The security of networks and systems is something that every company and administrator must take very seriously. After all, without strong security policies, plans, and tactics, it won’t be long before you recover from a disaster that could leave your data open to failure (or worse).
Anyone in this industry fully understands that it is only a matter of time before a company has to deal with a security breach. But anything and everything you can do to mitigate such a situation should be considered a must. To that end, what tools should your administrators know about to keep your business, systems, users, and data safe?
SEE: Google Chrome: Security and UI tips you should know (TechRepublic Premium)
I’ve listed five types of tools your administrators should know about (and use) to control their desktops, servers, and networks. With this list, you should be able to put together a perfectly suited set of tools to help complete a solid security foundation for your business.
With that said, let’s get on with the list.
Pentesting tools (also known as penetration testing tools) are an absolute must for measuring the security of your systems. These tools mimic various types of attacks on your devices to see if they can get past the defenses you’ve set up. These tests will reveal vulnerabilities that you would otherwise never know about. If your company doesn’t already employ a pentester (also known as an ethical hacker), this is a position you should definitely consider adding. Why? Because administrators may not have the time to learn the ins and outs of pentesting, nor to run this type of task on a regular basis.
There are a plethora of pentesting tools out there (such as Metasploit, John the Ripper, Hashcat, Hydra, Burp Suite, Zed Attack Proxy, sqlmap, and aircrack-ng), however your best option might be to use a full OS. system designed specifically for penetration testing (such as Kali Linux), which will include most of the pentesting tools you’ll need for successful vulnerability testing.
Security Auditor/Vulnerability Assessment
While a good pentesting distribution will include most of what you need to perform a vulnerability assessment, you may not have someone on staff with the knowledge or skills to use those tools. In that case, you could turn to a security auditor/vulnerability assessment tool. While pentesting allows your administrators to run very specific tests on your systems, these tools are more general and will run broad and comprehensive tests on your operating systems and installed applications looking for vulnerabilities.
One of the benefits of audit/assessment tools is that many of them will tell you about ways you can resolve the issues at hand. Some auditing/vulnerability tools will even show the CVE vulnerabilities they have found (allowing you to further investigate how the issues can be resolved). W3AF, OpenSCAP, SolarWinds Network Vulnerability Detection, Tripwire IP360, Nessus Professional, Microsoft Baseline Security Analyzer, Acunetix, ManageEngine Vulnerability Manager Plus, and Intruder.
For those who have never scanned a network, you would be surprised to see how much traffic is coming in and out of your network. Most of that traffic is probably legitimate… but not all of it. How to know which is which? One way is by using a network scanner. These tools allow you not only to see all your network traffic, but also to sniff specific packets, see only certain machines or source/destination IP addresses.
A network scanner is an absolute must for any security administrator looking to keep their network as secure as possible. While these tools won’t suggest fixes or reveal software vulnerabilities, they do a great job of helping security professionals track down systems that have been attacked by hackers, and can (sometimes) help you get to the source of the hack. . Some of the best network scanners include wire sharknmap, Site24x7 Network Monitor, PRTG Network Monitor, Angry IP Scanner, Spiceworks IP Scanner.
WATCH: Best encryption software 2022 (Republic of Technology)
A firewall should be considered an absolute necessity. With a firewall on your network, you can block specific traffic (incoming or outgoing), blacklist certain IP addresses or domains, and generally prevent unwanted traffic/packets from entering your systems. Of course, most operating systems include their own firewalls, but some of them are too complicated or powerful enough to meet the growing needs of your business. If you find that to be the case, you might consider implementing a firewall device, built specifically to protect your network.
Although these devices can be expensive, the results they offer are often worth it. For businesses, a firewall becomes even more important (especially with sensitive company/customer data hosted within your network). The best firewall appliances on the market include Cisco ASA, Fortinet FortiGate, Palo Alto Networks Next-Generation PA Series, Cisco Meraki MX, and Zscaler Internet Access.
Intrusion detection is exactly what it sounds like: a tool to alert administrators when an intruder is detected within a network or system. Many of these types of tools go beyond simple alerts and will automatically block suspicious IP addresses (for example, after X number of failed login attempts).
Intrusion detection systems monitor network traffic for suspicious activity and act according to how they have been configured. These automated systems are an excellent first line of defense against hackers, but should not be considered the end point of your security. Implement an IDS and let it do its thing, but understand that every piece of software is fallible (ergo, you’ll want to employ other forms of security). However, having a good intrusion detection system that works for you is an absolute necessity as your first line of defense. Some of the best IDSs include CrowdStrike Falcon, Snort, Fail2Ban, AIDE, OpenWIPS-NG, Samhain, and Security Onion.