Windows 7 : Protecting Your Network from Hackers and Snoops - Testing, Logging, and Monitoring

11/22/2012 3:06:01 AM

Testing, logging, and monitoring involve testing your defense strategies and detecting breaches. It’s tedious, but who would you rather have be the first to find out that your system is hackable: you or “them?” Your testing steps should include these:

  • Testing your defenses before you connect to the Internet

  • Detecting and recording suspicious activity on the network and in application software

You can’t second-guess what 100 million potential “visitors” might do to your computer or network, but you should at least be sure that all your roadblocks stop the traffic you were expecting them to stop.

Test Your Defenses

Some companies hire expert hackers to attempt to break into their networks. You can do this, too, or you can try to be your own hacker. Before you connect to the Internet, and periodically thereafter, try to break into your own system. Find its weaknesses.

Go through each of your defenses and each of the security policy changes you made, and try each of the things you thought they should prevent.

First, connect to the Internet, visit, and view the ShieldsUP page. (Its author, Steve Gibson, is a very bright guy and has lots of interesting things to say, but be forewarned that some of it is a bit hyperbolic.) This website attempts to connect to Microsoft Networking and TCP/IP services on your computer to see whether any are accessible from the outside world. Click the File Sharing and Common Ports buttons to see whether this testing system exposes any vulnerabilities. Don’t worry if the only test your computer fails is the ping test. This is a great tool!


If you’re on a corporate network, contact your network manager before trying this. If your company uses intrusion monitoring, this probe might set off alarms and get you in hot water.

As a second test, find out what your public IP address is. If you use a dial-up connection or Internet Connection Sharing, go to the computer that actually connects to the Internet, open a Command Prompt window, and type ipconfig. Write down the IP address of your actual Internet connection (this number will change every time you dial in, by the way). If you use a sharing router, you need to get the actual IP address from your router’s Status page—your computer won’t know. Or, try (no joke!).

Then enlist the help of a friend or go to a computer that is not on your site but out on the Internet. Open Windows Explorer (not Internet Explorer) and, in the Address box, type \\, but in place of, type the IP address that you recorded earlier. This attempts to connect to your computer for file sharing. You should not be able to see any shared folders, and you shouldn’t even be prompted for a username and/or password. If you have more than one public IP address, test all of them.

Shared Folders Are Visible to the Internet

When you use Internet Explorer to try to view your computer from outside on the Internet, and you are prompted for a username and password, or shared folders are visible, Microsoft file sharing services are being exposed to the Internet. If you have a shared connection to the Internet, you need to enable Windows Firewall or enable filtering on your Internet connection. At the very least, you must block TCP/UDP ports 137–139 and 445. Don’t leave this unfixed.

If you have several computers connected to a cable modem with just a hub and no connection-sharing router.

If you have installed a web or FTP server, attempt to view any protected pages without using the correct username or password. With FTP, try using the login name anonymous and the password guest. Try to copy files to the FTP site while connected as anonymous—you shouldn’t be able to.

Sensitive Web Pages or FTP Folders Are Visible to the Internet

When you access your self-hosted website from the Internet using a web browser or anonymous FTP and can view folders that you thought were private and protected, be sure that the shared folders are not on a FAT-formatted disk partition. FAT disks don’t support user-level file protection. Share only folders from NTFS-formatted disks.

Then, check the folder’s NTFS permissions to be sure that anonymous access is not permitted. Locate the folders in Windows Explorer on the computer running IIS. View the folders’ Securities Properties tab. Be sure that none of the following users or groups is granted access to the folder: Everyone, IUSR_XXXX (where XXXX is your computer name), IUSR, or IIS_IUSRS. On the folders you wish to protect, grant read and write privileges only to authorized users. In the IIS management console, you can also explicitly disable anonymous access to the website’s or a specific folder.

Use network-testing utilities to attempt to connect to any of the network services you think you have blocked, such as SNMP.

Network Services Are Not Being Blocked

If you can connect to your computer across the Internet with remote administration tools such as the Registry editor, with SNMP viewers, or with other tools that use network services, network services are not being blocked

Look up the protocol type (for example, UDP or TCP) and port numbers of the unblocked services, and configure filters in your router to block these services. Your ISP might be able to help you with this problem. You also might have disabled Windows Firewall by mistake.

Attempt to use Telnet to connect to your router, if you have one. If you are prompted for a login, try the factory default login name and password listed in the router’s manual. If you’ve blocked Telnet with a packet filter setting, you should not be prompted for a password. If you are prompted, be sure the factory default password does not work, because you should have changed it.

Port-scanning tools are available to perform many of these tests automatically. For an example, see the ShieldsUP web page at I caution you to use this sort of tool in addition to, not instead of, the other tests I listed here.

Monitor Suspicious Activity

If you use Windows Firewall, you can configure it to keep a record of rejected connection attempts. Log on using a Computer Administrator–type account. Choose Start, All Programs, Administrative Tools, Windows Firewall with Advanced Security. In the left pane, right-click Windows Firewall with Advanced Security and select Properties. Select one of the available profile tabs (Private Profile, in most cases) and click the Customize button within the Logging area to get to the window shown in Figure 1. Enable logging of dropped packets. You can enable this setting for all profiles if you wish.

Figure 1. Enable logging to see what Windows Firewall is turning away.

Inspect the log file periodically by viewing it with Notepad.


If you use a dial-up connection, the firewall log is less useful. It will accrue lots of entries caused by packets left over from connections made by the dial-up customer who had your temporary IP address before you got it. They’ll continue to arrive for a while, just as junk mail does after a tenant moves out.

Most View
Buyer’s Guide: Touchscreen Monitors for Windows 8 (Part 3) : Dell S2340T, Elo 2201L
The Apple Buyer's Guide (Part 4) - iOS, Apple TV
Gigabyte GA-Z77-D3H Mainboard - Not So Complicated LGA 115 Mainboard (Part 4)
Debugging and Deploying Mobile Games (part 1) - Game Debugging Strategies
How To Protect Your Camera Lens From Fungus
Skype For Windows 8 - A New Way Of Using Skype
Windows Server 2008 and Windows Vista : Group Policy Management Console Delegation - Creating GPOs
Budget Portable Hard Drivers Review
SharePoint 2010: Architecture Fundamentals - Understanding SharePoint Administration
ECS Z77H2-A2X v1.0 - Golden LGA 1155 Mainboard From The Black Series (Part 2)
- First look: Apple Watch

- 3 Tips for Maintaining Your Cell Phone Battery (part 1)

- 3 Tips for Maintaining Your Cell Phone Battery (part 2)
- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 1)

- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 2)

- How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 3)
Popular Tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8 BlackBerry Android Ipad Iphone iOS
Top 10
3 Tips for Maintaining Your Cell Phone Battery (part 2) - Discharge Smart, Use Smart
3 Tips for Maintaining Your Cell Phone Battery (part 1) - Charge Smart
OPEL MERIVA : Making a grand entrance
FORD MONDEO 2.0 ECOBOOST : Modern Mondeo
BMW 650i COUPE : Sexy retooling of BMW's 6-series
BMW 120d; M135i - Finely tuned
PHP Tutorials : Storing Images in MySQL with PHP (part 2) - Creating the HTML, Inserting the Image into MySQL
PHP Tutorials : Storing Images in MySQL with PHP (part 1) - Why store binary files in MySQL using PHP?
Java Tutorials : Nested For Loop (part 2) - Program to create a Two-Dimensional Array
Java Tutorials : Nested For Loop (part 1)