News
Commentary
2/16/2006
04:21 PM
Fred Langa
Fred Langa
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Langa Letter: Good And Bad Online Security Check-Ups

Fred Langa found some great sites for testing system and network security. Discover what you can learn about your system security just by pointing and clicking.

In Contrast: A Great Site
Fortunately, there are testing sites as good as the previous one was bad. For example, among its many excellent services and features, the top-notch DSL Reports offers several levels of security testing. The basic tests are free, although you do have to create a no-cost login account to use the services.

DSL Reports' security tests are "port scans." An IP port is a standard kind of address, widely used by servers to allow certain types of data to enter and exit the server. Although services can be assigned to a variety of ports, some are reasonably well standardized: For example, World Wide Web (HTTP) traffic is typically assigned to port 80; FTP transfer is port 20. (For a list of the most commonly used port assignments, see hackerwhacker.com/ports.html.) A port scan probes your system or server's ports to see what services, if any, are available to external users. If inappropriate services are being offered, you can adjust your software or firewall to close the port to the outside world, and thus increase your security.

With a basic (free) DSL Reports account you can request two levels of port scans. The simple scan runs very quickly and checks the most common points of attack. The results are displayed in real time, and you're given an instant online security analysis at the end of the tests.

The more complete full scan goes further (and takes longer) as it scours even the lesser-used ports and protocols for potential vulnerabilities. These test results are stored online. You're notified by E-mail when the tests are complete, and you can retrieve your test results and analysis anytime.

DSL Reports is a hugely popular site, and it can sometimes take quite a while for a full security test request to be processed. Test requests are normally queued in a first-in/first-out basis. But you can buy a license to run the security tests on a priority basis--letting you jump to the front of the queue--whenever you wish. A license also gives you access to some specialty tests that are not available to non-paying users. The licenses are inexpensive, starting at just $10.

DSL Reports also offers a wide range of other free and low-cost services, including speed tests, line-quality monitoring, and various tuning/tweaking tests and tools. Highly recommended!

Shields Up
The prolific Steve Gibson's free "Shields Up" site is conceptually similar to the security tests at DSL Reports, but less exhaustive. The two-part Shields Up tests will uncover all the most egregious (and common) security problems, but they won't dig quite as deep as DSL Reports.

The Shields Up test results are presented to you in real time on the Web. The site offers a large amount of explanatory reading material to help interpret the test results and correct any problems you discover.

The site is free (there are no for-a-fee security test options) and it's enormously popular. But some users intensely dislike Shields Up, and you'll see posts in various forums around the Net that disparage the site.

Steve is as technical as they come, with impressive credentials stretching back 20 years, but he writes on the site with a breezy volubility geared for a general, non-technical audience. His avoidance of unnecessary jargon, his use of colorful analogies and his energetic writing style offend some hard-core geeks who seem to believe that "If the average user can understand it, it can't be any good." I believe this view is a mistake.

Other users take issue with the fact that Shields Up isn't the be-all and end-all of online testing. Indeed, if it claimed to be so, then I'd also have issues with it, too. But Gibson makes no such claims.

Instead, I've found that the site delivers exactly what it promises and is reliable for the intended purpose: fast, easy testing of common, dangerous online security problems. As such, I recommend the Shields Up site, and use it in concert with DSL Reports, letting one set of tests backstop and validate the results of the other.

The Shields Up site also offers a free "LeakTest" download that (uniquely, as far as I can determine) tests your security setup from the inside out. It harmlessly mimics the behavior of malicious "phone home" applications. Trojans and worms can use phone-home apps to bypass firewall security by using a PC to establish an outbound connection to a remote server. Because the connection originates from the protected side of the firewall, many firewalls allow a phone-home connection to be established. (A few, such as ZoneAlarm, do not.) Gibson's LeakTest lets you explore your firewall's ability to handle these potentially dangerous back-door connections.

Previous
2 of 3
Next
Comment  | 
Print  | 
More Insights
IT's Reputation: What the Data Says
IT's Reputation: What the Data Says
InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on InformationWeek.com
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.