- Predrag TASEVSKI
A toolkit is a collection of tools, where for our motives is an assembly of tools to eavesdropper and scan network security for the possible exploitations. Moreover, these tools are designed from security researchers and experts, for the purpose of network administrator and security analysts to be able in everyday work to conduct potential exploitations, to watch and to analyse the network. Additionally, network monitoring is a term to describe the system that is constantly monitoring computer network for being slow or failing peripherals, and it notifies the network administrator either via email, SMS or alarms in case of interruption of service. Equally to network monitoring, the security analysts are responsible for designing and monitoring security systems. As well as, to coordinating policies of security measures to protect information in computer files from unauthorized or accidental change, distribution or disclosure. It is therefore in this article we will introduce the readers with the basic concept and essential part of network security toolkits. As well as, already possible network security tools to help them to conduct network security monitoring and analysing. Lastly, we will give the readers with recommendation and conclusion.
Network Security Toolkit
In this section we will take a look at a few essential components of the toolkits, and their main goals and purposes. When we assemble the toolkit, you might want to consider having at least one of the following components included:
Packet Sniffer. It is an either software or hardware piece that can intercept and log traffic passing over the network or part over the network. As the data flaws across the network, the sniffer is capturing each packets and if needed it will decode the packets raw, by displaying the values of various fields in the packet, and it will analyse the content according the RFC or other specifications. This is especially useful when dealing with security threats that produce abnormal packets or enormous traffic. As well as, it will help to diagnose failed network hardware.
Port Scanner. It is software developed to probe server or host for open ports. This kind of tools are essentially in every day work for administrators to verify security policies of their network and to find unwanted running services, before the attackers. They are very useful in fact to figure and detect unauthorized systems and services. The technique that most of the tools that are using are based upon finger print matching technology.
Intrusion Detection System (IDS). It is a device or application that monitors network or systems activities for malicious hustle or policy violations and, of course produces reports to a management staff. Moreover, typically they record information related to observed events, let know the security administrators of observed events, and respond to the detected threats by attempting to prevent it from fulfil.
Log Analysers. Are dealing with large volume of computer generated log messages, known as event logs, audit records, etc. Furthermore, it deals as well as log analysis which can be in a real-time and in bulk after storage, also log search and last procedure reporting. In mace cases most of the system administrators groan of examining through log files for precious of information.
Vulnerability Scanners. It is an application designed to assess computers, application, computer systems and networks for their weaknesses. There different types of vulnerability scanners by distinguished from one another by a focusing to particular targets. The functionality varies among the different types of vulnerability scanners. They share common purpose of enumerating the vulnerabilities present in one or more targets. Also they enable you to seek out if your network or system has known vulnerabilities for patching.
Web Scanners. It is a program which communicates with web applications through the web front-end to be able to show potential security vulnerabilities in the web application and their architectural weaknesses. Unlike the source code scanners, web application scanners they don’t have access to the source code, and that is why they detect vulnerability by performing real attacks to the web application.
Password Crackers. It is a process of either recovering or gaining access, password from data that has been stored in or transmitted by a computer or network. The approach is to repeatedly trying to guess the password. As well as, they allow you to quickly scan a host computer for accounts with weak password, one or the other by disabling them or force their owners to carry out and create stronger passwords.
Note that the above list is just an understandable part that you should have in mind to consider had them into your everyday network security toolkit box. In the next paragraph we will give the readers with the available tools that are essential for the network security toolkits.
Available Network Security Tool
Most of the tools listed below are open source solutions and they cover one or more components from the above list. Additionally, for further detail information please refer to the following link.
For instance for password cracking you might use the John the Ripper and RainbowCrack tools. Where for packet sniffing there is a big variety of tools, but most commonly known are: Wireshark, Ntop, Tcpdump and many others. Moreover, to be able to conduct vulnerability scanning consider the following tools, such as, Nessus, OpenVAS, Nipper, etc. In addition to the scanners, for web application the most known is aBurp Suite, then Websecurify, Nikto and few more. For port scan you might want to consider Nmap. And finally for log analyser to come in handy is Swatch, as well as for Intrusion Detection System handy tool is Snort.
The above list of tools and the list of components will help and aim to the reader for what to have and to look at. Same as there are few of the many pieces of software put together from the dedicated security experts to advance the state of art of network security toolkit, such as, Network Security Toolkit (NST) bootable CD/DVD, BackTrack and many others.