Source: 14 Best Open Source Web Application Vulnerability Scanners – InfoSec Resources

Regular vulnerability scanning and remediation is a key part of strong security in your enterprise. Particularly scanning publicly available services like Websites and Applications. Thankfully it doesn’t have to be a horribly expensive affair! This is a handy list with some short write-ups on some of the most popular open source Web Application vulnerability scanners.

If you don’t know what a firewall is, let’s start there…

A firewall is basically a digital “wall” that sits on the edge of your network or device. When someone makes a connection over a network or the internet to your server, they connect by the IP address + a Port. Firewalls, on a very basic level, say “allow traffic on this port” or “deny traffic on this port.”

So for web traffic you might connect to our server here: 91.121.109.60 on port 80. There are a lot of services that run on any machine and many of them you don’t want to be accessible from the internet. For example, many distributions of Ubuntu come with a running DNS server that is accessible on port 53. If left alone, this could be a route for people to exploit your machine.

One way to think about it is like your home. Your house has a physical address that someone can punch into a GPS and it will take them to your driveway. However to get into the house they will need to go through a door or a window. Ports are those doors and windows. If a person needs access to the services of your kitchen, then they can come through the kitchen door. If they need access to your garage, you can send them through the garage door. On a computer, different doors (ports) tend to correspond to different services (servers). For example, Apache Web Server commonly uses port 80 for HTTP traffic to host a website, or port 443 to host a secure website with SSL. SMTP servers often use port 25 to receive incoming mail. FTP servers often use port 21, and so forth and so on.

So it is advantageous to block certain ports. I.E. you might allow everyone to visit your kitchen but you don’t want everyone in your bedroom. It is best to actually just block all ports by default and only allow specific ports to incoming traffic.

Finally it is worth noting that firewalls can do all kinds of interesting and complex things with traffic. Most of those functions are well outside of the scope of this article, and outside of the scope of UFW, but we will get there. (more…)

This was going to be a long article but I decided to cut it short.

Use case:

You have a Remote Server – You need to securely access some sensitive service or another (let’s say a MySQL connection) and don’t want to open the port to up to the internet. What’s a person to do?
(more…)

If you are in a decently secure network your Active Directory domain controllers are “silo’d” off from all of your workstations and member servers. This is good, however, if your internal firewalls aren’t configured properly it can cause all kinds of headache for day-to-day domain operations.

Update: You might also want to checkout this article about Windows File Sharing – what ports are used and why? It answers a lot of basic questions about Windows File sharing technology and debunks a lot of misinformation (a lot of which you probably believe if you have been a Windows Admin for any length of time like myself…): Windows File Sharing: Facing the Mystery

So to that point, I have compiled a quick list of ports that need to be open in both directions for your domain to function appropriately (This was updated on 3-27-2017 to add TCP 5722… Somehow I missed this one for a long time…):
(more…)