Testing if systems have been infiltrated
I need a simple, cost-effective way to be able to ascertain if any systems for which I am responsible are/have been compromised.
It seems that there are solutions that cost a gazillion dollars (so I will never know if they work -- management won't spend that kind of money), or there are scanners and such that are free or low-cost but offer little in the way of solutions to the problem.
Do you have a solution that we can live with (and pay for)? What happened to good old Yankee ingenuity?
Well, this can be a complicated matter if we get down to the nitty gritty of looking at logs from an incident response perspective. Perhaps the best way to address this is for you to run tests against your own systems to see what the bad guys see (ethical hacking). There are a lot of variables here (OS, network design and so on), but here a few good tools you can use for starters to see where you stand:
- SuperScan for Windows systems
- Nessus vulnerability scanner
- QualysGuard (definitely the most bang for your buck -- it will scan practically every platform for tons of vulnerabilities. You definitely get what you pay for here)
I go into all of this in detail in my book Hacking For Dummies
. You can get two of its chapters for free at the following links:
and Counter Hack
are great resources, as well.
This was first published in August 2004