Diary of a Network Geek

The trials and tribulations of a Certified Novell Engineer who's been stranded in Houston, Texas.

3/10/2004

Auditor’s Toolbox

Filed under: Career Archive,Fun Work,Geek Work,Linux,The Network Geek at Home — Posted by the Network Geek during the Hour of the Hare which is in the early morning or 7:26 am for you boring, normal people.
The moon is a Third Quarter Moon

Some tools for thought for security auditors…

Some time ago, I speculated on what a network “rescue” kit should contain. Well, the other day, I was cleaning up around the house and found an old copy of Information Security that had an article about security audits. They included a sidebar of suggested tools for performing an audit.
Some of them were fairly obvious: ping, traceroute(tracert), nslookup, and grep. Then they listed several free tools that were, well, a little bit more “robust”:
First, there was Nmap, which is an OS fingerprinting tool that is well-known to the Linux community.
Next, there was Crack, which is a well-known password cracker, as well as John the Ripper. There were two that I was not familiar with, namely which is apparently a BIND version checker. (That can be good to know, considering how many pesky security problems have been found with old versions of BIND/) And, finaly, ghba.c, which is a tool for extracting machine names and IP addresses for a class B or C subnet. (Those last two are actually links to source code that has to be compiled before it can be run.)

The article went on to talk about several commercial and Open Source scanners that check for security vulnerabilities. I won’t bother to mention the commercial ones, since they have big advertising budgets. But, I will list off the high-powered open source tools. I’m familiar with the first one, Nessus which has gotten very good reviews in several Linux magazines. The second one is a relative of SATAN, which got press right about the same time Linux really started to get going, Security Auditor’s Research Assistant (aka SARA). I’ve just started hearing about the next one, Whisker, which scans for CGI script vulnerabilities. That’s a nice one to know if you do as much CGI stuff as I have lately! And, finally, Hping2, which I’ve never heard of but seems to be a generic port scanner.

In any case, my point is that there are lots of tools out there that don’t cost a thing, but time, to use in your pursuit of a more secure environment. And, if you’re just reading this wonderint what a security audit is, or why it should be done, it looks like it’s time to get out there and start reading! (I’d start with a free subscription to Information Security magazine.) Happy hunting!


Powered by WordPress
Any links to sites selling any reviewed item, including but not limited to Amazon, may be affiliate links which will pay me some tiny bit of money if used to purchase the item, but this site does no paid reviews and all opinions are my own.