Ask The Experts: Favorite Security Tools

Wednesday, October 17, 2012

Brent Huston

E313765e3bec84b2852c1c758f7244b6

This question came in via Twitter: “Hey Security Experts, what are your favorite 3 information security tools?” – @614techteam

John Davis responds:

I’m in the risk management area of information security; I don’t know enough about technical information security tools to give an informed opinion about them. However, my favorite information security ‘tool’ is the Consensus Audit Group’s Twenty Critical Security Controls for Effective Cyber Defense (which is very similar to MicroSolved’s own 80/20 Rule of Information Security).

The ‘CAG’ as I call it gives me as a risk manager clearer, more proactive, and detailed information security guidance than any of the other standards such as the ISO or NIST. If you’re not familiar with it, you can find it on the SANS website. I highly recommend it, even (and especially) to technical IT personnel. It’s not terribly long and you’ll be surprised how much you get out of it.

Adam Hostetler adds:

I’ll do some that aren’t focused on “hacking”

OSSEC – Monitor all the logs. Use it as a SIEM, or use it as an IPS (or any other number of ways). Easy to write rules for, very scalable and it’s free.

Truecrypt – Encrypt your entire hard drive, partition, or just make an encrypted “container” to hold files. Again, it’s free, but don’t be afraid to donate.

OCLhashcat-plus – Chews through password hashes, cracking with GPU accelerated speed. Dictionary based attacks, and also has a powerful rule set to go after non-dictionary based passwords.

And Phil Grimes wrote:

NMap is probably one of my favorite tools of all time. It’s veristile and very good at what it does. Using some of the available scripts have also proven to be more than useful in the field.

NetCat – This tool is extremely well rounded. Some of my favorite features include tunneling mode which allows also special tunneling such as UDP to TCP, with the possibility of specifying all network parameters (source port/interface, listening port/interface, and the remote host allowed to connect to the tunnel.

While NMap is my go to port scanner, there is built-in port-scanning capabilities, with randomizer, and dvanced usage options, such as buffered send-mode (one line every N seconds), and hexdump (to stderr or to a specified file) of trasmitted and received data. 

Wireshark – Sharking the wires is one of my favorite things to do. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, delving down into just the level of packet detail you need.

What’s your favorite tool? Let us know in the comments or via Twitter (@lbhuston). Thanks for reading!

Cross-posted from State of Security

Possibly Related Articles:
8744
Network->General
Information Security
Tools Information Security Infosec experts
Post Rating I Like this!
4b17d533070721deb976870064b0526f
CP Constantine This one needs to be done again - this time as 'what's your fave security tool that you think other people probably have never heard of?'. There are some wonderful hidden gems out there, and even some old workhorses that I'm surprised more people have never used, like ettercap (layer 2 manipulation is a powerful thing!) , and a personal fave of mine for all kinds of fun applications - foremost (I'm not sure you can make extracting files from pcap's any easier!). What's really interesting is how many great multipurpose tools (with actual teeth) are available in the Debian/Ubuntu repositories as well.

1350538221
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.