Vendor

Web security services

• White Hat Security - WhiteHat Sentinel offers Continuous Vulnerability Assessment And Management for Web Applications.
• Web Application Security Consortium - an international organization that establishes best practices for web application security. (updates may have stopped Summer 2006)
• Configuring ColdFusion MX 7 Server Security Nov 2005, recommendations and best practices for securing servers on the web running Microsoft Windows Server 2003 and Macromedia ColdFusion MX 7.
• Windows Server 2003 Security Guide
• Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP
• Cold Fusion Security

Publications

• Information Security
• Info Security Bibliography a work in progress!!

Tags: Info Security

_3-6-2007

Back to Blog Notes-March 2007

For a long time it had seemed to me that life was about to begin - real life. But there was always some obstacle in the way. Something to be got through first, some unfinished business, time still to be served, a debt to be paid. Then life would begin. At last it dawned on me that these obstacles were my life. Fr. Alfred D'Souza << | Trail Index | >> HomeLinks

  Notes
  Investments
  Research
  Teaching 
  ReadingList
  ClassicQuotes
  Computer Applications

 PmWikiUserInfo
 Skin Admin  
 Basic Editing
 Documentation Index
 pmwiki.org

Shelfari: Book reviews on your book blog