Use security tools
Firewalls
A firewall is a hardware or software solution that controls connectivity between one part of a network and another part. In effect, firewalls try to provide a security "moat" around one or more hosts on the network. Firewalls work by comparing network traffic against predefined filtering rules, and blocking traffic that matches those rules. Common filtering criteria include application type (i.e., port number) and source or destination address.
Firewalls can sometimes provide an additional level of security when used in conjunction with proper host-protection measures, but they can also introduce vulnerabilities and support problems. When thinking about deploying firewalls, UW Technology recommends establishing the security perimeter as close to the vulnerable computers as possible, if not on them. This is to minimize the risks from other hosts within the vulnerability zone inherent in any perimeter defense strategy, and to allow use of more specific firewall rules.
UW Technology does not currently have recommendations for deploying desktop "personal firewall" software. Experience indicates that centrally-managed personal firewall software can be useful. However, without the ability to centrally configure and manage personal firewalls, support costs can get out of hand. Firewall software requires knowledge of networking in order to be properly configured. Most desktop computer users don't have the requisite knowledge to properly configure the software, or interpret its messages. Some personal firewall products also include "IDS" (Intrusion Detection Systems) capabilities, and are susceptible to "false positive" reports and consequent confusion and loss of productivity. For more information about firewalls, visit:
- Keeping your Site Comfortably Secure: An Introduction to Internet Firewalls
- Non-commercial firewall software list maintained by the National Institutes of Health
- NDC Logical Firewall - An opt-in firewall developed at UW you can use without rewiring and its accompanying logical firewall rule generator.
- Building a Human Firewall
Intrusion Detection Systems
Intrusion Detection Systems are often closely tied with firewall implementations. An Intrusion Detection System monitors traffic passing through your network and alerts you when certain types of traffic patterns are detected. For more information about intrusion detection systems, visit:
- SANS Institute Intrusion Detection FAQ
- The Open Source Network Intrusion Detection System
- List of Public Domain System Monitoring Software - provided by the National Institutes for Health
Network Scanning Tools
Scanning the ports of the computers you administer can be extremely useful for determining what services the computers are offering on the network. You can see your hosts from the same perspective as an "evil hacker" who is continually trying to gain illegal access to your computers. Scanning your computers can give you an idea about what services you need to lock down, and in some cases you can discover that your computer has already been compromised! For more information about port scanning, visit:
- Auditing Inside the Enterprise via Port Scanning & Related Tools - provided by the SANS Institute
- Nmap ("Network Mapper") stealth port scanner
- NmapNT Security Scanner
System Scanning Tools
Tools exist for scanning certain vendor's operating system software to tell you, the system administrator, what patches have not been applied.
- For Microsoft Windows (newer versions), use the Microsoft Baseline Security Analyzer or Windows Update.
- For Redhat Linux, use Corey Satten's Linux update script 'new-patches'.
- For Macintosh OS X you can use the built-in software updater. Open "System Preferences" from the Apple Menu. Under the "System" tab, select "Software Update" and click "Update Now".
