Topic: Security testing

[Jay]

Hi,

Before I get flamed, this is a serious and honest question.

Can anyone supply me with, or advise me how to go about trying to break my e-smith server ?

Obviously I'm on dangerous ground asking for such information as it could be used to attack other sites. I can assure you I don't want to do that, however, I'd like to test my OWN site to prove to myself that it is secure and to learn how to read my logs for security attacks.

Help would be much apreciated as allways.
Jay
jaydye@mameworld.net

[Patrick Basile]

Jay,

I don't think this is a bad question.  Lots of folks are concerned about the security of their e-smith boxes (and the LAN's they mya be attached to).  Based on what I have read and heard e-smith 4.1.2 (with the latest security patches!) is VERY secure!

There are plenty of commercial products out there which will run port scans and test other 'common' vulnerabilites and hacks, and there are a few "free" tests I think you could run (ie goto DSLreports.com and try a security check on your e-smith server IP address).

I'm sure there will be many others here who will give you 'their 2 cents'.  I am having an outside firm run some hacks and other security tests later this week on an e-smith box I have at one of my business locations, so I'll let you know what happens next week.

Regards,
Patrick

[Jay]

Thanks,

My thinking is this: there are so many existing security holes and advisories, is it _really_ worth paying an outside company to check your system security ? I mean, the moment they stop checking your system, more new holes/advisories appear and your security audit becomes obsolete.

It would be really handy to have something which could be run on new and existing kit though, just for peace of mind if nothing else.