There are more and more applications for network administrators on the market, both commercial and free, which serve to verify the system security. Today's administrator has to be highly motivated and extremely patient, as he has to become familiar with a large amount of new software to help him in his difficult work.
There has been a flood of network monitors, network configurators, and other programs to improve network function, or that relieve the administrator of at least part of his responsibilities. However, it is the administrator's duty to deal with the network.
Full automation of the network combined with a superficial status check are a recipe for trouble. This is especially true of huge corporate networks, where security is often neglected. Instead of surveying their systems at least once a day, administrators often hand off this responsibility to various applications. In fact, these applications should only help the administrator in detecting possible irregularities or unauthorized access, and not, as many seem to think, completely take over this task. Software can easily be deceived.
This post will show how administrator should monitor network security. We will demonstrate that it is worth dedicating one's time to analyzing and choosing the correct settings instead of automating the monitoring function of the data being sent.
This post can also be understood from "the other side" - the hacker's point of view. The majority of network applications , which on the one hand help protect a network, can also be used to manipulate a network for one's own purposes. In particular, we mean scanners, one of the most popular network kinds of programs in recent years.
We should bear in mind that the best method to get to know the network security level is to attempt to break down all the barriers that normally protect our systems. Just as real-life detectives do, to learn the details or the motive of an offense we have to put ourselves in the criminal's place, so as administrators we should become hackers and carry out an attack on our own network. it is also good to try to obtain as much information as possible about it. just as an intruder would do before cracking.
What are scanners?
Scanners, the subject of this post, are "neutral" network applications. this means that they can help both a hacker and an administrator. Their task is to collect information about network devices. As it turns out, this information can be quite varied. We are able to discover which software is used in the system, to check how long it has been running, and to find out about the available ports. Of course the scanners are written in such a way that their activity won't leave unwanted footprints on the target machine. It happens often that scanning is performed using undocumented protocols, the monitoring of which is usually ignored.
The advantages this presents may seem to be useful only to a hacker, but they are also important to an administrator. They allow us to make appropriate changes to the settings and improve the system security level.
There are three popular scanners, Nmap, Nessus, and Nikto. Each of these applications provides different functions, and they complement each other perfectly.
0 komentar:
Post a Comment