Information Security

Defending the digital infrastructure


Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Marcus Ranum's top free network security tools

In conscious contrast to Fyodor's list of top free network security tools, Marcus Ranum suggests enterprises implement a mix of defensive and offensive freeware.

Earlier this year, the author of the Nmap scanner, Fyodor, released a list of the Top 75 Network Security Tools. The tools on this list, collected and organized with input from the Nmap-hackers mailing list, provide you with a cyber-smorgasbord of cool (and free) tools for down-in-the-trenches security administration.

Of the 75 tools on the list, 20 of them are some kind of vulnerability scanner. Nine are some kind of a monitor or IDS, mostly packet-oriented with a few system/application monitors. Six are "packet manipulators" -- tools designed to inject packets, screw up IDSes or intercept sessions and spoof traffic. Six others are password crackers or authentication system breakers. There's one firewall, one tamper detector and two tools for providing encrypted communications channels.

This list is interesting because it says something about the tools that security people actually use on a regular basis. The high concentration of vulnerability scanners further proves that, as an industry, we are still firmly stuck in the "penetrate and patch" mindset. We continue to look for flaws to fix, rather than design our systems based on sound principles.

You should be "noddingly" familiar with every one of the tools on this list, and have some hands-on experience with at least the top five. The top 10 most popular tools are a little, shall we say, offensive, in that they can be used for both good and evil: vulnerability assessment, packet/traffic analysis, IDS, basic network communications and session tampering.

When you've got a client who absolutely needs to be convinced his network is vulnerable, some of these tools are valuable. But they're also really valuable to the bad guys. (I wish Fyodor would do a survey to see how many of his list members consider themselves "gray hat" or "black hat" hackers.)

There are so many great tools out there; it's a wonder that our networks are still getting hacked to pieces.

I was surprised and disappointed to see that more proactive security tools didn't make it into the top 10 or 20. Firewalls are passé and boring now, but what about things like the squid caching proxy server, the Postfix or Qmail mail transfer agents or the SpamAssassin antispam filter? Even the humble SecureIIS deserves some kind of billing. I guess that playing on the defensive team will always be a little less glamorous than on the offense.

Taking a cue from Fyodor, I'll suggest my own list of top security tools. Like the tools on the list, they're all freeware. However, my list contains a better mix of both offensive and defensive tools.

  1. iptables: Ubiquitous firewall. Basically, every operating system out there now supports some kind of packet screening.
  2. Squid: Caching and proxying for Web; combine with a firewall for best results, and make sure you log accesses.
  3. SecureIIS: If you have to go out on a high wire, wear a safety harness! IIS is too insecure for my taste, but this useful tool can block out a lot of "noise" attacks against IIS-based Web servers.
  4. Postfix: When the mail needs to get through securely. Consider Qmail as an alternate.
  5. Tiny Personal Firewall: Use this or any other personal firewall that traps outgoing and incoming traffic. Many personal firewall vendors offer freeware for noncorporate use.
  6. SpamAssassin: Make e-mail tolerable by clobbering spam.
  7. Tripwire: Know what files have been altered on your system; an absolutely essential postmortem tool.
  8. Ethereal: Sniffer extraordinaire, packet decoder and session reconstructor.
  9. Nmap: Hands down, the best network and port scanner; operating system fingerprinting is invaluable.
  10. Snort: The best free IDS money can buy.
  11. SSH/Putty: Secure communications for the masses. There's no longer an excuse to use Telnet or FTP!
  12. Nessus: A VA scanner that tops many commercial tools.

As I reread my list, I realize that there are so many great tools out there; it's a wonder that our networks are still getting hacked to pieces. Obviously, it's not for lack of good technology.

About the author: Marcus Ranum is an independent security consultant and author. He is the founder of NFR Security and built the first commercial firewall product, DEC SEAL.

Article 6 of 8
This was last published in August 2003

Dig Deeper on Network device security: Appliances, firewalls and switches

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

Get More Information Security

Access to all of our back issues View All