Port scanning germany - security

In uni, we are right now doing network security. I live in germany. Can anyone tell me if there are any networks, that i may scan for testing/learning purposes?
Are there such networks/URLs ? I do not want to offend anyone or get into any legal trouble. I am looking for a perfectly legal way, other than scanning my own machine.
Best regards

I would not suggest you to scan any server from the internet. For learning purposes, its truly recommended that you create your own VMs and your own private network to play. Search on internet witch OS are most used for server and used them in stock or updated version and have fun ;).
Is there some hack me websites available, but again, read a lot their licenses and agreements and terms. Justo Google It "Hack me".

Related

Firewall Security

My company just moved office to a new building and the Internet company came to install the internet (fiber). The problem is that the telco company installed the router in the basement of the building (which it happens to be the parking of the building also). That means that the internet router for my company is at the basement, wide in the open. The router has 3 free ports, that means that potentially anyone that walks-by at the parking can plug-in a laptop and get into our network (not only use the internet but try to hack into our file servers, etc...). We are a software company.
Did we try to get router upstairs? Yes but after several discussions with the telco company, it seems we have no choice with this setup. Therefore, does anyone recommend a good solution to protect our network? First thing comes to mind is to purchase a Firewall Hardware box and plug that inside our office from the internet cable that comes from the wall. Would that be the best solution? And if yes, any recommendations for a not too expensive firewall hardware? Thanks a lot.
As far as I'm aware, modern routers nowadays should already have port security features built-in. So, optimistically, you may not need to purchase a hardware firewall.
On the other hand, if you can afford to lock the router into a frame/cage, that's also a mean of physical access control. Installing a security camera near the router is another option.
One possible solution for your case is using packet filtering.
It is a firewall technique used to control network access by monitoring outgoing and incoming packets and allowing them to pass or halt based on the source and destination IP addresses, protocols and ports.
A product that can suit your needs is Ixia's PacketStack. Its packet filtering capabilities can be used without any packet loss, you can anipulate traffic anyway you want - deduplicate, stamp and trim. You can hide or overwrite sensitive or personally identifiable information before providing the data to analysis tools.

How does some apps to get the hostname of device based on ip?

Have you seen those apps which explore your local network looking for devices?
Well, I would like to know how they get (mostly) the names of devices!
Does anyone know? Because I am building an application which needs to get (if possible) the hostname of the local devices..
Local network device discovery is often done by a zeroconf implementation (e.g. Apple services typically use Bonjour services to discover local device names).
If you wanted to explore this type of service for use in nodeJS, then maybe have a look at https://github.com/agnat/node_mdns. I've never used it myself but it does seem reasonably popular and stable.
Otherwise just do some research generally around zeroconf/mdns and make a decision based on your needs.

Generic way to know whether a laptop is located in the office or not?

I develop software running laptops from various companies. The employees are allowed to bring these laptops home or on holidays. I want to be able to reliably detect whether the laptops are in the office or not. The laptops are connected to the company network via some kind of VPN (though various solutions are used), so I cannot say that if they can access internet, they are in the office. To make this question even more interesting, please notice that a company might have multiple locations.
Edit: I need to detect this on the laptop.
Speculation: One thing you could look at are the IP addresses allocated to the machine. If you run a VPN then at home then there is probably one IP for the Internet connection and one for the VPN.
I think the answer from Rob is close but maybe you should take into account the gateway used by the NIC.
And if you have time enough a tracert to a known server in your office.
That will give you the route and the intermediate NIC's between the laptop and the known server.
You only have to make sure in that case that on the office location the route to the VPN concentrator is different but that should be possible with a clever dns/dhcp setup.
You might try a more specific question on serverfault.com
This cannot be done reliably, because branch offices can be setup up the same as a home network. And from experience, I'm not saying "almost the same as a home network". I mean literally the same, with non-clued managers buying network equipment from the cheapest local shop, and running copies of Windows XP HOME.

