Langa Letter: Good And Bad Online Security Check-Ups
Fred Langa found some great sites for testing system and network security. Discover what you can learn about your system security just by pointing and clicking.
In Contrast: A Great Site
Fortunately, there are testing sites as good as the previous one was bad. For example, among its many excellent services and features, the top-notch DSL Reports offers several levels of security testing. The basic tests are free, although you do have to create a no-cost login account to use the services.
DSL Reports' security tests are "port scans." An IP port is a standard kind of address, widely used by servers to allow certain types of data to enter and exit the server. Although services can be assigned to a variety of ports, some are reasonably well standardized: For example, World Wide Web (HTTP) traffic is typically assigned to port 80; FTP transfer is port 20. (For a list of the most commonly used port assignments, see hackerwhacker.com/ports.html.) A port scan probes your system or server's ports to see what services, if any, are available to external users. If inappropriate services are being offered, you can adjust your software or firewall to close the port to the outside world, and thus increase your security.
With a basic (free) DSL Reports account you can request two levels of port scans. The simple scan runs very quickly and checks the most common points of attack. The results are displayed in real time, and you're given an instant online security analysis at the end of the tests.
The more complete full scan goes further (and takes longer) as it scours even the lesser-used ports and protocols for potential vulnerabilities. These test results are stored online. You're notified by E-mail when the tests are complete, and you can retrieve your test results and analysis anytime.
DSL Reports is a hugely popular site, and it can sometimes take quite a while for a full security test request to be processed. Test requests are normally queued in a first-in/first-out basis. But you can buy a license to run the security tests on a priority basis--letting you jump to the front of the queue--whenever you wish. A license also gives you access to some specialty tests that are not available to non-paying users. The licenses are inexpensive, starting at just $10.
DSL Reports also offers a wide range of other free and low-cost services, including speed tests, line-quality monitoring, and various tuning/tweaking tests and tools. Highly recommended!
The prolific Steve Gibson's free "Shields Up" site is conceptually similar to the security tests at DSL Reports, but less exhaustive. The two-part Shields Up tests will uncover all the most egregious (and common) security problems, but they won't dig quite as deep as DSL Reports.
The Shields Up test results are presented to you in real time on the Web. The site offers a large amount of explanatory reading material to help interpret the test results and correct any problems you discover.
The site is free (there are no for-a-fee security test options) and it's enormously popular. But some users intensely dislike Shields Up, and you'll see posts in various forums around the Net that disparage the site.
Steve is as technical as they come, with impressive credentials stretching back 20 years, but he writes on the site with a breezy volubility geared for a general, non-technical audience. His avoidance of unnecessary jargon, his use of colorful analogies and his energetic writing style offend some hard-core geeks who seem to believe that "If the average user can understand it, it can't be any good." I believe this view is a mistake.
Other users take issue with the fact that Shields Up isn't the be-all and end-all of online testing. Indeed, if it claimed to be so, then I'd also have issues with it, too. But Gibson makes no such claims.
Instead, I've found that the site delivers exactly what it promises and is reliable for the intended purpose: fast, easy testing of common, dangerous online security problems. As such, I recommend the Shields Up site, and use it in concert with DSL Reports, letting one set of tests backstop and validate the results of the other.
The Shields Up site also offers a free "LeakTest" download that (uniquely, as far as I can determine) tests your security setup from the inside out. It harmlessly mimics the behavior of malicious "phone home" applications. Trojans and worms can use phone-home apps to bypass firewall security by using a PC to establish an outbound connection to a remote server. Because the connection originates from the protected side of the firewall, many firewalls allow a phone-home connection to be established. (A few, such as ZoneAlarm, do not.) Gibson's LeakTest lets you explore your firewall's ability to handle these potentially dangerous back-door connections.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.