Diary of a Network Geek

The trials and tribulations of a Certified Novell Engineer who's been stranded in Houston, Texas.

3/10/2004

Auditor’s Toolbox

Filed under: Career Archive,Fun Work,Geek Work,Linux,The Network Geek at Home — Posted by the Network Geek during the Hour of the Hare which is in the early morning or 7:26 am for you boring, normal people.
The moon is a Third Quarter Moon

Some tools for thought for security auditors…

Some time ago, I speculated on what a network “rescue” kit should contain. Well, the other day, I was cleaning up around the house and found an old copy of Information Security that had an article about security audits. They included a sidebar of suggested tools for performing an audit.
Some of them were fairly obvious: ping, traceroute(tracert), nslookup, and grep. Then they listed several free tools that were, well, a little bit more “robust”:
First, there was Nmap, which is an OS fingerprinting tool that is well-known to the Linux community.
Next, there was Crack, which is a well-known password cracker, as well as John the Ripper. There were two that I was not familiar with, namely which is apparently a BIND version checker. (That can be good to know, considering how many pesky security problems have been found with old versions of BIND/) And, finaly, ghba.c, which is a tool for extracting machine names and IP addresses for a class B or C subnet. (Those last two are actually links to source code that has to be compiled before it can be run.)

The article went on to talk about several commercial and Open Source scanners that check for security vulnerabilities. I won’t bother to mention the commercial ones, since they have big advertising budgets. But, I will list off the high-powered open source tools. I’m familiar with the first one, Nessus which has gotten very good reviews in several Linux magazines. The second one is a relative of SATAN, which got press right about the same time Linux really started to get going, Security Auditor’s Research Assistant (aka SARA). I’ve just started hearing about the next one, Whisker, which scans for CGI script vulnerabilities. That’s a nice one to know if you do as much CGI stuff as I have lately! And, finally, Hping2, which I’ve never heard of but seems to be a generic port scanner.

In any case, my point is that there are lots of tools out there that don’t cost a thing, but time, to use in your pursuit of a more secure environment. And, if you’re just reading this wonderint what a security audit is, or why it should be done, it looks like it’s time to get out there and start reading! (I’d start with a free subscription to Information Security magazine.) Happy hunting!

3 Comments

  1. I used whisker when rfp was hosting it on his site and it was pretty good – although not updated very often. Now its on sourceforge, but no files to download! GFI Lan scanner is also a very good (and free) tool for a windows box.

    Comment by Andy — 3/12/2004 @ 2:40 pm

  2. oh – and the subscription to the magazine is only free in the states – £112 a year for us in the uk which is a major ripoff.

    Comment by Andy — 3/12/2004 @ 2:42 pm

  3. Wow, Andy, that does suck. The magazine is great, but it’s not worth $200+! (As I recall, that’s what it works out to in US currency.)
    Well, at least you can enjoy some of it on-line.
    Thanks for watching the blog!

    Comment by Network Geek — 3/13/2004 @ 9:20 am

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.


Powered by WordPress
Any links to sites selling any reviewed item, including but not limited to Amazon, may be affiliate links which will pay me some tiny bit of money if used to purchase the item, but this site does no paid reviews and all opinions are my own.