Ask the Expert

Testing if systems have been infiltrated

I need a simple, cost-effective way to be able to ascertain if any systems for which I am responsible are/have been compromised.

It seems that there are solutions that cost a gazillion dollars (so I will never know if they work -- management won't spend that kind of money), or there are scanners and such that are free or low-cost but offer little in the way of solutions to the problem.

Do you have a solution that we can live with (and pay for)? What happened to good old Yankee ingenuity?

    Requires Free Membership to View

Well, this can be a complicated matter if we get down to the nitty gritty of looking at logs from an incident response perspective. Perhaps the best way to address this is for you to run tests against your own systems to see what the bad guys see (ethical hacking). There are a lot of variables here (OS, network design and so on), but here a few good tools you can use for starters to see where you stand:
  • SuperScan for Windows systems
  • Nessus vulnerability scanner
  • QualysGuard (definitely the most bang for your buck -- it will scan practically every platform for tons of vulnerabilities. You definitely get what you pay for here)
I go into all of this in detail in my book Hacking For Dummies. You can get two of its chapters for free at the following links: Hacking Exposed and Counter Hack are great resources, as well.

This was first published in August 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: