Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
De acuerdo a su estilo de informe actual, las bases de comparación son: | Activado |
No puede encontrarse una auditoría contra la cual podrían hacerse comparaciones de acuerdo a las reglas de base actuales. |
Categoría | Alto | Medio | Bajo | Otro |
Fedora Local Security Checks | ||||
SuSE Local Security Checks | ||||
Web application abuses | ||||
Debian Local Security Checks | ||||
Ubuntu Local Security Checks | ||||
Huawei EulerOS Local Security Checks | ||||
General | ||||
CentOS Local Security Checks | ||||
Red Hat Local Security Checks | ||||
Mandrake Local Security Checks | ||||
Windows : Microsoft Bulletins | ||||
Product detection | ||||
Gentoo Local Security Checks | ||||
FreeBSD Local Security Checks | ||||
Denial of Service | ||||
Oracle Linux Local Security Checks | ||||
CGI abuses | ||||
Databases | ||||
Amazon Linux Local Security Checks | ||||
Policy | ||||
CISCO | ||||
Web Servers | ||||
Buffer overflow | ||||
Slackware Local Security Checks | ||||
Windows | ||||
Conectiva Local Security Checks | ||||
IT-Grundschutz-deprecated | ||||
Service detection | ||||
Backdoors | ||||
Mageia Linux Local Security Checks | ||||
Turbolinux Local Security Tests | ||||
Default Accounts | ||||
Mac OS X Local Security Checks | ||||
FTP | ||||
Gain a shell remotely | ||||
IT-Grundschutz | ||||
Nmap NSE net | ||||
Trustix Local Security Checks | ||||
Nmap NSE | ||||
JunOS Local Security Checks | ||||
F5 Local Security Checks | ||||
Huawei | ||||
Remote file access | ||||
Gain root remotely | ||||
SMTP problems | ||||
Privilege escalation | ||||
Misc. | ||||
IT-Grundschutz-15 | ||||
SSL and TLS | ||||
AIX Local Security Checks | ||||
CGI abuses : XSS | ||||
VMware Local Security Checks | ||||
Malware | ||||
RPC | ||||
Palo Alto PAN-OS Local Security Checks | ||||
FortiOS Local Security Checks | ||||
Citrix Xenserver Local Security Checks | ||||
Windows : User management | ||||
SNMP | ||||
Useless services | ||||
Peer-To-Peer File Sharing | ||||
Firewalls | ||||
HP-UX Local Security Checks | ||||
Settings | ||||
Brute force attacks | ||||
Compliance | ||||
Port scanners | ||||
Finger abuses | ||||
Credentials | ||||
NIS | ||||
Solaris Local Security Checks | ||||
Totales: | 0 | 0 | 0 | 0 |
Puerto | Protocolo | Servicio Probable |
21 | TCP | ftp |
You appear to be running an ftp server. You should take care of the
following potential problem areas:
Logins Writable directories Bounce-attack scans FTP bounce attack : An interesting "feature" of the ftp protocol (RFC 959) is support for "proxy" ftp connections. In other words, I should be able to connect from evil.com to the FTP server-PI (protocol interpreter) of target.com to establish the control communication connection. Then I should be able to request that the server-PI initiate an active server-DTP (data transfer process) to send a file ANYWHERE on the internet! Presumably to a User-DTP, although the RFC specifically states that asking one server to send a file to another is OK. Now this may have worked well in 1985 when the RFC was just written. But nowadays, we can't have people hijacking ftp servers and requesting that data be spit out to arbitrary points on the internet. As *Hobbit* wrote back in 1995, this protocol flaw "can be used to post virtually untraceable mail and news, hammer on servers at various sites, fill up disks, try to hop firewalls, and generally be annoying and hard to track down at the same time." What we will exploit this for is to (surprise, surprise) scan TCP ports from a "proxy" ftp server. Thus you could connect to an ftp server behind a firewall, and then scan ports that are more likely to be blocked (139 is a good one). If the ftp server allows reading from and writing to a directory (such as /incoming), you can send arbitrary data to ports that you do find open. | ||
22 | TCP | ssh |
You appear to be running SSH. That's good. A couple of things to note with it, however. Like any other software package, SSH is also subject to bugs that are fixed over time. These bugs, despite the fact that SSH provides a secure communication channel, may allow an attacker to compromise your system. You should ensure that you are running the latest SSH/patched versions. | ||
25 | TCP | smtp |
You appear to be to be running a mail gateway. You should make sure that your mail system cannot be used as a mail relay. Internet SPAM, also known as UBE (unsolicited bulk email) is a problem on the internet, and spammers (those that send this type of mail) will often use poorly configured mail systems to deliver mail on their behalf. This deflects the wrath of many system administrators to YOU, the owner/operator of the misconfigured service. It can also result in you being placed in one of several on-line databases that list you as allowing mail-relay, the end-result being that some mail systems will reject any mail you try to send. | ||
80 | TCP | http |
It appears that you are running a web server. If you have not done so, we recommend that you run the latest version of a popular web server. Many "fringe market" web servers have known bugs that are slow to be fixed because few people care about the problems. These problems can often leave you open to someone accessing/modifying files on your system that they shouldn't. By running a popular web server, you lower the risk of this type of problem, and when problems are found, it is likely that a patch will be made available rapidly to fix the problem. Check our survey to see what the most popular web servers are. | ||
5432 | TCP | postgres |
No description available for this port at this time. | ||
Número de puertos abiertos encontrados por el explorador de puertos:5 | ||
Finalmente, por favor advierta que esta lista es dependiente del tipo de auditoría que ejecutó. Si vuelve en un mes y ejecuta de nuevo la misma auditoría, es probable que este suplemento cambiará, dado que probablemente han sido agregadas pruebas adicionales al conjunto de pruebas. Cada informe de auditoría que producimos tiene su propia copia de este suplemento que refleja el conjunto de pruebas disponibles al momento que la auditoría fue ejecutada.
Debido al gran tamaño de este informe, puede tomar varios minutos para que pueda ser mostrado correctamente sobre algunos navegadores una vez que el informe completo es descargado (ejemplo Netscape). Tenga paciencia en algún momento aparecerá.
Ver Lista de Pruebas Impresión amigable de Listas de Prueba PDF Download