Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

6/9/2006
04:24 PM
50%
50%

5 Open-Source Security Tools For Your Arsenal

In the movies, hacking is glamorous. A few lines of code, a little pen testing, and you're in. You don't need to cast Angelina Jolie (Hackers) or Hugh Jackman (Swordfish) to portray hacking as it truly is: a game of patience and persistence that's mostly trial and error, heavy emphasis on the "error." Assuming no prior knowledge of a system an attacker seeks to penetrate, hacking is done in stages. The attacker is a digital gumshoe pounding the electronic pavement in search of any

In the movies, hacking is glamorous. A few lines of code, a little pen testing, and you're in. You don't need to cast Angelina Jolie (Hackers) or Hugh Jackman (Swordfish) to portray hacking as it truly is: a game of patience and persistence that's mostly trial and error, heavy emphasis on the "error."

Assuming no prior knowledge of a system an attacker seeks to penetrate, hacking is done in stages. The attacker is a digital gumshoe pounding the electronic pavement in search of any clues he can find about his mark, until a weak link is discovered, the chains are broken, and the castle gate is dropped across the moat. The smart defender will look to confound his nemesis at every turn, and there are several open-source tools available to make sure you find your weaknesses before your opponent does. It's a matter of who gets there first.I sat in on a class earlier this week at the Software Security Summit in Baltimore where Will Kruse, a software security consultant with software risk management firm Cigital, ran down a list of his favorites:

1) Network Mapper, or Nmap, is an open-source utility for network security auditing. Using Nmap, "people can find out a lot of information just by being on your network," Kruse said during his class. This includes Mac addresses, usernames, operating systems running within a network, the types of network routers in use, and which ports are open. Do a network security audit, and you're likely to find hosts you didn't know existed and services that shouldn't be running, Kruse said. Nmap is already included with a number of operating systems, including Red Hat Linux, Debian Linux, Gentoo, FreeBSD, and OpenBSD.

(In keeping with my earlier theme of hackers and glamour, I neglected to mention The Matrix's Trinity [Carrie-Anne Moss], who not only does flying kicks but also actually uses Nmap in The Matrix Reloaded.)

The best way to defend against Nmap's prying eyes, Kruse said, is to deploy an intrusion detection system, network honeypots, and firewalls, as well as turn off any unnecessary services and keep up to date with the latest software patches.

2) Nessus is a security scanner for Linux, BSD, Solaris, and other flavors of Unix. In addition to helping network administrators and security professionals detect problems, Nessus also generates a risk value that can be used to assess a situation's seriousness. "It cranks out an amazing amount of data, which is not very stealthy," Kruse said. "People can tell when you're using it on their network." Kruse recommends using Nessus on your own network and then fixing any problems you find. That way, if an attacker tries to use Nessus against your network, you'll have addressed the most significant points of vulnerability.

3) Nikto is a Web server scanner that performs tests against Web servers to assess their strengths and weaknesses. Nikto isn't the stealthiest piece of software around and, as its Web site admits, is fairly obvious in log files. (Still another movie reference: "Klaatu barada nikto" comes from the 1951 sci-fi classic The Day The Earth Stood Still. No Angelina or Hugh, but Gort certainly looked good in that 7-foot, 7-inch silver suit.)

4) WebScarab is a Web application and Web service scanning tool available from the Open Web Application Security Project. Written in Java, WebScarab records the requests and responses it observes and allows an administrator or attacker to review them in a number of ways. Kruse noted that WebScarab isn't an automated tool like Nmap or Nikto and therefore isn't as easy to use.

5) In my own travels on the Web, I also came across a utility program called IceSword, which can be used to detect the presence of rootkits on systems in your network. IceSword, which is written in Chinese, includes a number of tools, including a process viewer, a startup analyzer, and a port enumerator.

You'll probably never look as good behind a keyboard as Carrie-Anne, Angelina, or Hugh. But at least now you're armed with some tools that even they (or their characters, at least) would envy.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27660
PUBLISHED: 2020-11-30
SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter.
CVE-2020-27659
PUBLISHED: 2020-11-30
Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter.
CVE-2020-29127
PUBLISHED: 2020-11-30
An issue was discovered on Fujitsu Eternus Storage DX200 S4 devices through 2020-11-25. After logging into the portal as a root user (using any web browser), the portal can be accessed with root privileges when the URI cgi-bin/csp?cspid=&csppage=cgi_PgOverview&csplang=en is visit...
CVE-2020-25624
PUBLISHED: 2020-11-30
hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.
CVE-2020-29378
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. It is possible to elevate the privilege of a CLI user (to full administrative access) by using the password [email protected]#y$z%x6x7q8c9z) for the e...