Security Management Strategies for the CIOAccess "Security audit tools: Vendors every auditor should use"
This article is part of the March 2003 issue of Dollars and sense: Getting the security budget you need -- and spending it wisely
Here's a representative list1: Google A real hacker thinks outside the box and learns to use tools in a way they may not have been intended. While the Google search engine is not, strictly speaking, an auditing tool, it's great for gathering information about a site. For example, trying entering "@my company.com" (where "mycompany" is your domain). Sometimes, this can yield some good data, such as a system administrator posting technical details about his site, which conveniently contains his account name. Google is like the Unix "grep" command on steroids. Utility Tools These are single-purpose tools that may either be native to the operating system or freely available. Utility tools require a manual approach, though they are often included in customized scripts--or even commercial products. Pros: Utility tools are freely available and are tightly focused for a specific task, making them more efficient. Cons: It requires skill to use them. For a large audit, manual testing is time-consuming and may produce inconsistent results, depending on the skill of the... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Roundtable: Advice on IT security budget management
by Andrew Briney
Four CISOs discuss practical strategies for getting the security budget you need, and spending it wisely.
-
Vulnerability scanners: Not the best tools for network perimeter defense
by Joel Snyder, contributor
Sidebar: Vulnerability scanners prove mediocre tools for helping IDSes protect the network perimeter.
-
IT security auditing: Best practices for conducting audits
by Carole Fennelly, Contributor
Even if you hate security audits, it's in your best interest to make sure they're done right.
-
Security spending on a tight information security budget
by Andrew Briney
Infosecurity budgets are increasing at a far slower rate than many people assume.
-
Roundtable: Advice on IT security budget management
by Andrew Briney
-
-
Testing and comparing vulnerability analysis tools
by Joel Snyder, Contributor
We tested five VA scanners to see how well they illuminate holes in your systems.
-
Beefing up security with BIG-IP load balancer
by Scott Sidel, Contributor
F5 Networks beefs up its BIG-IP load balancer to take on a greater security role.
-
Security audit tools: Vendors every auditor should use
by Caroline Fennelly, Contributor
Sidebar: An auditor should be familiar with a variety of tools and utilities, not just a single packaged scanner. They include utilities and power tools, both open source and commercial.
-
Testing and comparing vulnerability analysis tools
by Joel Snyder, Contributor
-
Columns
-
IT security spending: How to spend less
by Andrew Briney
To get the budget you need, think like a CFO: How do we make more, or how do we spend less?
-
IT security and ethical hacking: Does it do more harm than good?
by William H. Murray, Contributor
SQL Slammer was a new worm, but it's an old problem.
-
Your're caught: Examining punsihment for cybercrime
by Lawrence Walsh
The Trippin Smurfs hacker gang chose the wrong day to deface NASA.
-
The growth of information security acronyms
by Jay Heiser, Contributor
As more security certifications become available, there's an even greater opportunity for acronym abuse.
-
Six steps for security patch management best practices
by Fred Avolio, Contributor
Six steps to help decide when you must patch...and when it's OK to wait.
-
Protect Active Directory traffic with a VPN
by Russ Cooper, Contributor
Active Directory network traffic is mission critical and highly sensitive, and must be protected by a VPN.
-
Security for the virtual enterprise
by John Taylor, Contributor
When everything's "outside," how do you secure the "inside"?
-
IT security spending: How to spend less
by Andrew Briney
More Premium Content Accessible For Free
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...
Emerging threat detection techniques and products
E-Handbook
Advanced persistent threat (APT) has been a used and abused term in the security industry, but security experts say targeted attacks are a growing ...
The rapid evolution of MDM solutions
E-Zine
Mobile device management (MDM) continues to grow at a feverish pace, both in terms of adoption and mobile security features. BYOD policies, and the ...