NOTICE:

The material on this website is made available with the understanding that we are not engaged in providing professional advice. The material may include opinions, recommendations or other content from third parties that do not necessarily reflect our views or the views of you the reader.

Before relying on any material posted on this website for any important matter, users should carefully evaluate and independently verify its accuracy, currency, completeness and relevance for their purposes, and should obtain any appropriate professional advice relevant to their particular circumstances. You should not rely on, or take or fail to take any action, based upon this information. Never disregard professional advice or delay in seeking professional advice because of something you have read on this website.

Links to other websites are inserted for convenience and do not constitute endorsement of material at those sites, or any associated organization, product or service. The listing of a person or company in any part of this website in no way implies any form of endorsement by us of products or services provided by that person or company.

Please see websites4 smallbusiness.ca /index.php/ website-terms.html for full details.

 

How Secure Is Your Small Business Network?

 

The Heartbleed bug (not to mention a few individuals and some TLA's) have made us more aware of the problems that can happen in our online world. But the bad guys know the really good stuff isn't necessarily in your growing list on online accounts. It's usually at home on the hard drive of your computer, if they could just get to it.

ShieldsUP Network Test

What stands between you and the bad guys? In many homes and small businesses it's a residential internet router.

Is it any good? Is it configured correctly? Is there an easy button for this?

Well actually, there might be. Once again thanks to Steve Gibson at Gibson Research, we have a tool called ShieldsUP. Once on this page there is a Proceed button which takes you into the options.

To test ports 0-1055 click the All Service Ports button and watch the status. Green boxes are stealth, which is the best rating in this test. Each box is a hyperlink, hover to discover the port number.

FTP Port in Closed (Blue)
Port 21 is Closed NOT Stealth

Your goal here is green across the board. If you have ports that are "Closed" or "Open" your router is more of a target than if it doesn't appear to exist (Stealth).

When you are finished that test, there is an additional one at the bottom of the page (GRC's Instant UPnP Exposure Test). There is also a pretty nice description of UPnP and why you might want to consider disabling it on your router.

More Port Tests - Beyond Port 1055

ShieldsUP tests the 1st 1056 ports with its 'easy button' but what about the other ports? The ShieldsUp page also has a custom option. Let's say after doing the UPnP test you were curious as to what that was all about and you searched the web for upnp port. You would likely see something like this:

UPnP-Port.png

Using this information you can enter a the following 1009,2869 in the User Specified Custom Port Probe field (it's above this button).

Hopefully the test results will look like this:

ports1900-2869-status.png

 

If you discovered this article and wanted to check port 32764 you could also enter the following:

https://www.grc.com/ x/portprobe=32764

And if all is well you should see a response similar to this:

port-32764

The Custom Port Probe limits your requests to 64 ports at a time. If your needs are beyond this, there is still help, although it might not be as easy as pushing a button.

Still More Port Tests - nmap & Zenmap

With the Custom Probe any of the ports in the entire range 0-65535 can be tested. For those that want more options including command line scripting and logging results to a text file, nmap would be a good choice. The Nmap Security Scanner is available for Linux, Mac OS X & Windows, Command Line & GUI (Window based interface). If you want to scan all ports in one 25 minute test, than Zenmap is the tool for you. The download link for both nmap & Zenmap is http://nmap.org/download.html

Windows users should look for Latest release self-installer for the (Zenmap) GUI version and Latest command-line zipfile for the (nmap) command line version.

Linux users (Ubuntu) can enter nmap in the Ubuntu Software Center choose nmap for command line and Zenmap for the GUI version. Other flavours of Linux may differ. 

nmap-ubuntu

Zenmap-ubuntu

Mac OS X users appear to have two options, see http://nmap.org/ download.html #macosx.

The Zenmaps interface offers a lot of options which may make it easier to use than the command line. The Zenmaps GUI Users' Guide is there to help when you need more info. Command line users can type nmap to view the options. Typing nmap>namp- instructions.txt will create a file called namp- instructions.txt in your current directory. You can open this file in your favourite text editor for easier reading and making notes.

A Strange Result With Zenmaps Windows Version

When doing a full scan on Zenmaps Windows version [ nmap -p 1-65535 -T4 -A -v X.X.X.X (replace Xs with your IP address)] a strange result was received on a series of ports:

Scanning the same region on Zenmaps Linux or the command line Windows or Linux versions shows the exact opposite result:

At this time it's unclear if this is just a glitch in the Windows version or maybe it's correct and the other 3 are wrong. These numbers are not listed in the Service Name and Transport Protocol Port Number Registry.

Is it possible these are special "NSA" ports as in "No Such Address"?!cool

Other Security Tests

As long as you're in test mode, there are a couple of other tests at the GRC site you might be interested in.

Is The Boss Watching (Or Anyone Else)?

With this page you can easily tell if your internet connection is being intercepted on secure connections (https://). https://www.grc.com/ fingerprints.htm

DNS Spoofability Test & Router Crash Tests

The DNS test seems to be really a test of your ISP's ability to properly implement nameservers. Router Crash & other tests are at the bottom of the page. https://www.grc.com/ dns/dns.htm

Browser Headers - A Browser Test

See what information your browser is sending in its headers. Set a test cookie and send it to your browser. Try it with different browsers and different computers, smart phone, etc, see if you can tell by looking at the header (Hint: User-Agent:). Select the Browser Headers button in the SheildsUP Services menu (available after you hit Proceed).

A Round (Of Upgrades) For Everyone

This series of articles did not start with the Heartbleed bug. It started almost a year ago after viewing this BBC video about a laptop that was taken over by remote control simply by visiting a webpage!

In the article How To Flush Your Business Down The Tubes In A Few Minutes the importance of maintaining upgrades is stressed. This upgrade policy should really extend to all your internet ready devices from home computers & smart phones to the new breed of smart meters & smart kitchen appliances. After all, who wants to come home at the end of a long hot summer day to warm beer and a warmer house?

Related Articles

A Word About Passwords

What You Need To Know About The Heartbleed Bug In 30 Seconds

How To Flush Your Business Down The Tubes In A Few Minutes

 

 

What We Do?

Websites 4 Small Business, designs, builds and hosts websites. We specialize in small business websites.

When it's possible, practical and cost effective, we use Open Source off the shelf software to get your site up and running fast. Our philosophy is simple:

Why reinvent the 'technology wheel' at your expense?Cave Man creating wheel

Ok tell me more,...

 

Who We Do It For?

ST AUBIN's Carbon Cloth
Joomla! 3 Help
Trader Joe's Tractors
Blue Sky Landscaping
West End Business Network
Arduino Help
Frame It Right GC
Flying Eagle Services
Designs For Business
Hills & Valley Water Systems