Basic security programs that wipe out cookies, Trojans and worms may leave many computer owners feeling naively and smugly safe.
However, hackers don’t care about cookies; they care about breaking through loopholes in your network, internet connection or software so they can maliciously steal and destroy data.
Advanced security diagnostics can help you prevent that from occurring. Penetrating Testing, password audits, behavior surveillance and ping testing are types of security tests you should be considering.
Penetration Testing Software
Why wait and see if an unscrupulous cyber-criminal decides to raid your computer system? Shouldn’t you attack yourself? Penetration testing, which is very methodical and thorough, is the apex of security diagnostics as it involves staging virtual attacks on your own computer and network just as a real hacker would.
This lets you know with certainty if such attacks would be successful and whether your present security is reliable or defective.
The simulated access by an unapproved external computer can reveal weaknesses in firewalls and inadequate security software. Penetration simulations can identify the vulnerabilities in every part of your system, including the operating system, applications, services, behavioral habits of your website end users and software configurations.
Everything from browser choice and plugins to the regular wireless connection is tested. This type of comprehensive testing can push you to acquire higher levels of security, if necessary, so your valuable data won’t be at risk.
Types of Penetration Attacks
There are three main types of pentests:
Input attacks - These tests gauge the threat of inputs from sources that are unknown and not trustworthy, whether data input is used to control the computer, acquire files, communicate or open software.
Environment attacks - This type of testing looks at all computers and equipment connected to yours in any way — including through cloud services– to see if you are operating in a safe environment. Everything from servers and databases to scripts and plugins will be considered as potential security breaches. In addition, memory and network speed are also assessed as environmental concerns.
Internal Storage Attacks - The algorithms and mechanisms used for data storage are besieged as a hacker would to see if such unauthorized access can impede normal data access and activities by users. This simulates one of hackers’ favorite activities to perform on a weak storage system: denial of service (DOS) attacks. These can frustrate website users and customers the most.
You don’t have to hire a company these days to carry out any of these pentests. Instead of phoning Best Buy’s Geek Squad or your local computer repair service, you can download some software that will inform you of both high-risk problems and low-risk situations.
Examples of Penetration Testing Software
Metasploit - This software, depending on the edition you choose, includes a vulnerability scanner to look for weaknesses, smart exploitation programs to incite attacks, password testing to determine the security of your username and password as well as network discovery tools. The community download edition of Metasploit is free. Also, the software’s website has a support community forum where users can ask and answer questions.
Security Auditor - More than just a penetration test program, Security Auditor is a full risk management suite. In addition to pentest programs, it includes a range of additional utilities, such as password testers, access rights auditor, forensic analysis programs, event log watchers, assets listing and more.
HackBar - This pentest software comes in the form of an add-on for those using Firefox browsers. Its testing capabilities are somewhat limited; it’s inherently an SQL penetration testing tool. This is good for webmasters and developers who need to protect databases. HackBar also tests current security programs and website codes.
Other Advanced Security Diagnostics
Password Auditing - If penetration testing is too overwhelming of a test, password auditing may assuage your fears about whether a type of hacker known as a cracker can crack your password and log into your computer network or sensitive websites you visit. Auditing software, such as the LOphtCrack Password security program, can determine if your login credentials are weak, moderate or strong.
Activity Surveillance - Surveillance software like Activity Monitor by Soft Activity keeps an eye on what actions are being attempted on all the computers connected to a network, whether it’s a home network or business network. This diagnostic tool assesses real time threats, whether they be suspicious words typed or strange messages sent. The goal is to determine security threats linked to user behaviors. This is good for small or large businesses and people at home or in dorms who share a network with those they don’t absolutely trust.
Ping Tests - Hackers often launch a barrage of ping commands to discover remote computers. If any computers answer the command, the hacker might try to perform an attack or at least keep pinging until the server is overloaded. Ping test software, such as Ping Tester Pro, can identify the IP address of computers who ping your computer system. It can also test the commands for safety and identify associated URL and networks.
About the Author: John Dayton’s long career as a tech writer and small business owner has allowed him to gain a wealth of knowledge about the industry. When he’s not writing, you can find him covering LWG Consulting and other tech related companies.