How can I port scan myself to make sure I'm secure?

pamccabe

I'm working on setting up a cisco router for my home network. I think everything is setup as it should be. One thing I read on another site, is that port scanning your IP once everything is setup might be a good idea to see if there are any ports open that shouldn't be. Do I run this from inside my own network? If not, how to I run it against my IP? Does anyone have any recommendations for this?

gorebrush

Back in the day you could use the "ShieldsUP!" website that did a remote port scan on you...

https://www.grc.com/x/ne.dll?bh0bkyd2

pamccabe

I like it. Thanks gorebrush! I'll give this a try.

CodeBlox

Yeah, but your ISP might block connections on some well known ports resulting in false positives if you do it from outside. Like say, port 80.

datgirl

gorebrush wrote: »

Back in the day you could use the "ShieldsUP!" website that did a remote port scan on you...

https://www.grc.com/x/ne.dll?bh0bkyd2

I have used Shilelds Up, and would also scan with Nmap / Zenmap, Nessus, or even the netstat command.

DevilWAH

I would not say a portscan that comes back as negative tells you much about if you are secure. It might say you wont be seen if some one does a port scan across a range of IP one of which happens to me yours, but thats about it. I remember a group of pen testers saying there were some issues with shields up and that it was not very accurate, I suggest go to a mates house with your laptop and play around with nmap as it gives much more detailed and configurable results.

But assuming you have internet facing services such as a website, then this pretty much gives the game away that you have port 80 for example open, and then its all about compromising your server. I was shocked just how easily a decent pen tester can compromise a non hardened web or SQL server.

Just don't assume you are secure because you don't have any unexpected ports open.

NetworkVeteran

ShieldsUP! should be better at answering how many and which services your router is allowing people access to. NMAP should be better at answering how many and which services your system(s) are allowing people access to. The former's more interesting if all you've done is add a new router to your existing setup, though both tools have their place.

As DevilWAH says, then the question becomes, how secure are those services?

And don't forget you also have to secure clients within your network that connect without, and that when a system connects to a VPN or other tunnel, they circumvent most NAT/Firewall features on the router.

docrice

Vulnerability assessments come in many forms, but if you want a true outside perspective, get an EC2 instance and scan from there. Once you determine your layer 3/4 exposure, probe further with a vuln scanner of your choice.

Don't run these tools blindly. A default Nmap scan only hits the top-used 1000 ports and may not reveal everything. You'll obviously need to consider UDP ports and other protocols, but UDP scanning can take a lot, lot longer.

This topic implies a much larger conversation, so I'll just stick to the basics.

pamccabe

Thanks for all the replies! First off, what is an EC2 instance? I am feeling that security is not my strong point and have already been looking at CCNA:Security topics. I want to learn more about VPNs, AAA, and securing. That might be a good starter cert to work towards. Anyway, until then, can anyone tell me if I can run these scans within my network? Or do I need to be connected elsewhere? I'm just thinking that scanning my ISP's IP from within my network won't work well... would it?

For now, i took my router and switch off the home network. Have a Netgear router/access point running in their place. I want to learn more about securing the router first instead of learning on the go. Just incase my network would get compromised.

NetworkVeteran

pamccabe wrote: »

I'm just thinking that scanning my ISP's IP from within my network won't work well... would it?

Nope. That's where ShieldsUp! and E2C come in. They allow you to scan your system from the Internet.

Thanks for all the replies! First off, what is an EC2 instance?

It's an Amazon service that lets you spin up a remote VM to run commands from. That would allow you to run a more comprehensive scan than ShieldsUp!, but may take 30-60 minutes rather than 1-2 minutes.

Try this:

1. On your PCs, ensure Windows Firewall and some Anti-Virus is on.
2. On your router, type "auto secure". Answer all the questions. Choose good passwords.
3. On your router, configure Port Address Translation.

Now try a scan. I bet you do okay!

Defending a home system from random riff-raff doesn't usually require uber security know-how.

pamccabe

NetworkVeteran! Holy smokes lol I spent all weekend with my new router configuring it. I spent countless hours on Cisco's site and googling. However, I never came across 'auto secure'. I'm reading up on it now and it is EXACTLY what I was looking for this entire time. I'm dumbfounded how this eluded me lol... big thanks to you!