(Be sure to read the “Secure your Lan” page before using these tools.)
There are many resources available to help secure your LAN. They fall into four main categories:
- Security scan programs that you run from a web page
- Port monitors and Trojan cleaners
- “Firewalls” that you run on your computer(s)
- Security related Web sites.
There are some good guys out there who will, with your permission, scan your Internet connection and give you feedback on how secure it is. These services are free and usually involve going to a web page and clicking on a button or filling out a form to get things started. The service will then check your connection to see how secure it is, and give you feedback on what it finds.
If you’re unfamiliar with networking terminology, some of the feedback can be confusing, and make you even more paranoid than you already may be! However, the ShieldsUp site contains excellent explanations of virtually everything involved with securing your LAN against intruders, so there’s no excuse for being uninformed!
NOTE! The security check programs all do their work by attempting to connect to your system, just like a cracker would do. If you are on a corporate or other network that is administered by someone else, it would be a good idea to not use these programs. They could cause security alerts and create unnecessary work for your IT department!
ShieldsUp This is the place to go for virtually everything related to securing your LAN! Lots of excellent explanatory material and very good NetBios and Port Scanner utilities that give clear feedback. Pretty fast, too!
HackerWhacker runs checks on NetBios, open common TCP and UDP ports, webserver vulnerabilities (mostly CGI based), and will even ping and traceroute your IP address to test for packet loss. You can select which of these tests you want to run.
The bad news is that the port scans can take 30-60 minutes to run.
12/99 The site has been changed so that you don’t have to remain online if you’re a dialup user. They also have a mini-scan option that completes in under a minute, and have a Telnet scan that will attempt to get around proxy servers.
Also requires that you give them an email address, where they mail a scancode that is required to perform a scan.
If you’re running any form of Windows and you are sharing files and/or printers, I suggest you use this security check (courtesy of I&C Consulting in Germany). It can take awhile to run, so be patient! This page will perform a number of security-related checks on your system (you can control which ones), including checks for NetBios (Microsoft Networking), Back Orifice and NetBus. If it’s successful, you’ve got some work to do to secure your LAN!
Windows users can also try the NetBIOS security check (courtesy of Rootshell.com,).
Port Monitors & Trojan Cleaners
Port monitors are programs that you install on your computer. They are simpler than the Personal Firewalls in that their main purpose is to detect incoming port scans on your computers. Some also shut down an unauthorized scan, but for that capability you usually need to use a firewall.
Trojan cleaners primarily look for Back Orifice and NetBus.
If you use Norton AntiVirus, or McAfee VirusScan and have a recent 1999 copy and have updated your virus database, you probably don’t need to use a Trojan cleaner, since Trojan detection and cleaning has been added to those programs.
NukeNabber sets itself up to listen on TCP and UDP ports commonly attacked over the internet. A total of 50 ports can be monitored simultaneously. ICMP dest_unreach attacks are now logged. It is designed to give you the information you need in order to trace an attacker including a method of finding an attacker’s nickname on IRC (mIRC, VIRC and PIRCH clients are supported).
The Cleaner [$20 after 30 day trial expiration]
Detects and gets rid of over 120 “Trojan Horse” programs.
Personal Firewalls / Intrusion Detection
No matter how you protect the Internet/LAN border, you may need to add another layer of security by using a software personal firewall. These programs must be run on each computer on your LAN that you want to be protected. They monitor network activity and protect against unauthorized use of the Internet by programs that manage to get onto your LAN’s computers.
You should consider adding this additional layer of security if:
You are opening/forwarding/mapping ports to any LAN computers
You have a computer running in DMZ (outside your NAT firewall)
You have been a victim of an email attachment virus attack, i.e. “I Love You”, Kournakova, etc.
These programs can be a bit of a pain to get correctly configured, but when they reveal something going on in your network that you didn’t know about, you’ll be glad you installed them!
I have not tested or used any of these products, but Steve Gibson (of ShieldsUp fame) has and you can check his thoughts about them here.
This Sept 2000 PC World article puts 6 popular Personal Firewalls to the test!
NOTE! If you are running programs like Dialpad, ICQ, NetMeeting, online games, etc. pay attention to the installation instructions for these programs. You will probably need to configure the program to allow those programs to work properly. You might also have problems with File and Printer sharing, too!
If you have problems running any of these applications, try UNINSTALLING the Personal Firewall product you’re running.
ZoneAlarm (for Win95/98/NT/2000/Me)
Free for personal use.
This is the new kid on the block and is generating a lot of buzz in the press for two reasons:
It’s FREE (there’s that magic word!) for individuals and non-profit groups.
It controls outbound (as well as inbound) Internet access.
Aside from the free “feature” of this product, the outbound access control means that if by some chance you did get a Trojan or “spy” program onto your computer without your knowledge, ZoneAlarm would prevent it from sending any information.
There’s also ZoneAlarmPro, which for $40, gives you more customization features than ZoneAlarm
Tiny Personal Firewall (for Win95/98/NT/2000/Me)
Free for personal use. $40 for business.
Newer product from the makers of WinRoutePro.
BlackIce Defender (for Win95/98/NT/2000/Me) $40
This product has had good reviews in PCMagazine and good comments in the newsgroups.
McAfee Personal Firewall
Doesn’t support MS ICS.
Sygate Personal Firewall (for Win95/98/NT/2000/Me) $40 for 3 users
Sygate has introduced a personal firewall product called (formerly Syshield). The product is Free for personal use.
There are many programs that you can download and use to test your LAN’s security. Go to the Tools page.