Nmap (Network Mapper), an open source network exploration and security auditing tool, is the tool of choice for many network administrators who want to map and test their networks for vulnerabilities. Nmap boasts a wide range of
By running Nmap, you can discover which ports are visible on a machine and the services running on them, allowing you to take inventory or identify where your network's weak spots exist. Nmap's mapping features also allow you to see if any unexpected changes have occurred since the last scan. For example, you can see if a machine infected by a worm is trying to open ports in order to listen for instructions from its controller.
While Nmap can tell you what machines and services are available on a network, the quickest way to identify services that can be exploited is to use a security scanner, which brings me to Nessus, the next freeware tool on my list.
Started in 1998, The Nessus Project aimed to provide a remote security scanner that was free, powerful, up-to-date and easy to use. Today, Nessus is one of the top-rated security scanners and is endorsed by information security organizations, including the SANS Institute. Nessus has often been first in introducing new features, such as the ability to not only detect remote flaws, but also local flaws and missing patches on network hosts, regardless of whether they're running Windows, Mac OS X, or a Unix-like system. Incidentally, Nessus invokes Nmap at the beginning of each scan.
Some of Nessus' other key features include multiple service testing, so if a host is running a service more than once Nessus will test each instance. Additionally, its smart service recognition can identify the services that run on non-standard ports. It can also test SSL services such as HTTPS and SMTPS. And, while many security scanners only perform "safe" non-destructive security audits, Nessus can demonstrate how a host will withstand attacks from intruders.
The Nessus security checks database is updated daily, with each security test written as an external plugin, a simple program that checks for a given flaw. The plugins are written in Nessus Attack Scripting Language and run in a contained environment on top of a virtual machine, thus making Nessus an extremely secure scanner. There are currently over 10,000 different plugins used by Nessus, and an RSS feed of all the newest security checks allows you to monitor which plugins are added and when. Nessus has been extensively tested and proven over time on networks of all sizes.
Microsoft Baseline Security Analyzer & Windows Server Update Services
Keeping systems patches current can be challenging. Microsoft recognized this problem and combined their free Baseline Security Analyzer (MBSA) Version 2 with the Windows Server Update Services (WSUS) in an effort to streamline the patch management process.
MBSA detects common security misconfigurations and missing security updates on Windows-based computer systems and Office applications. The reports produced by MBSA show severity ratings for any failed checks in accordance with Microsoft's security recommendations and offers specific guidance on how to fix problems, including links to security bulletins that contain patches. Each security bulletin also includes information about registry values, file versions and configuration changes that you can use to verify that the patch has been installed correctly.
MBSA can be used in conjunction with Microsoft Update and WSUS, the patch and update component of Windows Server. WSUS enables you to download updates from Microsoft and distribute them to your clients. A key feature of WSUS is its ability to target updates to specific computers. Although there is no support in WSUS for adding updates for third-party applications, it does make patching Microsoft products a lot easier.
After you scan, check and patch your network hosts, wouldn't it be great to be able to check whether your OS or application configurations match the industry's current best practices? Well, there is. The free Benchmark and Scoring Tool from the Center for Internet Security (CIS) provides a quick and easy way to evaluate your systems and compare their level of security against the CIS minimum due care security Benchmark. Various reports guide you in how to harden both new and active systems to ensure that security settings conform to the configuration specified in the Benchmark, all of which are kept up to date as new vulnerabilities are discovered.
These Benchmarks are unique, not because the settings and actions are unknown, but because consensus among hundreds of security professionals worldwide has defined these particular configurations. The CIS Level-I Benchmarks set a prudent level of minimum due care and can be applied with little security knowledge, as they are unlikely to cause an interruption of service to the OS or the applications that run on it. The CIS Level-II Benchmarks go beyond the minimum level and are aimed at system administrators who have sufficient security knowledge to apply them with consideration to the operating systems and applications running in their particular environments. You and your system can benefit from this knowledge, expertise, and experience for free so don't waste the opportunity!
My last top freeware tool is OpenSSH. I believe one of the best ways of allowing applications to securely authenticate themselves to other resources is by using Secure Shell (SSH). As long as the connection between the services uses TCP, they can use the SSH channel to authenticate to each other and increase security against different kinds of attacks. For example, SSH can encrypt passwords and network traffic between Web and database servers, thus preventing eavesdropping, IP spoofing, IP source routing, DNS spoofing and other network-level attacks. OpenSSH is a very good, free, open source implementation of SSH, which supports SSH 1.3, 1.5 and 2.0 protocol standards. With OpenSSH, encryption starts before authentication, and no passwords or other information is transmitted in the clear, eliminating eavesdropping, connection hijacking and other attacks. Encryption is also used to protect against spoofed packets. Additionally, OpenSSH provides secure tunnelling capabilities and several authentication methods, such as public key, one-time password and Kerberos Authentication. SSH is a great but underutilized communication protocol, so why not use OpenSSH to increase the security of your network traffic?
About the author: This was first published in July 2006
Michael Cobb, CISSP-ISSAP is the founder and managing director of Cobweb Applications Ltd., a consultancy that offers IT training and support in data security and analysis. He co-authored the book IIS Security and has written numerous technical articles for leading IT publications. Mike is the guest instructor for SearchSecurity's Web Security School and, as a SearchSecurity.com site expert, answers user questions on application and platform security.
This was first published in July 2006