igor - Fotolia
The Android-based Pwn Phone can allegedly help enterprises detect network vulnerabilities instantaneously. Is there a case for using this in the enterprise, or are there other technologies that could be used?
The Pwn Phone looks like a neat tool; I'll likely put it on my short-list of security testing tools to acquire. I've always believed that your security testing is only as good as the tools you use; imagine a home inspector with a half-baked radon detector, or a surgeon without a means to view what he's going to be (or currently) operating on. The same applies to IT and security professionals; you have to have good tools.
I'm also a firm believer that you get what you pay for. Sure, the Pwn Phone runs many free tools such as Evil AP, SSL Strip, Metasploit and aircrack-ng, but they're in a commercial package that tends to help take the pain and effort out of running these tools all on your own.
That said, any IT or security professional -- both employees and contracted outsiders -- worth his or her salt can walk through any given office, talk to a few people and run some basic vulnerability scans and be able to tell where 80% of the security problems are in the organization. It's the same story, different network; missing patches, weak passwords, gullible users, physical security weaknesses and the like are putting organizations at risk. No fancy tools are needed to figure that stuff out.
Sure, the Pwn Phone looks powerful, but it's a novelty. I do believe that it'll be great for niche testing once you've already used more traditional tools such as desktop/laptop-based vulnerability scanners, network analyzers and password crackers.
In the end, if the Pwn Phone is all you use, you're ahead of the curve as many businesses still aren't doing any testing at all.
Ask the Expert!
Want to ask Kevin Beaver a question about network security? Submit your questions now via email! (All questions are anonymous.)
Don't miss SearchSecurity's latest articles on vulnerability scanning.
Dig Deeper on Network intrusion detection and prevention (IDS-IPS)
Related Q&A from Kevin Beaver
While most mobile platforms provide levels of security from mobile cryptojacking, IT must still be aware of the risks and procedures to address an ... Continue Reading
Android Oreo replaced the allow unknown sources setting with a new feature that enables users to selectively install unknown apps. Kevin Beaver ... Continue Reading
Equifax's Apache Struts vulnerability was an example of a scan not being read correctly. Kevin Beaver explains vulnerability scans and how issues can... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.