Security of networks and systems is something every business and administrator should take very seriously. After all, without solid security policies, plans and tactics in place, it won’t be long before you’re recovering from a disaster that could leave your data exposed to ne’er-do-wells (or worse).
Anyone in this industry fully understands that it’s only a matter of time before a company has to deal with a security breach. But anything and everything you can do to mitigate such a situation should be considered a must. To that end, what tools should your admins know about to keep your company, systems, users and data safe?
I have a shortlist of five types of tools your admins must know (and use) to keep tabs on your desktops, servers and networks. With this list, you should be able to piece together a toolkit that’s perfectly suited to help fill out a solid foundation of security for your company.
With that said, let’s get on with the list.
Pentesting tools (a.k.a. penetration testing tools) are an absolute must for gauging the security of your systems. These tools mimic various types of attacks on your devices to see if they can break through the defenses you’ve set up. These tests will reveal vulnerabilities you otherwise might not have ever known about. If your company doesn’t already employ a pentester (otherwise known as an ethical hacker) this is a position you should definitely consider bringing in. Why? Because admins might not have time to learn the ins and outs of pentesting, nor might they have the time to run these types of tasks regularly.
There are quite a large number of pentesting tools (such as Metasploit, John the Ripper, Hashcat, Hydra, Burp Suite, Zed Attack Proxy, sqlmap and aircrack-ng), however, your best bet might be to use a full-blown operating system geared specifically for penetration testing (such as Kali Linux), which will include most of the pentesting tools you’ll need for successful vulnerability tests.
Security auditor/vulnerability assessment
Although a good pentesting distribution will include most of what you need to do vulnerability assessment, you might not have someone on staff with the knowledge or skills to use those tools. In that case, you could turn to a security auditor/vulnerability assessment tool. Where pentesting allows your admins to run very specific tests against your systems, these tools are more general and will run wide, sweeping tests against your operating systems and installed applications for vulnerabilities.
One of the benefits of auditor/assessment tools is that many of them will report back to you with ways you can resolve the issues at hand. Some auditor/vulnerability tools will even display what CVE vulnerabilities it has found (which will allow you to do further research into how the issue(s) can be resolved. A shortlist of security auditor/vulnerability assessment tools include Nikto2, Netsparker, OpenVAS, W3AF, OpenSCAP, SolarWinds Network Vulnerability Detection, Tripwire IP360, Nessus Professional, Microsoft Baseline Security Analyzer, Acunetix, ManageEngine Vulnerability Manager Plus and Intruder.
For those who’ve never scanned a network, you’d be absolutely shocked to see how much traffic is coming and going on your network. Most of that traffic is probably legit … but not all of it. How do you tell which is which? One way is by using a network scanner. These tools make it possible for you to not only view all of your network traffic but also track specific packets, watch only certain machines, or source/destination IP addresses.
A network scanner is an absolute must for any security administrator looking to keep their network as secure as possible. Although these tools won’t suggest fixes or reveal software vulnerabilities, they do a great job of helping security pros track down systems that have been targeted by hackers and (sometimes) can help lead you to the source of the hacking. Some of the best network scanners include Wireshark, nmap, Site24x7 Network Monitor, PRTG Network Monitor, Angry IP Scanner, IP Scanner by Spiceworks.
A firewall should be considered an absolute must. With a firewall on your network, you can block specific traffic (coming or going), blacklist certain IP addresses or domains and generally prevent unwanted traffic/packets from entering your systems. Of course, most operating systems include their own firewalls but some of those are either too complicated or not powerful enough to meet the growing needs of your company. Should you find that to be the case, you might consider deploying a firewall device, built specifically to protect your network.
Although these devices can be costly, the results they deliver are often worth the spend. For enterprise businesses, a firewall becomes even more important (especially with sensitive company/client data housed within your network). The best firewall devices on the market include Cisco ASA, Fortinet FortiGate, Palo Alto Networks Next-Generation PA Series, Cisco Meraki MX and Zscaler Internet Access.
Intrusion detection is exactly what it sounds like—a tool to alert admins when an intruder has been detected within a network or system. Many of these types of tools go beyond simple alerts and will automatically lock out suspect IP addresses (for instance, after X number of failed login attempts).
Intrusion detection systems monitor network traffic for suspicious activity and act according to how they’ve been configured. These automatic systems are a great first line of defense against hackers, but shouldn’t be considered the be-all-end-all for your security. Deploy an IDS and let it do its thing, but understand that every piece of software is fallible (ergo, you’ll want to employ other forms of security). However, having a good intrusion detection system working for you is an absolute must as the first line of defense. Some of the best IDSs include CrowdStrike Falcon, Snort, Fail2Ban, AIDE, OpenWIPS-NG, Samhain and Security Onion.