Network Security for MAC-OS X

I have a new set up for software development for iOS devices. I am using MACs for the development and the company may grow from three employees right now to 20 in near future. I want to make the MACs secure so that the client code is safe and does not leave office.
Few ways I can think of a notorious employee trying to do that is
Get it on USB-key/External-Disk
Burn it on CD/DVD
Transfer it to a bluetooth device
Transfer it to Infra-Red Device
Email it as an attachment
Upload it to Dropbox or any such service
FTP to a remote server
To handle this one by one I need to do following
Disable USB access to user accounts (only admin allowed to insert a new device). But often times we need to stick in iphone/ipod touch to do on-device testing. How can I restrict the devices or get notified when someone tried to put a foreign device in any of the USB slots?
Disable CD/DVD write functions except for admin. Can I do this?
Disable bluetooth access. And if someone tries to pair a device, can I get notified or maitain a log?
Wireless keyboard and mouse use Infra-Red (IR) technology. How can I limit these devices?
Need to block all outgoing emails except company emails. Can I keep a tab on all outgoing traffic (may be by file size) so that I know some one is trying to up-load a file?
Again disable access to such website. But then every 15 days a new service springs up. How do I tackle this?
Disable ftp outgoing services. Can I do this?
Importantly is there a monitoring software that will allow me to do this? I don't mind paying. But since this is a start-up I cannot spend a fortune on this. And of-course I prefer open source solutions for the control it gives me to extend and scratch my specialized itch :)
Finally I hope I wont be judged as a bad boss or something. I am all for developer freedom but we are into consulting business and protecting client code takes priority.
Thanks for your time and looking forward to your help.
Dev.
If you don't trust your developer not to run off with your source code, don't hire them. They can find a way around your "solution"
If you can't trust any developers to not steal your source code, work alone. Anything known by two people is no longer a secret.

