SearchDomino.com July 11, 2001 Admin Tip: Security Scanners ================================================= SPONSORED BY: esna ================================================= WORLD CLASS DOMINO HOSTING FROM esnahost.com Get a FREE PALM with every Dedicated Server from The Premier Domino Hosting Solutions Provider - esnahost.com. esna offers world class Domino Hosting. Our solutions range from FREE DOMINO HOSTING to messaging services to full scale Dedicated Server Hosting starting from just $399 per month. Whatever your Domino requirements you can rely on esna. http://www.esnahost.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ================================================= CONTENTS: [1] Chuck Connell's Security Tip [2] Ask the Security Expert [3] Recently posted Admin tips ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Feature Tip: Security scanners for Domino Web sites The searchDomino.com weekly Administrator tips feature one tip per month dedicated to security issues, featuring expert security advice from Chuck Connell, president of CHC-3 Consulting (www.chc-3.com), a consultancy that helps organizations with all aspects of Domino and Notes. If you have a specific security topic that you'd like Chuck to cover or comments about a tip, email us at [EMAIL PROTECTED], or pose a security question to Chuck Connell in Ask the Experts section: http://searchdomino.techtarget.com/ateQuestion/0,289624,sid4_tax287305,00.html This month's tip focuses on security scanners for Domino Web sites. The bad guys have these tools, so you might as well know about them too. But first, a note of caution before we get started: You should only use security scanners on your own computers or for Web sites that you are paying someone else to host for you. In the latter case, let the hosting company know what you are doing first. Breaking this rule is bad ethics and will get you kicked off of many Internet service providers. There are two kinds of security scanners I will discuss here: General scanners that can examine an arbitrary computer on the Internet; and scanning web sites that will examine the computer you are sitting at. General Security Scanners -------------------------- A general security scanner (often called a port scanner) is a program that rapidly attempts to connect to many ports on a particular server. The scanner then reports on which ports are open for connection and which are closed. Port scanners have many malicious uses. Crackers use scanners to look for open ports on target machines, then they attempt to break into the servers using available ports. If you are trying to protect a server from attack, however, a port scanner can help you find vulnerabilities before the crackers find them. Then you can use a firewall, or the Domino server settings, to shut down the unneeded open ports. (Note: you need open ports for legitimate mail and browser connections: you just don't want unnecessary open ports.) One drawback to port scanners is that they provide a lot of information, and it takes some expert skill to understand everything they tell you. However, the basic information -- a list of open ports -- is pretty easy to read and interpret. Port scanner links Below are two links that will help you get started with port scanners: http://www.hideaway.net/Server_Security/Software/Browse_Categories/browse_categories.php?CurrentCategory=5 This site contains an excellent list of many port scanners for many different platforms. http://www.atelierweb.com/pscan/index.htm This site points to one of the most popular Windows-based scanners, which contains many advanced features. Security Scanning Web Sites ----------------------------- Scanning Web sites work in the same way as general port scanners, except that the scanning software is stored on someone else's Web site. You never have a copy of the scanning software yourself. Web sites that provide this service allow you to use their scanning software to examine the computer you are sitting at, without the need to get your own scanner. ShieldsUp! - from GRC, is one of the best scanning sites I have seen. Here's how to use it: 1) If your Internet access is provided by a hosting company or IT department, tell them the host what you are planning to do. 2) Using your Web browser, go to http://www.grc.com. 3) Click on ShieldsUp! (You might have to scroll down to see this.) 4) Scroll down to the buttons labeled Test My Shields and Probe My Ports. 