Is this server secure enough? Is this server hackable?

Discussion in 'Computer Security' started by cyberquest, Aug 3, 2006.

  1. cyberquest

    cyberquest Guest

    I have just help up in setting up a server in my company ... and I
    attempt to do a NMap port scan ... the results is shown below


    Interesting ports on xxx.xxx.xxx.xxx (This is the IP address of
    course):
    Not shown: 1654 closed ports
    PORT STATE SERVICE
    25/tcp open smtp
    42/tcp open nameserver
    53/tcp open domain
    80/tcp open http
    88/tcp open kerberos-sec
    110/tcp open pop3
    135/tcp open msrpc
    139/tcp open netbios-ssn
    389/tcp open ldap
    443/tcp open https
    445/tcp open microsoft-ds
    464/tcp open kpasswd5
    593/tcp open http-rpc-epmap
    636/tcp open ldapssl
    691/tcp open resvc
    995/tcp open pop3s
    1026/tcp open LSA-or-nterm
    1029/tcp open ms-lsa
    1720/tcp filtered H.323/Q.931
    2105/tcp open eklogin
    3268/tcp open globalcatLDAP
    3269/tcp open globalcatLDAPssl
    3389/tcp open ms-term-serv
    5631/tcp open pcanywheredata
    6001/tcp open X11:1
    6002/tcp open X11:2
    Nmap finished: 1 IP address (1 host up) scanned in 18.578 seconds

    My question is ... is this server secure enough to prevent hackers from
    coming in and ... if this system is hackable ... how will the attackers
    do it and how can I prevent it?
    cyberquest, Aug 3, 2006
    #1
    1. Advertising

  2. cyberquest

    Todd H. Guest

    "cyberquest" <> writes:

    > I have just help up in setting up a server in my company ... and I
    > attempt to do a NMap port scan ... the results is shown below


    > My question is ... is this server secure enough to prevent hackers from
    > coming in and ... if this system is hackable ... how will the attackers
    > do it and how can I prevent it?


    Is it hackable? Absolutely. It's connected to the net. Even if
    every one of the ba-shitload of services you've got listening there is
    updated to its latest believed-secure level, someone somewhere may
    have unreleased "0day" exploits for that service and can own you.

    So the better question is "is it hack-resistant enough for the
    sensitivity of data that is on this server?"

    An nmap scan alone isn't going to tell you that, so even that question
    is unanswerable, but I will offer this: for a server directly
    connected to the net that is an AWFUL lot of services listening.

    I'd be surprised if any penetration tester of reasonable skill
    couldn't find at least one way in given that list of listening ports.

    So, I'd be willing to bet that the answers to your subject questions
    are no, and yes respectively.

    Best Regards,
    --
    Todd H.
    http://www.toddh.net/
    Todd H., Aug 3, 2006
    #2
    1. Advertising

  3. From: "cyberquest" <>

    | I have just help up in setting up a server in my company ... and I
    | attempt to do a NMap port scan ... the results is shown below
    |
    | Interesting ports on xxx.xxx.xxx.xxx (This is the IP address of
    | course):
    | Not shown: 1654 closed ports
    | PORT STATE SERVICE
    | 25/tcp open smtp
    | 42/tcp open nameserver
    | 53/tcp open domain
    | 80/tcp open http
    | 88/tcp open kerberos-sec
    | 110/tcp open pop3
    | 135/tcp open msrpc
    | 139/tcp open netbios-ssn
    | 389/tcp open ldap
    | 443/tcp open https
    | 445/tcp open microsoft-ds
    | 464/tcp open kpasswd5
    | 593/tcp open http-rpc-epmap
    | 636/tcp open ldapssl
    | 691/tcp open resvc
    | 995/tcp open pop3s
    | 1026/tcp open LSA-or-nterm
    | 1029/tcp open ms-lsa
    | 1720/tcp filtered H.323/Q.931
    | 2105/tcp open eklogin
    | 3268/tcp open globalcatLDAP
    | 3269/tcp open globalcatLDAPssl
    | 3389/tcp open ms-term-serv
    | 5631/tcp open pcanywheredata
    | 6001/tcp open X11:1
    | 6002/tcp open X11:2
    | Nmap finished: 1 IP address (1 host up) scanned in 18.578 seconds
    |
    | My question is ... is this server secure enough to prevent hackers from
    | coming in and ... if this system is hackable ... how will the attackers
    | do it and how can I prevent it?

    That certainly is a large number of open ports but is STILL insufficiengt infornmation to
    stae if the seerver is secure or not.

    The more posrts that are open, the easier it is to hack.

    What's important is is if nodes from the POV of the Internet can see those open ports and
    can find vulnerabilities on those ports.

    Off hand, without more information I must be on the side of caution and say NO.
    It is NOT secure.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
    David H. Lipman, Aug 3, 2006
    #3
  4. cyberquest

    Anonyma Guest

    cyberquest wrote:

    > I have just help up in setting up a server in my company ... and I
    > attempt to do a NMap port scan ... the results is shown below
    >
    >
    > Interesting ports on


    Your scan results tell us nothing at all. Was this a local, or remote
    scan? How is your firewall configured? How are your services
    configured? What versions are you running? What platform/kernel? Etc...
    etc... etc...

    The scan itself isn't even complete. Nmap defaults to poking at only
    the most "popular" ports within a certain range. There could be open
    ports we're not seeing, and some of those could point to an EXISTING
    problem let alone a potential one. So aside from only assuming that you
    apparently have something listening on some publicly accessible ports,
    which is a risk of undetermined concern at this point, we know nothing.

