igor - Fotolia
The Android-based Pwn Phone can allegedly help enterprises detect network vulnerabilities instantaneously. Is there a case for using this in the enterprise, or are there other technologies that could be used?
The Pwn Phone looks like a neat tool; I'll likely put it on my short-list of security testing tools to acquire. I've always believed that your security testing is only as good as the tools you use; imagine a home inspector with a half-baked radon detector, or a surgeon without a means to view what he's going to be (or currently) operating on. The same applies to IT and security professionals; you have to have good tools.
I'm also a firm believer that you get what you pay for. Sure, the Pwn Phone runs many free tools such as Evil AP, SSL Strip, Metasploit and aircrack-ng, but they're in a commercial package that tends to help take the pain and effort out of running these tools all on your own.
That said, any IT or security professional -- both employees and contracted outsiders -- worth his or her salt can walk through any given office, talk to a few people and run some basic vulnerability scans and be able to tell where 80% of the security problems are in the organization. It's the same story, different network; missing patches, weak passwords, gullible users, physical security weaknesses and the like are putting organizations at risk. No fancy tools are needed to figure that stuff out.
Sure, the Pwn Phone looks powerful, but it's a novelty. I do believe that it'll be great for niche testing once you've already used more traditional tools such as desktop/laptop-based vulnerability scanners, network analyzers and password crackers.
In the end, if the Pwn Phone is all you use, you're ahead of the curve as many businesses still aren't doing any testing at all.
Ask the Expert!
Want to ask Kevin Beaver a question about network security? Submit your questions now via email! (All questions are anonymous.)
Don't miss SearchSecurity's latest articles on vulnerability scanning.
Dig Deeper on Network intrusion detection and prevention (IDS-IPS)
Related Q&A from Kevin Beaver
Compare host IDS vs. network IDS through the pros and cons of each, and learn how more modern systems may be better suited to ensure effective ... Continue Reading
Explore the differing roles of inbound versus outbound firewall rules for enterprise network security and the varying use cases for each. Continue Reading
Different tools protect different assets at the network and application layers. But both network and application security need to support the larger ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.