5) Press each button to activate the scanning software stored at GRC. You will see a report on your computer's vulnerabilities. (Note: The information you get here is of a basic nature and does not cover all possible security holes you might have.) Chuck Connell, http://www.chc-3.com ------------------------------------------------- ASK THE SECURITY EXPERT: ------------------------------------------------- Here are some security questions presented to Chuck on searchdomino's Ask the Expert forum. Pose a security question to Chuck here: http://searchdomino.techtarget.com/ateQuestion/0,289624,sid4_tax287305,00.html Question: We may have a backup admin person that is reading documents in client mailboxes, using the admin client and ID. How can we track this scenario? Answer: The easiest way is to turn on activity tracking. Open the database in question. Go to File / Database / Properties / Information (i tab) / User Detail. Select Record Activity, then check back every so often to see who has been reading the database. You can also monitor this centrally from the Domino Administration program. Question: We get deluged by virus-bearing E-Mails with an empty From: or a From: which contains [ ] The empty Froms we throw away; how can we do the same with the others? Answer: I will assume that you are using R5. See Domino R5 Admin Help // Index // Spamming // Preventing // Restricting Inbound Mail Routing. You can specify this From address to be rejected by the mail router. ================================================= RECENTLY POSTED ADMINISTRATOR TIPS: ================================================= We posted 5 new administrator tips last week. Thanks for all your tips and keep them coming! ACL category: http://searchdomino.techtarget.com/tipsIndex/0,289482,sid4_tax283820_alpD_idx0,00.html [1] Access to trouble shoot users' mail files Address Book category: http://searchdomino.techtarget.com/tipsIndex/0,289482,sid4_tax283821_alpD_idx0,00.html [1] Migrating your (Notes) browser address book into Notes Database category: http://searchdomino.techtarget.com/tipsIndex/0,289482,sid4_tax283822_alpD_idx0,00.html [1] Scheduling console commands [2] SiMan.exe database signing utility Server category: http://searchdomino.techtarget.com/tipsIndex/0,289482,sid4_tax283832_alpD_idx0,00.html [1] Creating bookmarks on your R5 Server Admin Client ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ================================================= FEATURED BOOK: ================================================= Hack Attacks Revealed: A Complete Reference with Custom Security Hacking Toolkit By John Chirillo The #1 menace for computer systems worldwide, network hacking can result in mysterious server crashes, data loss, and other problems that are not only costly to fix but difficult to recognize. Author John Chirillo knows how these can be prevented, and in this book he brings to the table the perspective of someone who has been invited to break into the networks of many Fortune 1000 companies in order to evaluate their security policies and conduct security audits. He gets inside every detail of the hacker's world, including how hackers exploit security holes in private and public networks and how network hacking tools work. As a huge value-add, the author is including the first release of a powerful software hack attack tool that can be configured to meet individual customer needs. http://www.digitalguru.com/dgstore/product.asp?sku=047141624X&dept%5Fid=284&ac%5Fid=60&accountnumber=&couponnumber= ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ================================================= ------------------------------------------------- JULY'S NEW TIP PRIZE! ------------------------------------------------- Win an Olympus Stylus camera. This first-rate pocket camera offers advanced features, including quartz date and time imprinting, a self timer, automatic red-eye reduction, night scene and a zoom, all in a compact package that allows you to get the close-up shots you want with the portability you need. A retail value of $199.99. Submit a developer tip in July, and pocket this camera. http://searchdomino.techtarget.com/tipsPrize/0,289492,sid4_prz752628_cts752485,00.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ================================================= Disclaimer: Our tips services and online tips exchange are a way for you to learn from other IT professionals and share technical advice and expertise with your peers. Techtarget.com provides the infrastructure to facilitate this sharing of information. However, we can't guarantee the accuracy and validity of the material submitted. You agree that your use of the searchDomino.com tips services and your reliance on any questions, answers, information or other materials received through searchDomino.com will be at your own risk. ================================================= NOTIFY US WITH FEEDBACK ================================================= If you have a specific security topic that you'd like Chuck to cover or comments about a tip, email us at [EMAIL PROTECTED] ================================================= If you would like to sponsor this or any techtarget newsletter, please contact Gabrielle DeRussy at [EMAIL PROTECTED] ================================================= If you no longer wish to receive this newsletter simply reply to this message with "REMOVE" in the subject line. Or, visit http://searchDomino.techtarget.com/register and adjust your subscriptions accordingly. If you choose to unsubscribe using our automated processing, you must send the "REMOVE" request from the email account to which this newsletter was delivered. Please allow 24 hours for your "REMOVE" request to be processed.