Voozh

Hardening your home network is crucial to safeguarding your devices from the constant scourge of malware. Luckily, there are plenty of ways to bolster the defenses of your systems, ranging from VPNs and multi-factor authentication to locally-hosted firewalls and intrusion prevention systems.

Once you’ve deployed an arsenal of cybersecurity tools, you’ll want to check out some utilities designed to test the remaining vulnerabilities in your local network. I recently ran into the Gibson Research Corporation's toolkit while searching for vulnerability scanners, and it’s perfect for the task – especially since many utilities are available as web-based tools and don’t require long installation procedures.

ShieldsUP! can scan the essential ports for vulnerabilities

And even run UPnP probes

While the exact numbers depend on the test mode you choose, GRC’s ShieldsUP! scans your local machine to check for exposed ports. For the uninitiated, certain network ports can actively check for connections, and these “open” ports are rather insecure as they increase the attack vector of your system (and, by extension, the rest of your network). Then you’ve got “closed” ports that, despite denying connection requests, can reveal your presence to potential attackers. Finally, there’s “stealth” ports, and just like the name suggests, they can avoid detection by refusing to respond to network probes.

ShieldsUP! can check whether a port is open, closed, or in stealth mode using a couple of network tests. For example, the File Sharing test attempts to connect to port 139, which is typically used to send files to printers and other local devices on your network via NetBIOS. There’s also the Common Ports test, which probes the 26 standard ports used by popular protocols, including port 21 (FTP), port 22 (SSH), port 80 (HTTP), and port 443 (HTTPS). If ShieldsUP! tests return some open ports, it might be a good idea to reconfigure the firewall to block traffic for them (unless you’ve manually opened them, of course).

Personally, I recommend using the All Service Ports test, as it scans ports 0 to 1055 for vulnerabilities. It’s especially useful since it probes the system ports, which are used by common network services and protocols. When you’re done with this test, I also recommend running the Universal Plug n'Play exposure test, so you’ll know whether the UPnP ports on your system are exposed to the chaotic and malware-riddled realm we call the Internet.

Perfect Passwords and Haystack can secure your account credentials

One’s a password generator, the other’s a search space calculator

Aside from the port scanning tool, GRC’s website has a couple of other neat utilities. Perfect Passwords and Haystack are two such utilities, though they are aimed at upping the security of your account credentials. The former is a password generator that creates random 64-bit hexadecimal strings, 63-bit ASCII letters, and 63-bit alpha-numeric characters every time you refresh the page. Their random nature, coupled with their longer size, makes the passwords generated by this utility extremely resistant to dictionary attacks. Personally, I use a self-hosted instance of Vaultwarden that provides the same password generation utility, though Perfect Passwords is still a handy tool.

Password Haystack, on the other hand, is something I use frequently when creating passkeys for my online accounts. That’s because Haystack uses the search space length, depth, and number of a password to calculate the amount of time needed to find it. Since there are a couple of websites where I can’t just input 64-character strings and have to go for smaller passwords, I often use the Haystack to check for the complexity of the Lovecraftian chant-like passkeys pulled from the inner recesses of my psyche.

DNS Spoofability test can scan your Domain Name Server

A quick way to check your DNS for cache poisoning

Whether it’s from the network settings or from the “It’s always DNS” meme, you’ve probably heard of Domain Name System resolvers. Responsible for translating long IP addresses into easy-to-remember domain names (and vice-versa), DNS servers are susceptible to certain attacks. Cache poisoning is a common one, where the resolver receives false information about websites and ends up redirecting users to fraudulent pages – websites that are often controlled by the attacker.

The DNS Spoofability test uses GRC’s own pseudo-DNS nameserver to check whether your DNS resolver’s cache is valid. Running the test is fairly simple, and if the anti-spoofing safety metric is below “good,” you might want to modify the DNS settings on your device.

GRC’s website has plenty of other worthwhile tools

Including some that you’ll have to install

Besides the utilities I’ve mentioned so far, you’ll find a couple of other noteworthy cybersecurity tools on GRC. There’s Paper Perfect Passwords, which is great for security-conscious folks who want an inexpensive and completely private way of generating MFA passcodes.

Then you’ve got Inspectre, which scans your CPU and motherboard for meltdown and spectre vulnerabilities, while IsBootSecure can check whether your motherboard includes SecureBoot and a secure platform key.

URL: https://www.xda-developers.com/this-free-tool-is-a-great-way-to-check-for-network-vulnerabilities/

⇱ This free web-based tool is a great way to quickly check your network for vulnerabilities