This first article in a two-part series deals with tools to find security holes in webservers and workstations. Some of the topics covered are: port scanning, finding NFS security holes, and using lsof.
If you examine the security problems reported with stolen credit card numbers or web server defacements in the last few months, it becomes obvious that many web applications have been slapped together with little care or planning for security. What are the most common problems leading to insecure webservers and how does one avoid them? How can one as a customer or end user recognize if a server fullfills the most elemental security requirements?
An analysis of the reported security flaws shows that most problems belong into one of three categories:
The server offers services to the public it was not intended to offer.
The server keeps supposedly private data in publicly accessible areas.
The server trusts data from untrustworthy sources.