Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

6/9/2006
04:24 PM
50%
50%

5 Open-Source Security Tools For Your Arsenal

In the movies, hacking is glamorous. A few lines of code, a little pen testing, and you're in. You don't need to cast Angelina Jolie (Hackers) or Hugh Jackman (Swordfish) to portray hacking as it truly is: a game of patience and persistence that's mostly trial and error, heavy emphasis on the "error." Assuming no prior knowledge of a system an attacker seeks to penetrate, hacking is done in stages. The attacker is a digital gumshoe pounding the electronic pavement in search of any

In the movies, hacking is glamorous. A few lines of code, a little pen testing, and you're in. You don't need to cast Angelina Jolie (Hackers) or Hugh Jackman (Swordfish) to portray hacking as it truly is: a game of patience and persistence that's mostly trial and error, heavy emphasis on the "error."

Assuming no prior knowledge of a system an attacker seeks to penetrate, hacking is done in stages. The attacker is a digital gumshoe pounding the electronic pavement in search of any clues he can find about his mark, until a weak link is discovered, the chains are broken, and the castle gate is dropped across the moat. The smart defender will look to confound his nemesis at every turn, and there are several open-source tools available to make sure you find your weaknesses before your opponent does. It's a matter of who gets there first.I sat in on a class earlier this week at the Software Security Summit in Baltimore where Will Kruse, a software security consultant with software risk management firm Cigital, ran down a list of his favorites:

1) Network Mapper, or Nmap, is an open-source utility for network security auditing. Using Nmap, "people can find out a lot of information just by being on your network," Kruse said during his class. This includes Mac addresses, usernames, operating systems running within a network, the types of network routers in use, and which ports are open. Do a network security audit, and you're likely to find hosts you didn't know existed and services that shouldn't be running, Kruse said. Nmap is already included with a number of operating systems, including Red Hat Linux, Debian Linux, Gentoo, FreeBSD, and OpenBSD.

(In keeping with my earlier theme of hackers and glamour, I neglected to mention The Matrix's Trinity [Carrie-Anne Moss], who not only does flying kicks but also actually uses Nmap in The Matrix Reloaded.)

The best way to defend against Nmap's prying eyes, Kruse said, is to deploy an intrusion detection system, network honeypots, and firewalls, as well as turn off any unnecessary services and keep up to date with the latest software patches.

2) Nessus is a security scanner for Linux, BSD, Solaris, and other flavors of Unix. In addition to helping network administrators and security professionals detect problems, Nessus also generates a risk value that can be used to assess a situation's seriousness. "It cranks out an amazing amount of data, which is not very stealthy," Kruse said. "People can tell when you're using it on their network." Kruse recommends using Nessus on your own network and then fixing any problems you find. That way, if an attacker tries to use Nessus against your network, you'll have addressed the most significant points of vulnerability.

3) Nikto is a Web server scanner that performs tests against Web servers to assess their strengths and weaknesses. Nikto isn't the stealthiest piece of software around and, as its Web site admits, is fairly obvious in log files. (Still another movie reference: "Klaatu barada nikto" comes from the 1951 sci-fi classic The Day The Earth Stood Still. No Angelina or Hugh, but Gort certainly looked good in that 7-foot, 7-inch silver suit.)

4) WebScarab is a Web application and Web service scanning tool available from the Open Web Application Security Project. Written in Java, WebScarab records the requests and responses it observes and allows an administrator or attacker to review them in a number of ways. Kruse noted that WebScarab isn't an automated tool like Nmap or Nikto and therefore isn't as easy to use.

5) In my own travels on the Web, I also came across a utility program called IceSword, which can be used to detect the presence of rootkits on systems in your network. IceSword, which is written in Chinese, includes a number of tools, including a process viewer, a startup analyzer, and a port enumerator.

You'll probably never look as good behind a keyboard as Carrie-Anne, Angelina, or Hugh. But at least now you're armed with some tools that even they (or their characters, at least) would envy.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/1/2020
Attacker Dwell Time: Ransomware's Most Important Metric
Ricardo Villadiego, Founder and CEO of Lumu,  9/30/2020
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading,  9/28/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8109
PUBLISHED: 2020-10-01
A vulnerability has been discovered in the ace.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. This can result in denial-of-service. This issue affects: Bitdefender Engines version 7.84892 and prior vers...
CVE-2019-20902
PUBLISHED: 2020-10-01
Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. The affected versions are from before version 3.4.6 and from 3.5.0 before 3.5.1.
CVE-2019-20903
PUBLISHED: 2020-10-01
The hyperlinks functionality in atlaskit/editor-core in before version 113.1.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in link targets.
CVE-2020-25288
PUBLISHED: 2020-09-30
An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Regular Expression property is used, improper escaping of the corresponding form input's pattern attribute allows HTML injection and, if CSP settings permit, execution of arbitra...
CVE-2020-25781
PUBLISHED: 2020-09-30
An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL directly.