Should a wireless network be open? [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
Obviously there are security reasons to close a wireless network and it's not fun if someone is stealing your bandwidth. That would be a serious problem?
To address the first concern: Does a device on the same wireless network have any special privileges or access that an other device on the internet has?
Assumptions : Wireless network is connected to the internet
The second seems like a community issue. If your neighbor is stealing bandwidth, you'd act just as if he were "borrowing" water or electricity.
First, Talk to him about the problem and if that doesn't work, go to the authorities or lock stuff up. Am I missing something?
Bruce Schneier is famous for running an open wireless network at home (see here). He does it for two reasons:
To be neighborly (you'd let your neighbor borrow a cup of sugar, wouldn't you? Why not a few megabits?)
To keep away from the false sense of security that a firewall gives you. In other words, it forces him to make sure his hosts are secure.
Personally, I would never run an open wireless network for one reason: accountability. If someone does something illegal on my network, I don't want to be held accountable.
I don't think the biggest problem is just someone stealing your bandwidth, but what they do with it. It's one thing if someone uses my wireless network to browse the Internet. It's another thing if they use it for torrenting (I find that slows down the network) or any illegal activities (kiddy porn? not on my network you don't).
Yes you are, your wireless router also doubles as a firewall preventing harmful data from the Internet, by letting one of your virus-infected neighbors in on your wlan you're essentially letting him bypass that.
Now, this shouldn't be a problem in an ideal world since you'd have a well-configured system with a firewall but that's certainly not always the case. What about when you have your less security minded friends over?
Not to mention the legal hassle you could get yourself into if one of your neighbors or someone sitting with a laptop in a car close enough starts browsing kiddieporn.
I feel it all has to due with population density. My parents own a big plot of land nearest neighbor is .5 mile away. To me it doesn't make sense to lock a wireless router down. But if I lived in a apartment complex that thing will be locked down and not broadcasting it's ID.
Now at my house I just don't broadcast my ID and keep it open. The signal doesn't travel further then my property line so I am not to worried about people hijacking it.
I would actually disagree with Thomas in the sense that I think bandwidth is the biggest problem, as it's unlikely there are many dodgy people in your area who just so happen to connect to your network to misbehave. It's more likely I think that you'll have chancers, or even users who don't fully understand wireless, connecting and slowing down your connection.
I've experienced horribly laggy connections due to bandwidth stealing, a lot of the problem is with ADSL - it just can't handle big upstream traffic; if a user is using torrents and not restricting the upstream bandwidth it can basically stall everything.
For most people, the wireless access point is a router that is acting as a hardware firewall to external traffic. If someone's not on your wireless network, the only way they'll get to a service running on your machine is if the router is configured to forward requests. Once a device is behind the router, you're relying on your computer's firewall for security. From a "paranoid" layered security standpoint, I'd consider an open wireless network in this scenario to be a reduction in security.
I've met a lot of people that leave their networks open on purpose, because they feel it's a kind of community service. I don't subscribe to that theory, but I can understand the logic. They don't see it as their neighbor stealing bandwidth because they feel like they aren't using that bandwidth anyway.
Following joshhinman comment, this is a link to an article where he explains why he has chosen to leave his wireless network setup open.Schneier on Open Wireless
This guy is probably the most famous security expert at the moment, so it worths having a look at what he has to say.
As far as the security aspect goes it is a non issue. An open network can allow a determined person to 'listen' to all your unencrypted communication. This will include emails - probably forum posts - things like this. These things should never EVER be considered secure in the first place unless you are applying your own encryption. Passwords / Secure log in to servers will be encrypted already so there is no benefit to the encryption while the packets are in the air. The advantage comes when, as others have mentioned, users perform illegal actions on your access point. IANAL but it seems some corrolations can be drawn to having your car stolen and someone commits a crime with it. You will be investigated and can be determined innocent if you have some alibi or logs showing your machines were not responsible for that traffic.
The best solution to the hassle of using a key for the home user is to restrict the MAC addresses of the computers that can connect. This solves the problem of having un-authorized users (for all but the most advanced at which point your PW likely won't help you either) and it keeps you from having to input a long key every time you need to access something.
Personally, I would never run an open wireless network for one reason: accountability. If someone does something illegal on my network, I don't want to be held accountable.
The flip side of this is deniability. If the government or RIAA come knocking on your door about something done from your IP address you can always point to your insecure wireless connection and blame someone else.
I wish people would stop referring to an open network as 'insecure'. A network is only insecure if it doesn't meet your security requirements - people need to understand that not everyone has the same security requirements. Some people actually want to share their network.
An open network is open. As long as you meant that to be the case, that's all it is. If your security policy doesn't include preventing your neighbors from sharing your bandwidth, then it's not a security fault if it allows them to do that, it's faulty if it doesn't.
Are you liable for other's use of your 'insecure' network? No. No more so than your ISP is liable for your use of the Internet. Why would you want it to be otherwise? Note, by the way, that pretty much every commercial WiFi hotspot in the world is set up in exactly such an open mode. So, why should a private individual be held liable for doing exactly the same thing, merely because they don't charge for it?
Having said that, you do have to lock down your hosts, or firewall off an 'internal' portion of your network, if you want to run fileshares etc internally with such a setup.
Also, another way to deal with 'bandwidth stealing' is to run a proxy that intercepts others traffic and replaces all images with upside down images or pictures of the Hof. :-)
#kronoz: I guess it depends on where you live. Only two houses are within reach of my wireless network, excluding my own. So I doubt that small number of people can affect my bandwidth. But if you live in a major metro area, and many people are able to see and get on the network, yeah, it might become a problem.
It is so easy to lock a wireless router down now, that I think a better question is why not lock it down?
The only reason I can think of is if you had a yard large enough so that your neighbors can't get a signal and you frequently have visitors bringing devices into your home (since setting them up can be a chore).
Note that I'm saying both of those things would need to be true for me to leave one open.
Personally, I would never run an open wireless network for one reason: accountability. If someone does something illegal on my network, I don't want to be held accountable.
The flip side of this is deniability. If the government or RIAA come knocking on your door about something done from your IP address you can always point to your insecure wireless connection and blame someone else.
I would argue that anyone who is running a network is responsible for the actions of all people who use it. If you aren't controlling use, then you are failing as a network administrator. But then again, I'm not a lawyer, so...
As it turns out, when I switched DSL service, the wireless router the company provided is secured out of the box. So unless I add the old router to my network, it will be secured.
On the other hand, it was very convenient to "borrow" a few hours of network time from neighbors while I was waiting for the technician to stop by and install the service. Looks like this might not be an option soon, however.
My biggest concern is there there is never too much bandwidth so a decision to share it is only acceptable if I can somehow guarantee that other people do not use more than, say, 5% of my total bandwidth. Which may or may not render my connection useless to other people, depending on what they mean to do with it.
As most wireless standards are very hackable I can understand the logic behind not securing it, as it removes the false sense of security that wireless security provides.
However, in NZ bandwidth is expensive; I cannot afford for randoms to leech that off me. As the vast majority of people don't have a clue regarding hacking wireless connections having this admitedly pitiful defense wards of most of the lazy.
If anyone cares enough they can hack my crappy WEP encryption and get themselves some free Internet and free leech until I care enough to stop them. Then I'll upgrade to something better (white-listed MAC addresses, say) which will be harder for them to hack, and the cycle will begin anew.

Resources