Top 5 Security Tools for a CISSP

The ISC2.org is the definitive standard for Security Professionals.  It is almost a requirement for any Chief Security Officer CSO or Chief Information Security Officer CISO.  Effectively insuring that as a CSO your company is secured inside and out is a daunting task.  TMCP NIST FrameworkWhere do you even begin to insure that your network engineers and Help desk staff are performing their jobs and utilizing the latest tools.  A good starting point is by following the NIST Cybersecurity Framework published by the National Institute of Standards.  This is a must read for any CSO as technology is constantly evolving and while there are new threats evolving each day, executives and security personnel need a good starting point.  Likewise the “Orange Book” which used to be the standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system.  It has since been replaced by The Common Criteria.  While knowing these basics are great you still need the tools to do the job.  Below is a list of what may be (and again it may be subjective) the best tools to secure your computer systems, networks and applications.  If your security team is not using any of these you should be wary of just how secure from an attack or breach you actually are.

TMCP - Security Tools
Security Tools

With all of the systems you need to manage as a network or security administrator, you’ll need a robust set of tools to ensure your network is secure and safe from attackers. We’ll cover free network security tools that scan for vulnerabilities, packet sniffing, network mapping, wireless scanning and password cracking. Although there are many options for each category of tool, I’ll just talk about some of the more popular tools. For a comprehensive list of network security scanning tools, check out the “Sectools.org” website.

Vulnerability Scanning

 

Penetration testing and vulnerability scanning is one of the most important tasks you can do to ensure your network stays secure. The tools available vary based on cost and open vs. closed source.

Nessus, one of the best vulnerability scanners on the market was open source at it’s inception but has since gone closed source.  They have a limited free version that is only available for home networks however.  Nessus scans hosts against a database of over 34,000 (and growing) vulnerabilities. It’s easy to use and is very frequently updated.

OpenVas, is a forked version of Nessus that came about after Nessus closed its source code.  It is a frame work of several services and tools that offer a good Vulnerability management solution that is licensed under the GNU GPL.

Packet Sniffing

Wireshark is a free and open source packet analyzer.  Wire shark is the de facto standard in open source packet sniffing.   It’s one of the first tools that are true network engineer and security professional need to mastering have under their belt.   Initially it can be daunting for new network engineers and Security professionals where is most definitely a must-have.

Wireshark is cross-platform, using the Qt widget toolkit in current releases to implement its user interface, and using pcap to capture packets; it runs on Linux, MacOS, operating systems, and Microsoft Windows.

Network Mapping

Unless you built your network from the ground up you will need to perform network mapping.  Network mapping is needed to determine what devices you have on your network and allows you to enumerate the devices on your network along with the services they are running. A great tool to help map your network is NMAP and it’s GUI companion Zenmap.  Zenmap/NMAP can be set to scan an entire subnet or set of machines and will report on how many are available and what ports are open and listening on those machines. NMAP can be downloaded from here.

Wireless Scanning

Scanning for rogue wireless devices should be done on a regular basis. If you have one of your users come in and set up an unsecure wireless access point running off your corporate network you have a pretty serious security issue. A tool like Kismet (available here) can help you scan for wireless devices.  Kismet can also act as a wireless packet sniffer and intrusion detection system. Kismet passively collects data using your wireless card and can even alert you if the data it detects appears to be an attack on your wireless network. This is a must have for any organization with a wireless network in place.

For a more comprehensive wireless network analysis you should look at the Ekahau Product line of site survey software and heatmapping software.  While not free its extensive capabilities are outstanding for any size organizations and around the same cost for software and hardware as contracted vendor assessment/heatmap would cost. and
Top 5 CISSP Security Tools