Tips for Testing Network Login Security
Check for Cross-Site Scripting
Many network logins are executed through the Web, offering numerous challenges for network administrators and many opportunities for
network hackers. One of the sore spots is the use of cross-site scripting that can run scripts from a different site by entering script code into the login field on your login screen which then executes on your server. Because of the danger cross-site scripting represents, you should test to make sure your Web server will not execute it when it is entered into your network login screen.
If you want to know how to test network login security for your Web server regarding cross-site scripting, enter a simple line of code into your login field as follows: “‹script›alert(’test’)‹/script›.” Click the login button and see what response you get. If you get a window that says “test,” your network login page is vulnerable to malicious scripts. Even if you do not get the pop-up, you should use the “view page source” option on your browser. If you find your test script embedded in your page source, you know that your network login security is vulnerable.
Image Credit: Wikimedia Commons/Santhan 31
Check Password Requirements
When wondering how to test network login security, inspect your server settings to make sure that passwords are required and that password requirements are set to strong. For users and administrators alike, a password policy that requires passwords to be changed every two or three months.
Additionally, guessable passwords such as “password,” “letmein,” the company name should be restricted based on computer and server policy to prevent unauthorized access. The complexity of passwords should also be defined, requiring a combination of upper and lower case letters, numbers, and special characters.
Check Password Recovery Options
When users forget their login credentials, many systems can be configured to ask security questions to authenticate requests to reset a user’s password. The answers to these questions should be hard to guess to avoid login compromise. Issues similar to this one apparently led to a college student gaining access to a Sarah Palin account during the 2008 election campaign.
Use Third Party Login Security Tests
Web server login security can be tested using one of several applications on the market. Authentication tester tools such as the one offered by Acunetix can identify vulnerabilities and provide specific suggestions to help make a network login more secure. These tools can test HTTP authentication techniques as well as username and password strength.
Tests such as the Microsoft Baseline Security Analyzer help test the network login security of local computers and servers that are running Microsoft operating systems.
BackTrack is a powerful Linux security suite that tests for vulnerabilities in network login and other settings that could leave a system open to exploitation.
When deciding how to test network login security, be sure to consider these important tips. Although some steps such as strong password requirements are cumbersome to many users and administrators, they can all go a long way to protection malicious people from entering into networks like yours where they do not belong.