The tools in this month’s toolbox help you secure data in transit and monitor open network ports and services.
When you send a file or e-mail across open channels such as FTP, HTTP or SMTP, anyone can intercept your data at any point as it travels between the source and destination. All someone needs is a good “sniffing” tool. The obvious solution is to use secured communications and strong encryption so anyone intercepting your data would only see a garbled stream of data. You could also use secured protocols such as FTPS and HTTPS.
One open source project that can help you encrypt your e-mails and files directly is Gpg4win, the GNU Privacy Guard for Windows. Gpg4win is supported by the German Federal Office for Information Security (BSI). Its goal is to provide a Windows installer with a number of free applications to help you keep your data safe.
Gpg4win is the official Gnu Privacy Guard (GnuPG) distribution for Windows. The installer includes the following components:
GnuPG is the engine behind the Gpg4win package. This creates and manages both OpenPGP and x.509 certificates with a default key length of 2048 bits. It uses RSA for signing and encrypting by default (you can configure both these factors). The engine also has built-in support for SmartCards for both OpenPGP and S/MIME. Kleopatra and the GPA provide similar GUI-based certificate-management features. Kleopatra has a more polished feel, though, as it uses KDE under the covers.
You can use these tools to create, edit, sign, certify, delete, import and export stored keys, and lookup certificates from a certificate server. The interface shows you details about each of the local certificates, as well as any trusted certificates, including the name, associated e-mail address, validity (to/from dates), type and key id of each. Both Kleopatra and the GPA also provide file encryption and decryption features. You can browse to a file and sign and encrypt it, or decrypt and verify. You can also use the tools to create and verify file checksums.
One nice feature of the GPA is that you can directly encrypt or decrypt data by pasting it from the clipboard buffer instead of having to save it to a file first. The GpgOL plug-in for Outlook 2003 and 2007 greatly simplifies encrypting e-mails and attachments. You can do it without leaving Outlook. Similarly, the GpxEX Windows Explorer extension eases in-place file encryption and decryption.
If you don’t use Outlook, the Claws Mail e-mail client has most of the features you’d expect in an e-mail client, as well as integrated support for secured communication. The Gpg4win Compendium documentation provides detailed information regarding usage and encryption in general for each of the applications included in the Gpg4win package. The GnuPG Web site is also a great resource for technical information surrounding OpenPGP and S/MIME. For all the applications, encrypting anything is as simple as picking the associated certificate from your store and off you go. As you build your repository of trusted keys, decrypting is just as simple.
It isn’t quite seamless, but the Gpg4win package definitely helps minimize the complexity of file and e-mail encryption. Gpg4win runs on Windows XP, Windows Vista, and Windows 7 in both 32- and 64-bit editions. The GpgOL plug-in works in both Outlook 2003 and 2007, but not yet in 2010. Also, the Windows Explorer plug-in is currently only available in 32-bit, but a 64-bit edition is currently in progress (not to mention that all the file encryption features are available directly from within Kleopatra). If you’re concerned about prying eyes looking in on your files and e-mail, check out the free and open source Gpg4win project.
Knowing which ports and services are open on your network is the key to successful systems administration. One oldie-but-goody free tool that helps you keep an eye on your network is the port scanner SuperScan 4.0 from Foundstone, a division of McAfee Inc. SuperScan 4.0 is a portable port scanner for Windows. It runs via a single executable, so you can easily add it to your USB key of administrative tools and take it with you anywhere you go.
SuperScan 4.0 does host discovery and TCP/User Datagram Protocol (UDP) port scanning to detect open machines and services. Enter one or more IP address ranges (or a single IP if you know your target) on the Scan tab and click Play. By default, SuperScan 4.0 will use Internet Control Message Protocol (ICMP) echo requests for host discovery. It will also scan a set of known service ports over TCP and UDP, but you can configure these options. To change those settings, click the Host and Service Discovery tab. For host discovery, you can choose ICMP echo, timestamp, address mask or information requests. You can also set a timeout for response.
For UDP scanning, you can extend the default set of ports or port ranges to scan. You can also use a “data” or “data + ICMP”-type scan on the host. You can choose a response timeout or use a static source port for originating the UDP request. Similar to the UDP scanning options, with TCP scanning you can add ports or port ranges to scan, set a timeout for response, and choose to use a static source port. You can choose to do a full connect or synchronization-only type scan against the remote host.
You can tailor your scan on the Scan Options tab. Here you can set the scan speed (the delay between packets transmitted to the remote hosts), the number of passes to make for both host and service discovery, and whether to do hostname lookups on the target machines. You can also choose “banner grabbing” (pulling service information from the service response), set the origin IP for the scan, and choose to randomize IP and port scan order to obscure the scan’s activities. Once you’ve completed a scan, you can either copy and paste the text or view the results as an HTML page. Results are saved to files in the directory from which you launched the application for easier recording and repurposing.
Besides host discovery and port scanning, SuperScan 4.0 has a number of useful adjunct tools built in to help you focus on a target system. The Tools tab gives you quick access to hostname/IP lookup (single and bulk), ping, trace route, zone transfer, HTTP HEAD/GET requests, HTTPS GET requests, and WHOIS requests to various services including ARIN, RIPE and APNIC. With the proper credentials, the Windows Enumeration tab will grab and enumerate various details from a remote Windows system including MAC addresses, users, groups, drives, shares, services, registry information, domains and logon sessions.
SuperScan 4.0 has been around for a while, but it still packs quite a few useful tools. You need to keep your eye on what ports and services are open on your network—and a free tool like SuperScan 4.0 can help.
Greg Steen is a technology professional, entrepreneur and enthusiast. He’s always on the hunt for new tools to help make operations, QA and development easier for the IT professional.