In every hacker's tool bag are a variety of free system probing and fingerprinting tools, the purpose of which is to identify specifics about your hardware and software configurations. Some of these tools will undoubtedly check for open ports on routers and firewalls and identify what system services are available for exploitation. To get an idea of what a hacker would see, download and run some of these tools against your own network. Be sure to let your staff know when these tools are being run, in case there are performance issues when certain scans are launched, and always test them against a few non-critical machines first.
The first step in defending against
To determine if someone is using such tools to probe and fingerprint your operating systems, you'll need to implement at least one type of logging tool that will record port scans, fingerprinting, failed login attempts, etc. Ideally, any open ports should be monitored with an intrusion prevention system (IPS), which will detect and prevent most attacks before they reach your systems. A common free and open source intrusion detection system (IDS), which only detects attacks and does not prevent them, and IPS is Snort. A quick Google search will yield plenty of free support and add-ons for Snort.
Whatever system you implement to detect operating system fingerprinting and probing, you'll want to keep an eye on the log files to identify which machines seem to be probing your systems. Many firewalls and intrusion detection/prevention systems can alert you via email or launch a program when an attack is detected, but none of these systems is capable of reaching through the hacker's monitor and slapping their hands. Someday…
About the author
Vernon Haberstetzer, president of security seminar and consulting company i.e.security, has many years of in-the-trenches security experience in healthcare and retail environments.
HACKER ATTACK TECHNIQUES AND TACTICS
Introduction: Hacker attack tactics
How to stop hacker theft
Hacker system fingerprinting, probing
Using network intrusion detection tools
Avoid physical security threats
Authentication system security weaknesses
Improve your access request process
Social engineering hacker attack tactics
Secure remote access points
Securing your Web sever
Wireless security basics
How to tell if you've been hacked
This was first published in January 2005