If you’re trying to detect threats, you need all the help you can get. Here’s 10 tools every IT Professional should have in their armoury.
The fact that you may not have heard of what Verizon refers to as ‘the detection deficit’ in the Data Breach Investigations Report is by the by. For the record, it’s the difference between how long it takes the bad guys to compromise a target network and how long it takes you to detect that there is a threat. What matters here is that they are on the right side, as far as network compromise times are concerned, of that deficit and you are falling ever further behind.
Frankly, as far as detecting threats go, you need all the help you can get. That help comes in many different forms including from a managed security perspective. What you might not expect to hear is that another way to help close the ‘hacker gap’ is by employing free network security tools. Yeah, you read that right: even in the world of security there is sometimes such a thing as a free lunch.
So here’s some ingredients, in no particular order, that cost nothing but form the basis of a pretty balanced and healthy defensive security diet…
1 Rapid 7 Small Business
One truism that carries into the world of data security is that in order to stop the bad guys, you need to think like the bad guys. Understanding why they do what they do is one thing, getting to grips with how they do it is a more relevant thing; so think about using the same tools that they do. This is never more the case than when it comes to penetration testing tools such as Metasploit. Although this isn’t free anymore, far from it in fact, Rapid7 does still offer a free ‘small business’ version which can be used to simulate real-world attacks in order to find weak spots before a malicious actor does.
2 Rapid7 Nexpose Community Edition
Throw in the Rapid7 Nexpose Community Edition vulnerability scanner, which is free for individual users, and you get another contextualised viewpoint on the exposed attack surface to help understand your threat exposure.
3 Kali Linux
Also within the hacker crosshairs is the offensive Kali Linux. Offensive security is something that needs to be taken seriously, and many within the IT security industry believe that defensive security can only be properly arrived at by adopting an offensive mindset towards the threat. Kali Linux is a perfect example of an offensive security product come to life; free and open source this is an all-in-one penetration testing platform. Indeed, it incorporates more than 300 penetration testing and security auditing programs with a Linux operating system, and by so doing enables IT admins and security pros alike to test how good their risk mitigation strategies actually are.
No hacker would be without Nmap, the free network scanner that enables them, and you, to map your entire network and determine exactly what is connected to it. As such, Nmap should be built into your security team DNA; after all if you can see all these machines using an external probe then you’ve failed lesson one straight away. Nmap can look for hosts and open ports, and will reveal software and hardware versions in use.
It will reveal them even better, or at least a lot easier, with a great GUI to help in the shape of Zenmap. This is the official Nmap GUI, designed to make it easy for beginners, while still appealing to advanced users, and none the worse for that. Use it to save your frequently used scans as profiles, making scanning routines a doddle. Oh, and the inclusion of a searchable database of scan results makes comparative analysis equally simple.
When it comes to network protocol analysers, they don’t come much better known, or much better, than Wireshark. If you want to see exactly, some might say microscopically, what’s happening on your network then Wireshark is what you need. It’s multi-platform and multi-talented, and the captured network data can be browsed courtesy of an easy to use GUI with powerful display filters. Wireshark drills down into your network activity, and assuming you know your network protocol sh*t to start with then it provides additional and essential insight into protecting that network courtesy of the traffic flowing through it.
Oh, and Aircrack-ng is worthy of a mention as well; a set of open source tools that are good to discover and capture (OK, OK, by which I mean crack) WiFi WEP and WPA-PSK keys. It does this by implementing the same kind of standard FMS attack, plus some optimized other attack scenarios, that the real bad guys might use against you. Once it has enough captured data it will ‘recover’ the keys, if your wireless networking is weak enough in the configuration and authentication departments.
I also quite like AlienVault’s ThreatFinder which is totally free, powered by the AlienVault Open Threat Exchange (OTX), and analyses your network for compromised systems and malicious communications. It does this by correlating data from your network log files with the OTX threat data, and alerting you to any malicious host matches. The use of an interactive threat map tool just makes it all easier to understand, and delivers some effective granular visibility into network activity as a result.
9 Reputation Monitor Alert
Also from AlienVault is the free Reputation Monitor Alert service that provides alerts if your public IPs and domains appear in that Open Threat Exchange (OTX) database, as well as monitoring DNS registration and SSL certificates for good measure.
10 Root the Box
Thinking sideways is never a bad thing when it comes to network security, and nor is training. Which is why Root the Box appears on our free tools menu, despite it being a game. Erm, yep, that’s right it’s a game. However, the point of this particular Capture the Flag (CTF) game is to teach the kind of skills required to get root, to crack password hashes, to think like a hacker and therefore to understand how best to defend against them. “Each team must scan and exploit systems on the attack network. Every time a box is successfully owned its point value drops, so to get the most points you must be the first team to get root” the blurb says. It’s ingenious and essential in my book, after all who says that network security cannot be fun?