For my system evaluation, I chose to examine the server for Cerebral Hobbies, a gaming store located on Franklin Street. I am friends with the owner and the system administrator, and received permission to run tests on the box from outside.

I chose to begin by running NMAP on the server www.cerebralhobbies.com (IP ADDRESS). The results were as follows:

Open Ports:
22 (ssh)
25 (SMTP)
80 (http)
443 (https)

One port reported as there, but closed: 1503 (IMTC-MCS - Databeam)

In addition, the nmap identified the OS of the server as a Redhat Linux of unknown version.

After telnetting to the various ports, I was able to identify a couple of the specifics of the server. The web services are running Apache 2.0.40, which was released August 9, 2002. A quick search of the web doesn't reveal any vulnerabilities in that release, but it is certainly possible that there is a vulnerability that hasn't been widely exploited yet. I also got a name for the server on the subnet within the domain, tinboy.cerebralhobbies.com.

Telnetting to the other ports, I found one reporting sendmail 8.12.8/8.11.6. This didn't make much sense, since none of the ports were mail ports, but it was an interesting result, especially with the historic weaknesses of sendmail. Again, I searched for exploits, and was unable to find any.

I tried several login/pwd combinations, but was unable to guess the password. I tried variations on the email address of the administrator, with no luck. One advantage of the SSH implimentation is that it disallows repeated password guesses, so a brute force attack is more difficult. After checking for brute force programs, nearly all of them require that you have the password file (which I obviously don't have access to).

Clearly, having non-necessary ports open could be considered a weakness of this box. However, having the rest of the ports not respond, as well as having patched versions of all of the identified software, leads to a reasonably secure box.