Tool Kits for the Security Professional

Tool Kits for the Security Professional
By Bob Williams

SecureWiFi Networking Consulting

The Power of Linux
All distributions of Linux and Unix derivatives are the operating system of choice for the security professional. Even if you are not fully versed in command line functions of these systems, the windows type inter-faces that are offered for these operating systems make using applications a very intuitive process. The open source community has introduced many new and innovative ways to examine security in networks and applications, and to help build and maintain robust software for every user. One of the latest favorites is a distribution of Debian on a bootable CD-ROM. These distro’s boot into memory on just about any x86 PC. Nothing is written to the computer’s hard drive and the operating system does all of its work from the CD-ROM. You can use command line or a windows type inter-face to run any application included with the distribution. Most of these operating systems support NTSF file formats. Therefore, you can mount the computer hard drive as you would any memory device. This feature comes in very handy when you need to do a forensic examination of a hard drive. The hard drive will remain in its original state throughout a complete examination.

Network Scanner Programs

A full feature Network Scanner is a must have for the professional toolbox. The scanner should be configurable enough to detect all of the protocols on a network, whether wired or wireless. There are several to choose from commercially or open source. The feature set can include options to apply patches and upgrades remotely, and to monitor connections in real time.

Packet Sniffers

The Packet Sniffer has gotten some bad press lately, but it is still a valuable tool for the professional security analyst. If the aim of the analysis is to ensure that data flows, as it should, to the destination that it should, then packet sniffing is the technology of choice. When network security hinges on secure data transmission to a specified destination, and no other, packet analysis is the method that will give the most complete information about IP routing and hopping inside the network.

Wireless Access Point Auditing

Mobile computing is becoming more pervasive and more desirable with every new rollout of the latest hardware. Intel is now the driving force with its Centrino configurations for laptops. This is in turn, is making the proliferation of wireless access points a major problem for network security. Rouge wireless access points inside the wired enterprise network now represent the gravest risk to enterprise security. There are several software wireless access auditing tools available commercially and from open source that are robust and full featured. There is also a variety hardware type radio signal monitors that can be a starting point to determine if a problem is evident.

Password Recovery and Management

Password management is an often over-looked tool for the security professional. When a client needs to be sure that access management is configured to the highest possible security standard and only the people authorized to have access to sensitive material are indeed the only ones, then password management tools become important. It is important to manage server resources to deliver the data and applications to the right people at the right time, and password management of those resources is another layer of security for an enterprise environment.