Langa Letter: Good And Bad Online Security Check-Ups - InformationWeek
04:21 PM
Fred Langa
Fred Langa

Langa Letter: Good And Bad Online Security Check-Ups

Fred Langa found some great sites for testing system and network security. Discover what you can learn about your system security just by pointing and clicking.

In Contrast: A Great Site
Fortunately, there are testing sites as good as the previous one was bad. For example, among its many excellent services and features, the top-notch DSL Reports offers several levels of security testing. The basic tests are free, although you do have to create a no-cost login account to use the services.

DSL Reports' security tests are "port scans." An IP port is a standard kind of address, widely used by servers to allow certain types of data to enter and exit the server. Although services can be assigned to a variety of ports, some are reasonably well standardized: For example, World Wide Web (HTTP) traffic is typically assigned to port 80; FTP transfer is port 20. (For a list of the most commonly used port assignments, see A port scan probes your system or server's ports to see what services, if any, are available to external users. If inappropriate services are being offered, you can adjust your software or firewall to close the port to the outside world, and thus increase your security.

With a basic (free) DSL Reports account you can request two levels of port scans. The simple scan runs very quickly and checks the most common points of attack. The results are displayed in real time, and you're given an instant online security analysis at the end of the tests.

The more complete full scan goes further (and takes longer) as it scours even the lesser-used ports and protocols for potential vulnerabilities. These test results are stored online. You're notified by E-mail when the tests are complete, and you can retrieve your test results and analysis anytime.

DSL Reports is a hugely popular site, and it can sometimes take quite a while for a full security test request to be processed. Test requests are normally queued in a first-in/first-out basis. But you can buy a license to run the security tests on a priority basis--letting you jump to the front of the queue--whenever you wish. A license also gives you access to some specialty tests that are not available to non-paying users. The licenses are inexpensive, starting at just $10.

DSL Reports also offers a wide range of other free and low-cost services, including speed tests, line-quality monitoring, and various tuning/tweaking tests and tools. Highly recommended!

Shields Up
The prolific Steve Gibson's free "Shields Up" site is conceptually similar to the security tests at DSL Reports, but less exhaustive. The two-part Shields Up tests will uncover all the most egregious (and common) security problems, but they won't dig quite as deep as DSL Reports.

The Shields Up test results are presented to you in real time on the Web. The site offers a large amount of explanatory reading material to help interpret the test results and correct any problems you discover.

The site is free (there are no for-a-fee security test options) and it's enormously popular. But some users intensely dislike Shields Up, and you'll see posts in various forums around the Net that disparage the site.

Steve is as technical as they come, with impressive credentials stretching back 20 years, but he writes on the site with a breezy volubility geared for a general, non-technical audience. His avoidance of unnecessary jargon, his use of colorful analogies and his energetic writing style offend some hard-core geeks who seem to believe that "If the average user can understand it, it can't be any good." I believe this view is a mistake.

Other users take issue with the fact that Shields Up isn't the be-all and end-all of online testing. Indeed, if it claimed to be so, then I'd also have issues with it, too. But Gibson makes no such claims.

Instead, I've found that the site delivers exactly what it promises and is reliable for the intended purpose: fast, easy testing of common, dangerous online security problems. As such, I recommend the Shields Up site, and use it in concert with DSL Reports, letting one set of tests backstop and validate the results of the other.

The Shields Up site also offers a free "LeakTest" download that (uniquely, as far as I can determine) tests your security setup from the inside out. It harmlessly mimics the behavior of malicious "phone home" applications. Trojans and worms can use phone-home apps to bypass firewall security by using a PC to establish an outbound connection to a remote server. Because the connection originates from the protected side of the firewall, many firewalls allow a phone-home connection to be established. (A few, such as ZoneAlarm, do not.) Gibson's LeakTest lets you explore your firewall's ability to handle these potentially dangerous back-door connections.

2 of 3
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll