Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

6/9/2006
04:24 PM
50%
50%

5 Open-Source Security Tools For Your Arsenal

In the movies, hacking is glamorous. A few lines of code, a little pen testing, and you're in. You don't need to cast Angelina Jolie (Hackers) or Hugh Jackman (Swordfish) to portray hacking as it truly is: a game of patience and persistence that's mostly trial and error, heavy emphasis on the "error." Assuming no prior knowledge of a system an attacker seeks to penetrate, hacking is done in stages. The attacker is a digital gumshoe pounding the electronic pavement in search of any

In the movies, hacking is glamorous. A few lines of code, a little pen testing, and you're in. You don't need to cast Angelina Jolie (Hackers) or Hugh Jackman (Swordfish) to portray hacking as it truly is: a game of patience and persistence that's mostly trial and error, heavy emphasis on the "error."

Assuming no prior knowledge of a system an attacker seeks to penetrate, hacking is done in stages. The attacker is a digital gumshoe pounding the electronic pavement in search of any clues he can find about his mark, until a weak link is discovered, the chains are broken, and the castle gate is dropped across the moat. The smart defender will look to confound his nemesis at every turn, and there are several open-source tools available to make sure you find your weaknesses before your opponent does. It's a matter of who gets there first.I sat in on a class earlier this week at the Software Security Summit in Baltimore where Will Kruse, a software security consultant with software risk management firm Cigital, ran down a list of his favorites:

1) Network Mapper, or Nmap, is an open-source utility for network security auditing. Using Nmap, "people can find out a lot of information just by being on your network," Kruse said during his class. This includes Mac addresses, usernames, operating systems running within a network, the types of network routers in use, and which ports are open. Do a network security audit, and you're likely to find hosts you didn't know existed and services that shouldn't be running, Kruse said. Nmap is already included with a number of operating systems, including Red Hat Linux, Debian Linux, Gentoo, FreeBSD, and OpenBSD.

(In keeping with my earlier theme of hackers and glamour, I neglected to mention The Matrix's Trinity [Carrie-Anne Moss], who not only does flying kicks but also actually uses Nmap in The Matrix Reloaded.)

The best way to defend against Nmap's prying eyes, Kruse said, is to deploy an intrusion detection system, network honeypots, and firewalls, as well as turn off any unnecessary services and keep up to date with the latest software patches.

2) Nessus is a security scanner for Linux, BSD, Solaris, and other flavors of Unix. In addition to helping network administrators and security professionals detect problems, Nessus also generates a risk value that can be used to assess a situation's seriousness. "It cranks out an amazing amount of data, which is not very stealthy," Kruse said. "People can tell when you're using it on their network." Kruse recommends using Nessus on your own network and then fixing any problems you find. That way, if an attacker tries to use Nessus against your network, you'll have addressed the most significant points of vulnerability.

3) Nikto is a Web server scanner that performs tests against Web servers to assess their strengths and weaknesses. Nikto isn't the stealthiest piece of software around and, as its Web site admits, is fairly obvious in log files. (Still another movie reference: "Klaatu barada nikto" comes from the 1951 sci-fi classic The Day The Earth Stood Still. No Angelina or Hugh, but Gort certainly looked good in that 7-foot, 7-inch silver suit.)

4) WebScarab is a Web application and Web service scanning tool available from the Open Web Application Security Project. Written in Java, WebScarab records the requests and responses it observes and allows an administrator or attacker to review them in a number of ways. Kruse noted that WebScarab isn't an automated tool like Nmap or Nikto and therefore isn't as easy to use.

5) In my own travels on the Web, I also came across a utility program called IceSword, which can be used to detect the presence of rootkits on systems in your network. IceSword, which is written in Chinese, includes a number of tools, including a process viewer, a startup analyzer, and a port enumerator.

You'll probably never look as good behind a keyboard as Carrie-Anne, Angelina, or Hugh. But at least now you're armed with some tools that even they (or their characters, at least) would envy.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7227
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
CVE-2019-15625
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
CVE-2019-19696
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
CVE-2019-19697
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
CVE-2019-20357
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.