Security in Today's World

Written by Paul Bliss

Continued from page 1

Withrepparttar advances of technology, monthly fees for home security monitoring are reasonable forrepparttar 132009 service they provide. Be warned: not all monitoring companies haverepparttar 132010 same capabilities when it comes to quick response. Thatís one reason why itís a good idea to make sure that any security company you choose has a UL certification. This can be critical as it indicates thatrepparttar 132011 security company has met stringent standards for management system compliance (such as a back up source of power). The same methodology should apply for a security software provider. Just because they say theyírerepparttar 132012 best, doesnít mean that they are. Due diligence isrepparttar 132013 userís responsibility. Your information is too valuable to be taken lightly.

Both home security and cyber security are similar to having insurance. You have it, but you hope you never need it. And if you do need it, you want a company or vendor that has a history of excellent customer service.

There are those people who think that having a firearm is all they need for protection. While that may hold true in some form, a firearm wonít let you know if someone is trying to enter your home throughrepparttar 132014 back door while you are sleeping and notify you orrepparttar 132015 authorities. Another common perception is that a watchdog will alert a homeowner to intrusion, but again, manís best friend sleeps 10 to 12 hours a day and canít notifyrepparttar 132016 police.

There are some computer users who claim that they can detect a virus byrepparttar 132017 email that is sent with some obvious taglines meant forrepparttar 132018 user to open and infectrepparttar 132019 machine. Not all viruses are in emails, although that isrepparttar 132020 most common form. They can also be uploaded to a website, or embedded in Java Applets or Active X controls.

Trojans, which can log all ofrepparttar 132021 users keystrokes and sites visited, are secretly downloaded inrepparttar 132022 form of free games or free software, and are undetectable by anti-virus software. This isrepparttar 132023 preferred method of attack by a hacker on a machine. By not alteringrepparttar 132024 performance of a machine (like a virus or worm does),repparttar 132025 user blissfully continues to use their machine to make online purchases, and enter sensitive information, thinking they are secure, whilerepparttar 132026 Trojan secretly records all ofrepparttar 132027 information and will simply send all ofrepparttar 132028 userís information at designated intervals torepparttar 132029 hacker.

Many times a decision about security measures for your home or computer is based on budgetary constraints. But always consider what it is that you are protecting and how much you would pay to get back whatever was stolen, lost or destroyed if an unfortunate event occurred in your life.

Paul has been involved in network security for over 4 years and is still looking for answers!

Running your first scan using NessusWX

Written by Lew Newlin

Continued from page 1

Performing Your First Scan

To perform your first vulnerability scan, you must create a Session (job) outliningrepparttar targets and scanning options desired.

  • Click menu selection Session/New;
  • You will be prompted to enter a session name or acceptrepparttar 132007 default of "Session1". Enter "First Scan", leave "Define additional properties" checked, click <Create>;
  • Atrepparttar 132008 "Session Properties - Test Scan", clickrepparttar 132009 "Targets" tab, then click <Add>;
  • Atrepparttar 132010 "Add Target" screen you haverepparttar 132011 option of entering a single host, a subnet, or IP range depending on scanning needs. For our test session, select a single IP address and enterrepparttar 132012 IP or Host name of your workstation, click <Ok>;
  • Click <Apply>.
  • Clickrepparttar 132013 "Options" tab:
    • Change "Maximum simultaneous" default value if needed;
    • Change "Security checks per host" default value if needed;
    • "General scan options/Enable plugin dependencies". Nessus uses many plugins (tests) that requirerepparttar 132014 use of other plugins to operate correctly. Checking this box permits Nessus to automatically enable dependencies as needed. For our test scan, "Enable plugin dependencies" should be checked;
    • "General scan options/Do reverse DNS lookups" simply performs a DNS lookup onrepparttar 132015 target to determinerepparttar 132016 host name. For our test scan, check "Do reverse DNS lookups";
    • "General scan options/Safe checks". As stated previously, Safe Checks disablesrepparttar 132017 most dangerous scripts from executing and instead relies on banner information to determine vulnerability rather than exploitingrepparttar 132018 real flaw. For our test scan, leave "Safe checks" checked;
    • "General scan options/Optimizerepparttar 132019 test" lets Nessus avoid all apparently irreverent tests. For example, tests will not be conducted for web site unless a web site is detected. For our test scan, leave "Optimizerepparttar 132020 test" checked;
    • "General scan options/Resolve unknown services" will permit Nessus to resolve any unknown services that may be operating onrepparttar 132021 system. For our test scan, leave "Resolve unknown services" checked;
    • "Path to CGIís". Nessus hasrepparttar 132022 ability to check for generic CGI vulnerabilities that may be present. For our test scan, leave "Path to CGIís" atrepparttar 132023 default of "/cgi-bin";
    • "Interface options" permits you to limitrepparttar 132024 results that are displayed onrepparttar 132025 screen while scanning is occurring. For our test scan, leave both items unchecked to displayrepparttar 132026 maximum amount of information;
    • Click <Apply>.
  • Clickrepparttar 132027 "Port scan" tab:
    • "Port range to scan" permits you to enterrepparttar 132028 ports Nessus will scan. For our test scan, we will userepparttar 132029 default of "Privileged ports (1-1024)";
    • "Port scanners" permitsrepparttar 132030 use of a wide range of port scanners depending on your needs. For our test scan, leaverepparttar 132031 default of "Pingrepparttar 132032 report host" and "tcp connect scan" checked.
    • Click <Apply>.
  • Clickrepparttar 132033 "Connection" tab will permit you to enter and store specifics aboutrepparttar 132034 Nessus server to be used forrepparttar 132035 session. Since we are currently connected to a specific Nessus server, no need exists to enter this information for our test scan;
  • Clickrepparttar 132036 "Plugins" tab:
    • To test for system vulnerability we must enable plugins. Checkrepparttar 132037 "Use session-specific plugin" checkbox. You will notice that currently "0 plugins currently are selected for execution";
    • Clickrepparttar 132038 "Select plugins" button to displayrepparttar 132039 "Plugin List" screen. For our test scan, clickrepparttar 132040 "Enable All" button, click <Yes>, when prompted with "Do you wish to enable all port scanners as well", click <Close>. You will notice that 2400 or so plugins are now selected for execution;
    • Click <Apply>.
  • Clickrepparttar 132041 "Comments" tab and input any remarks you have concerning this session or its settings, then click <Ok> to save your Session;

To executerepparttar 132042 Session, right-click onrepparttar 132043 icon and then select <Execute>. When prompted atrepparttar 132044 "Execute Session" screen simply click Execute and vulnerability scanning will commence.


Take some time, experiment, and learn what NessusWX and Nessus have to offer. Patch systems and rescan to verify vulnerability have been closed. Using NessusWX and Nessus will permit you to find system vulnerabilities before hackers and virus/worm writers have opportunity to do it for you.

Lew Newlin is CTO of Information Solutions, Inc. that operates SiteRecon specializes in security, email monitoring, and web site monitoring for Internet service providers and businesses.

    <Back to Page 1 © 2005
Terms of Use