Six free security tools you shouldn't live without

I won't keep you in suspense. I'll go ahead and name them right here, at the top of my post -- the six free security tools that all IT folks should know about and use. (But, you'll have to click through this nifty mult-page post to let me explain my choices.) And the winners are ... MetaSploit, Splunk, Google (don't laugh -- it's true!), KeePass, Helix and Netwox. Now read on to learn why ...

MetaSploit

Free

It has a strange name, but MetaSploit is a very cool development platform that assists information security professionals in creating tools and exploits. Using the framework (its built-in tools), you can conduct penetration tests, verify patch installations and even perform regression testing. Written using Ruby, the current 3.1 version comes with over 450 modules, including 265 remote exploits that can be targeted against various releases of Windows, Linux, BSD, Unix, and the Mac OS. If that isn't enough built-in functionality for your tastes, you can also use MetaSploit to create your own modules or scour around for ones that have already been created.

Overall this is a great tool and in the hands of system administrations it can be put to good use testing your organization’s defenses. However, there are always two-sides to a shiny coin. MetaSploit is also an effective tool for conducting attacks.

Click to enlarge.

MetSploit

For more information see: www.metasploit.com


Splunk

Free

I first talked about Splunk when I wrote about the 2008 RSA Conference. Yes, the Security Incident and Event Manager (SIEM) space is crowded. But Splunk is not a SIEM per se. Its approach is slightly different in that it is, like Google, primarily a search engine. As such its developers have focused much of their effort on making Splunk into a good information aggregator for IT-related information and events. So Splunk is different from other SIEMs in that it is able to provide a very good platform for correlation and analysis. From the get go, by some hidden method, Splunk takes in data and provides order where there was once chaos. In my opinion, being able to dynamically figure out different logging structures (provided you can feed Splunk data via a known basis – text primarily) is a very powerful feature which makes this tool a must-have.

Note: Splunk is not open source but you can download it for free under its developer's freeware license.

Click to enlarge.

Splunk

For more information see: www.splunk.com

Google

Free

You might be laughing now, after all Google is just a search engine, right? Funny enough, Google is also a really great security tool. Like Splunk, Google is an information aggregator. The primary difference between the two is that Google provides you with a massive amount of publicly available (sometime meant to be private) information. Things that you can use Google for include:

  • Gathering information about your target
  • Performing basic penetration testing
  • Finding sites that allow directory indexing
  • Searching for pages for/with a particular phrase in the title (intitle)
  • Finding certain pages via a particular phrase (allinurl)
  • Or even pilfering the Google cache for information (that shouldn't be there).

Click to enlarge.

Google

For more information about how to use Google as a security tool see: johnny.ihackstuff.com


KeePass

Free

I can’t tell you how much I love this little program. KeePass is a free, open-source password management application. Using KeePass, you can store all of your credentials in a single secure database that can only be accessed by using a master password, key (a file), master password + key, or Windows credentials. Here are some reasons to use this utility:

  • Database is encrypted using AES and Twofish
  • Portable and no installation required
  • Easy database transfer
  • Support of password groups
  • Intuitive and secure Windows Clipboard handling
  • Searching and sorting
  • Multi-language support
  • Strong random password generator
  • Plugin architecture
  • Last of all, and most importantly, KeePass is open source!

Click to enlarge.

KeePass

For more information see: www.keepass.info

Helix

Free

Picture this; your CEO has just been put on probation for possibly pilfering the company’s coffers. You, being an incident-handling wizard, have been asked to perform an analysis of the CEO’s computer in an effort to obtain evidence. Besides performing other obvious incident-handling steps (depending on your organization) how might you go about obtaining evidence in a forensically sound way?

One method might be to purchase and use something like EnCase (which costs a bit of money). Another method might be to hire a forensics firm (which costs a bit more money and they just use EnCase). Or you could turn to a something called Helix which is a customized distribution of the Knoppix Live Linux CD. By using Helix and its boatload of tools you can easily conduct an investigation that doesn’t modify the host computer in any way.

Click to enlarge.

Helix

For more information see: www.e-fense.com/helix


Netwox

Free

Netwox is both an oldie and a goodie. But chances are, you have never heard of this tool and that’s a shame. With over 222 various tools, Netwox is a network toolbox powerhouse. While work on the project was stopped in 2004, the tasks that you can “complete” using this utility are still very relevant. For example you could:

  • Sniff packets
  • Grab files via HTTP
  • Attempt a brute force crack on an FTP server
  • Use Netwox as a back door on an system
  • Spoof packets
  • Even compute cryptographic hash of a file

The list is just staggering. If you have time on your hands… you could spend hours playing.

Click to enlarge.

Netwox

For more information see: http://www.laurentconstantin.com/en/netw/netwox/

Like this? Check out some of my other recent posts.

Why hello PowerShell 2.0 CTP2…

Why EV SSL Certs are a waste of money…

Playing in my SandBox…

Little things that eat up my time…

Also Check out the Microsoft Subnet home page for more news, blogs, podcasts.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Now read: Getting grounded in IoT