Test your security: how to keep your business safe

Magnifying glass on danger
One way to find the warning signs

Hackers target organisations of all sizes looking for poorly defended networks - that's why you need to run anti-virus software on each endpoint and have some sort of firewall hardware between your company and the internet.

But is this really enough? If you are running software with known vulnerabilities that have yet to be updated, or if one of your servers has open ports of which you are unaware, then a hacker will probably find them even if you can't.

Large companies hire penetration testers who attempt to hack in to their networks then report on any vulnerabilities they discover. The problem with this approach is that penetration tests are expensive and only identify weaknesses at that point in time. To be effective they have to be carried out regularly, and this is beyond the security budgets of many small and midsized companies.

An alternative and less costly approach is to use software tools that scan your network and report on any vulnerabilities.

Port scans

To identify any ports that are open on any given computer on your network, you can submit it to be 'port scanned' using a free service called ShieldsUp. By choosing 'All Service Ports' each of the computer's first 1056 TCP ports will be probed to see if they respond, are open or are closed.

An open port is not necessarily a problem - you may be running a mail server or other service on it -but any ports that are open without your knowledge could be used by a hacker as a way on to your network. It should be investigated further or referred to a security expert for advice.

Network scans

Knowing what computers are connected to your network is also vital to ensuring that your network is secure. If you have standardised on Windows 7 but discover that someone is connecting their old Windows XP machine to your network then this has important security implications - not least because Windows XP will no longer receive security updates after April 2014.

The easiest way to scan for machines that should not be connected to is by using a free open source tool called Zenmap. It takes a few minutes to learn how to use Zenmap from the online user guide, but it is a very powerful tool which from which you can learn a great deal about the state of your network.

Vulnerability scans

Hackers love so-called 'zero day' vulnerabilities, which are newly discovered in operating systems or applications and for which no software patch or update exists. But in many cases when networks are compromised it turns out that the root cause was a well-known vulnerability which simply hadn't been removed by applying a software update.

The best way to ensure that all the software on your network is up to date and fully patched is to run a vulnerability scanner such as Tenable Nessus (about $2,000 or £1,300 per year) or Secunia SmallBusiness (currently free for up to 50 computers.)

Both of these can be launched from a single computer, scanning the network to find connected computers then making an inventory of installed software. They can then spot any unpatched or known insecure software that needs updating.

Nessus also searches for other flaws, including SQL injection vulnerabilities in web applications or administrator accounts that are not protected by a password.

Rogue access point detection

If an employee connects a wireless access point to the network without your knowledge then this 'rogue access point' is a potential security risk. That's because a wireless access point can potentially allow anyone on to your network - even people who don't have physical access to your office.

To detect rogue access points you need a Wi-Fi scanner or 'stumbler' that can detect all the Wi-Fi networks in your area, including those configured to be hidden. A good free one is Cisco's Meraki WiFi Stumbler web application, which runs in a browser on any PC or Mac. It's also available as an Android app which you can run on a phone while walking around your office area.

Automated penetration tests

Short of hiring a team of penetration testers, the most effective way to test for vulnerabilities on your network is to use automated penetration testing software such as Rapid7's Metasploit Express ($5,000 or £3,225 per year) or Immunity Canvas. These scan your network for computers, search for any known vulnerabilities, then attempt to exploit them with suitably tailored malware.

The drawback to this type of software is that it lacks the creativity that hackers use to find truly ingenious ways past a network's defences, instead using a methodical approach to find any known weaknesses and exploit them. That makes it better than many hackers, but not as good as the cleverest.

The benefit is that it provides a way of testing your network quickly and rigorously, and can be used to conduct automated penetration tests as often as you want. It can be especially useful to run an automated penetration test after any significant changes to your network or the introduction of any new software or hardware to check that no vulnerabilities have inadvertently been introduced.

Bug bounty programs

As a low cost alternative to a penetration test, an increasing number of organisations offer to manage a bug bounty program on your behalf.

Companies like BugCrowd and BugWolf can arrange for a large number of security researchers, former hackers and students to attempt to hack your system, paying rewards or bounties (from a fixed prize fund that you supply) for any vulnerabilities that are found after they have checked and verified them.

A managed bug bounty program may cost as little as £3,000, and it allows you to expose your systems to the creativity of real humans, with the assurance that any vulnerabilities that they find will be reported to you rather than exploited maliciously.