    > My question is ... is this server secure enough to prevent hackers from


    Don't take this the wrong way, but judging from what I've read here I'd
    have to say it's probably not. The fact that you asked this question
    assuming the provided information would permit a real answer points to a
    very distinct possibility that you've "missed something" somewhere and
    left a potentially gaping hole in your company's server that could
    result in BadThings(tm) happening.

    This is what training and experience are for, and why "the guy in
    accounting who knows a lot about computers" is a poor choice when
    companies are looking for someone to take their services public. :(

    > coming in and ... if this system is hackable ... how will the attackers
    > do it and how can I prevent it?


    Go to school. Spend at least a couple years in an academic environment
    cramming the theory into your noggin, even if you keep your day job.
    Then spend at least 5 years gaining hands on experience under the
    tutelage of a competent and experienced professional. At that point you
    might be ready for some mid-level planning and implementation duties,
    as long as you still have top notch supervisory people who can spot the
    mistakes you'll be learning from. In about 12 to 15 years, if you're a
    good student, you might be ready to don the hat of a go-it-alone
    contract professional or the sort of upper level supervisor/admin who
    should be responsible for setting up and securing corporate servers.
    Anonyma, Aug 3, 2006
    #4
  5. cyberquest

    ~David~ Guest


    >
    > My question is ... is this server secure enough to prevent hackers from
    > coming in and ... if this system is hackable ... how will the attackers
    > do it and how can I prevent it?
    >

    Probably not. In addition to the comments made above about running too many
    services, configuration options etc... try a few standard procedures:

    Document what the machine is used for and only run the services needed.
    Eliminate services you don't need or use

    For every service needed, make sure it's up to the latest version and configured
    with the "least privilege" principals

    Make sure the OS itself has the latest security updates and is configured only
    for what you need

    ***If you're really paranoid, another few tips to try:***

    Enable the SE-Linux kernel patch from NSA with strict policies, and use things
    like PaX and GRsecurity patched into the kernel

    Use a hardened tool chain with hardened versions of tools like gcc and bin-utils

    Encrypt the filesystem or sensitive files if untrusted people have physical
    access to the machine

    Consider a secure OS like OpenBSD


    ~David~
    ~David~, Aug 14, 2006
    #5
  6. cyberquest

    Inquirer Guest

    On 03 Aug 2006 13:08:15 -0500, (Todd H.) wrote:

    >Is it hackable? Absolutely. It's connected to the net.


    "The only truly secure system is one that is powered off, cast in a
    block of concrete and sealed in a lead-lined room with armed guards -
    and even then I have my doubts."

    - Gene Spafford

    --
    Email address invalid. Please reply to group. Thank you.
    Inquirer, Aug 27, 2006
    #6
  7. From: "Inquirer" <>

    | On 03 Aug 2006 13:08:15 -0500, (Todd H.) wrote:
    |
    >> Is it hackable? Absolutely. It's connected to the net.

    |
    | "The only truly secure system is one that is powered off, cast in a
    | block of concrete and sealed in a lead-lined room with armed guards -
    | and even then I have my doubts."
    |
    | - Gene Spafford
    |

    Lead lined ?

    No, just a faraday room. :)


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
    David H. Lipman, Aug 27, 2006
    #7
  8. cyberquest

    Rick Merrill Guest

    David H. Lipman wrote:
    > From: "Inquirer" <>
    >
    > | On 03 Aug 2006 13:08:15 -0500, (Todd H.) wrote:
    > |
    >
    >>>Is it hackable? Absolutely. It's connected to the net.

    >
    > |
    > | "The only truly secure system is one that is powered off, cast in a
    > | block of concrete and sealed in a lead-lined room with armed guards -
    > | and even then I have my doubts."
    > |
    > | - Gene Spafford
    > |
    >
    > Lead lined ?
    >
    > No, just a faraday room. :)
    >


    No, a Tempest certified room!

    Otherwise, go with melted down and put in ingots.
    Rick Merrill, Aug 27, 2006
    #8
  9. David H. Lipman, Aug 27, 2006
    #9
  10. cyberquest

    Rick Merrill Guest

    David H. Lipman wrote:
    > From: "Rick Merrill" <>
    >
    >
    > | No, a Tempest certified room!
    > |
    > | Otherwise, go with melted down and put in ingots.
    > |
    >
    > Well yes, no tempest monitoring but he did state "is powered off".
    >


    The OP did mention "hacking" but didn't really clarify 'the threat' so
    you have to consider residual data in NVRAM and HD.....
    Rick Merrill, Aug 28, 2006
    #10
  11. From: "Rick Merrill" <>

    | David H. Lipman wrote:
    >> From: "Rick Merrill" <>
    >>

    |>> No, a Tempest certified room!
    |>>
    |>> Otherwise, go with melted down and put in ingots.
    |>>
    >> Well yes, no tempest monitoring but he did state "is powered off".
    >>

    | The OP did mention "hacking" but didn't really clarify 'the threat' so
    | you have to consider residual data in NVRAM and HD.....

    Ok -- Ok :)

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
    David H. Lipman, Aug 28, 2006
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. NeuroManson

    Durabrand STS75E - Hackable or not?

    NeuroManson, Oct 11, 2003, in forum: DVD Video
    Replies:
    0
    Views:
    514
    NeuroManson
    Oct 11, 2003
  2. NeuroManson
    Replies:
    0
    Views:
    1,299
    NeuroManson
    Oct 18, 2003
  3. Don
    Replies:
    4
    Views:
    2,130
    BigJIm
    Nov 15, 2005
  4. Replies:
    0
    Views:
    560
  5. Replies:
    0
    Views:
    609
Loading...

Share This Page