Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

6/9/2006
04:24 PM
50%
50%

5 Open-Source Security Tools For Your Arsenal

In the movies, hacking is glamorous. A few lines of code, a little pen testing, and you're in. You don't need to cast Angelina Jolie (Hackers) or Hugh Jackman (Swordfish) to portray hacking as it truly is: a game of patience and persistence that's mostly trial and error, heavy emphasis on the "error." Assuming no prior knowledge of a system an attacker seeks to penetrate, hacking is done in stages. The attacker is a digital gumshoe pounding the electronic pavement in search of any

In the movies, hacking is glamorous. A few lines of code, a little pen testing, and you're in. You don't need to cast Angelina Jolie (Hackers) or Hugh Jackman (Swordfish) to portray hacking as it truly is: a game of patience and persistence that's mostly trial and error, heavy emphasis on the "error."

Assuming no prior knowledge of a system an attacker seeks to penetrate, hacking is done in stages. The attacker is a digital gumshoe pounding the electronic pavement in search of any clues he can find about his mark, until a weak link is discovered, the chains are broken, and the castle gate is dropped across the moat. The smart defender will look to confound his nemesis at every turn, and there are several open-source tools available to make sure you find your weaknesses before your opponent does. It's a matter of who gets there first.I sat in on a class earlier this week at the Software Security Summit in Baltimore where Will Kruse, a software security consultant with software risk management firm Cigital, ran down a list of his favorites:

1) Network Mapper, or Nmap, is an open-source utility for network security auditing. Using Nmap, "people can find out a lot of information just by being on your network," Kruse said during his class. This includes Mac addresses, usernames, operating systems running within a network, the types of network routers in use, and which ports are open. Do a network security audit, and you're likely to find hosts you didn't know existed and services that shouldn't be running, Kruse said. Nmap is already included with a number of operating systems, including Red Hat Linux, Debian Linux, Gentoo, FreeBSD, and OpenBSD.

(In keeping with my earlier theme of hackers and glamour, I neglected to mention The Matrix's Trinity [Carrie-Anne Moss], who not only does flying kicks but also actually uses Nmap in The Matrix Reloaded.)

The best way to defend against Nmap's prying eyes, Kruse said, is to deploy an intrusion detection system, network honeypots, and firewalls, as well as turn off any unnecessary services and keep up to date with the latest software patches.

2) Nessus is a security scanner for Linux, BSD, Solaris, and other flavors of Unix. In addition to helping network administrators and security professionals detect problems, Nessus also generates a risk value that can be used to assess a situation's seriousness. "It cranks out an amazing amount of data, which is not very stealthy," Kruse said. "People can tell when you're using it on their network." Kruse recommends using Nessus on your own network and then fixing any problems you find. That way, if an attacker tries to use Nessus against your network, you'll have addressed the most significant points of vulnerability.

3) Nikto is a Web server scanner that performs tests against Web servers to assess their strengths and weaknesses. Nikto isn't the stealthiest piece of software around and, as its Web site admits, is fairly obvious in log files. (Still another movie reference: "Klaatu barada nikto" comes from the 1951 sci-fi classic The Day The Earth Stood Still. No Angelina or Hugh, but Gort certainly looked good in that 7-foot, 7-inch silver suit.)

4) WebScarab is a Web application and Web service scanning tool available from the Open Web Application Security Project. Written in Java, WebScarab records the requests and responses it observes and allows an administrator or attacker to review them in a number of ways. Kruse noted that WebScarab isn't an automated tool like Nmap or Nikto and therefore isn't as easy to use.

5) In my own travels on the Web, I also came across a utility program called IceSword, which can be used to detect the presence of rootkits on systems in your network. IceSword, which is written in Chinese, includes a number of tools, including a process viewer, a startup analyzer, and a port enumerator.

You'll probably never look as good behind a keyboard as Carrie-Anne, Angelina, or Hugh. But at least now you're armed with some tools that even they (or their characters, at least) would envy.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-3154
PUBLISHED: 2020-01-27
CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email.
CVE-2019-17190
PUBLISHED: 2020-01-27
A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\SYSTEM) when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, the...
CVE-2014-8161
PUBLISHED: 2020-01-27
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
CVE-2014-9481
PUBLISHED: 2020-01-27
The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.
CVE-2015-0241
PUBLISHED: 2020-01-27
The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric ...