Cool Network Scan Utility

Earlier, I said to have a friend do a port scan on your network, just to check for holes. If you can’t find a friend (or just don’t have any friends) try this instead: Shields Up! scans.

Now you don’t need to have any friends to prove you don’t have any friends.

I had a colleague do my scan for me and it was almost predictable. That is, here’s what came back:

Interesting ports on SERVERNAME (x.x.x.x):
(The 1021 ports scanned but not shown below are in state: filtered)
22/tcp open ssh
80/tcp open http
113/tcp closed auth
Too many fingerprints match this host to give specific OS details

Nmap run completed -- 1 IP address (1 host up) scanned in 41.438 seconds

Hmm–22 and 80 are expected. But what’s up with port 113?

I don’t know why, but D-Link decided that 113 should appear in a Closed state instead of a Stealth state. I think we can work around this if we just create a new NAT rule to send all port 113 traffic to an unused IP address on the LAN.

Yup, that’ll do it.

Yet another cool network configuration utility–the D-Link Network Configurator v2.0.

You tell it what you want to connect and it’ll draw a neat little diagram and even recommend some hardware. Very handy.

I did see a bug, though. It recommended a DI-624 for my installation (good choice)–then I told it to add another device to the wired network. It happily drew in more wired devices than the DI-624 can even support. Naturally, you could just add a hub of some sort right to it, but the uninitiated will probably walk away confused by it.

Want to Build a Network?

Thinking about setting up your home network or getting your computer connected to the internet?  Keep a few things in mind:

• Use a firewall  –  Network administrators would never, ever let a computer be connected to the internet (or a network to the internet) without firewall to protect the computers from the outside world.  You shouldn’t either.  Except for extremely rare circumstances where troubleshooting is involved, your computers and home network must never be connected to the internet without at least one firewall.  More is better.  Good basic choices in firewalls are the generic firewalls that come with Windows XP or Mac OS-X.  Also, the firewalls that are available on the D-Link series of routers are relatively good because they don’t need to be supervised by you, the user, to tell them how to work.  If you’re considering a software firewall solution by Norton, McAfee, BlackICE, and others, be prepared to hit the books.

• Never use wireless when you can use wires  –  If you can–as in if you are “legally permitted to do so”–if you can use a wire, then use one.  Wireless is not a substitute for laziness.  Wireless has risks.  Wireless works on radio transmission signals and anybody with a computer with a wireless network card can pick up those signals from farther away than you think.  Most consumer wireless connections are good from 50 to 300 feet away.  Some can be picked up miles away. Wired connections are far more difficult to tap, track, or access from a distance.  If you happen to live in an apartment or in an environment where wires will simply pose a safety risk, then consider wireless–but not without a complete understanding of how it works.

• Never use a default configuration  –  This applies to usernames, passwords, and settings.  When it comes from the factory, it’s a blank slate.  It’s up to you to change it to fit your needs.  If you’re using the default usernames and passwords to protect your network, then you’re not protecting your network.  Instead, you’re announcing to everyone that you aren’t interested in security.

• If it can have a password, use one  –  Use a password.  Use multiple passwords.  Also, don’t ever use the same password for everything.  Write them down if you need to, but put them in a safe place.  Please note that a safe place is not written on the inside cover of your dayplanner, which you store in the same bag as your notebook computer.  A safe place is a locked safe.  By the way, all of the following are not good choices for passwords:

• Any word that can be found in a dictionary

• Any string of numbers, especially a social security number

• A birthdate

• A name of a family member

• Never use a default password  –  Just because it has a password, it’s safe, right?  Nope.  Everybody already knows the default passwords.  Change it to something that nobody else could guess.

• Use a MAC filter  –  MAC or Machine Address Code is a key that almost uniquely identifies each computer in the world.  MAC addresses are assigned to the network cards of every computer on a network.  Using a MAC filter means that you must specifically permit each individual computer to access your network resources.  If their computer doesn’t have a matching MAC address, they don’t get in.  Simple.

• Hide your SSID  –  The SSID is the Service Set Identifier–it’s a name that identifies your wireless access point in the world.  The purpose of the SSID broadcast is to let other computers know that there is a wireless access point nearby.  It works like this:

• A computer with a wireless card says to the world, “Are there any access points out there that I can connect to?”

• Every access point that hears that, except those that have been told not to, says, “Yes! I’m [SSID Name] and you need [Credentials] to connect to me.”

By “Credentials” it usually is “No Credentials, C’mon in” or “A really long encryption key”.  Turning off the ability for your access point to announce its presence will mean that when somebody’s computer asks for access points, yours will keep its little digital mouth shut.  Out of sight, out of mind.  This is not perfect–some computers will pick up even the hidden access points because of all of the radio waves bouncing around in an area.

• Turn off things you don’t need  –  Modern operating systems are great.  They have lots of features.  But how many of those features do you really, really need?  How many people need to be running a web server on their personal computers?  FTP?  On a Unix box, do you really need to be running all of those services?  Turn on only the features that you actually need–and that you use regularly.  Every time you have a feature turned on, it’s another risk.  Minimize your risk.

If this seems like a lot of work, it’s because it is.  It takes years of hard work, dedication, and determination to be able to handle all of the variables that go into building and maintaining networks–most of that, the users hardly ever see.

So, the next time a PC technician tells you that it’ll cost $85 per hour and might require eight or more hours to repair the damage that a virus or trojan has done to your computer, try to understand that it’s not simply a matter of “deleting the file”, but also a matter of finding the cause, the damage, and  a plan for prevention. 

The Universal Troubleshooting Process

To the major geeks out there, this is old news. But it could come in handy for our up and coming geeks who are getting into the technical fields. It’s the Universal Troubleshooting Process (UTP).

Here’s a summary of its steps:

The 10 step Universal Troubleshooting Process

1. Get the Attitude

2. Get a complete and accurate symptom description

3. Make damage control plan

4. Reproduce the symptom

5. Do the appropriate general maintenance

6. Narrow it down to the root cause

7. Repair or replace the defective component

8. Test

9. Take pride in your solution

10. Prevent future occurrence of this problem

This does not apply only to computers! You can troubleshoot anything technical with these rules. Computers, networks, engines and machinery, even health and biology! Yeah, there are probably other things you could use this on, but I’m too lazy to think of anything else.