Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Is there a way to test our protective "armor"?
Message
<blockquote data-quote="Victor M" data-source="post: 1060161" data-attributes="member: 96560"><p>You could hire a freelancer penetration tester on a job site like upwork.com : <a href="https://www.upwork.com/search/profiles/?q=penetration%20testing" target="_blank">https://www.upwork.com/search/profiles/?q=penetration testing</a></p><p>You could further specify that if this is going to be a white box test or a black box test. A white box test is when the pen tester knows what security controls you use. It will save some time for the testing and it will give a more accurate test result. A pen test is meant to discover security holes in your defense and the pen tester can thus demo the weakness and recommend mitigation. The recommended mitigations are what you are really paying for. If you don't trust the pen tester, you can opt for a black box test. But the pen tester may give up prematurely, not wanting to spend additional time which prolongs the test and he runs out of budget, and you may not get good recommendations. However, you may decide that no hacker would be determined enough to spend 10 hrs of work attacking your PC and so you live with that. There are, after all, easier targets on the internet. So you have to decide whether to take that gamble.</p><p></p><p>Short of doing an actual penetration test, you could use a vulnerability scanner like Nessus Essentials to find out about vulnerabilities on a PC. It is free. The program is slow on first run. It has to download plug-ins, and it has to compile them before you can begin a first test. If you see a spinning circle on the top right, it means it is compiling the plug-ins. Be prepared to wait 20 mins+ for the downloading and compiling. Nessus has been around for a long time and it is quite good. The bad thing about it is if you have hardened your PC and deployed too many layers of protection, then it will not be able to discover the vulnerabilities; it will simply report that it could not perform an accurate test. And thus if you do have vulnerable applications and services under your layers of protection, you will not know. What you could do is turn off the modem and disable the protection layers for a bit so Nessus can do it's job. You can write down the layers so you don't forget to turn each of them back on. But thats for you to decide.</p><p></p><p>Don't forget that WiFi has a WiFi peer to peer component, and that turning off the modem would not affect that - your laptop is still listening. And peer to peer mode bypasses the firewall. To check that vulnerability off the list, you have to go to Device Manager, show hidden devices, and disable the WiFi Direct adapter. Do not delete it or it will simply re-install itself after a reboot, disable it.</p></blockquote><p></p>
[QUOTE="Victor M, post: 1060161, member: 96560"] You could hire a freelancer penetration tester on a job site like upwork.com : [URL='https://www.upwork.com/search/profiles/?q=penetration%20testing']https://www.upwork.com/search/profiles/?q=penetration testing[/URL] You could further specify that if this is going to be a white box test or a black box test. A white box test is when the pen tester knows what security controls you use. It will save some time for the testing and it will give a more accurate test result. A pen test is meant to discover security holes in your defense and the pen tester can thus demo the weakness and recommend mitigation. The recommended mitigations are what you are really paying for. If you don't trust the pen tester, you can opt for a black box test. But the pen tester may give up prematurely, not wanting to spend additional time which prolongs the test and he runs out of budget, and you may not get good recommendations. However, you may decide that no hacker would be determined enough to spend 10 hrs of work attacking your PC and so you live with that. There are, after all, easier targets on the internet. So you have to decide whether to take that gamble. Short of doing an actual penetration test, you could use a vulnerability scanner like Nessus Essentials to find out about vulnerabilities on a PC. It is free. The program is slow on first run. It has to download plug-ins, and it has to compile them before you can begin a first test. If you see a spinning circle on the top right, it means it is compiling the plug-ins. Be prepared to wait 20 mins+ for the downloading and compiling. Nessus has been around for a long time and it is quite good. The bad thing about it is if you have hardened your PC and deployed too many layers of protection, then it will not be able to discover the vulnerabilities; it will simply report that it could not perform an accurate test. And thus if you do have vulnerable applications and services under your layers of protection, you will not know. What you could do is turn off the modem and disable the protection layers for a bit so Nessus can do it's job. You can write down the layers so you don't forget to turn each of them back on. But thats for you to decide. Don't forget that WiFi has a WiFi peer to peer component, and that turning off the modem would not affect that - your laptop is still listening. And peer to peer mode bypasses the firewall. To check that vulnerability off the list, you have to go to Device Manager, show hidden devices, and disable the WiFi Direct adapter. Do not delete it or it will simply re-install itself after a reboot, disable it. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
