Shulou(Shulou.com)06/01 Report--

Open source tools can lay a solid foundation for IT security personnel to implement security measures and learn and train them. Here are 10 IT security tools that people should know:

(1) Nessus (visibility)

In many ways, security starts with understanding the basics. For generations of IT security professionals, understanding the vulnerabilities of their networks began with Tenable's Nessus. According to sectools.org, Nessus is the most popular vulnerability scanner and the third most popular security program in use.

Nessus is available in both free and commercial versions. The latest version is Nessus 7.1.0, a commercial version that is also available for personal and home use free of charge. The Version 2 version launched by Tenable in 2005 is still open source and free.

Tenable has retained the Version 2 version, and although it is the best tradition of open source software, it has branched and developed in several different directions. Knowledge of Nessus remains a valuable professional skill for IT security professionals.

(2) Snort (visibility)

Just as thousands of IT security professionals first learn vulnerability scanning from Nessus, Snort has always been the starting point for intrusion detection system (IDS) knowledge, providing a technical entry point for generations of security experts.

Part of the value of Snort is that it can be configured in three different modes: as a network sniffer, packet logger, or a complete intrusion detection system (IDS). Therefore, it can be the core of an automated security system or a component of a series of commercial products.

Snort is now acquired by Cisco and continues to grow its business and is developed by an active community. Community-developed intrusion detection system (IDS) rules are available and licensed on a commercial basis. Without introducing Snort into the discussion, it will be difficult for IT security professionals to have a real dialogue with open source security software, which is an important part of the industry and the market.

(3) Nagios (visibility)

Nagios monitoring network: infrastructure, traffic, and connected servers all fall within the scope of its basic or extended functions. Like many other open source packages, Nagios is available in free and commercial versions.

Nagios Core is the core of an open source project, based on a free open source version. You can monitor each product and perform various tasks through plug-ins. There are about 50 official plug-ins developed by Nagios and plug-ins developed by more than 3000 communities on the market.

The user interface of Nagios can be modified through the front end of the desktop, Web, or mobile platform, and configuration can be managed through one of the available configuration tools.

(4) Ettercap (Test)

If users need to test that their corporate network can withstand man-in-the-middle attacks (MITM), then Ettercap is an appropriate tool. Since it was first released in 2001, the program has been doing one thing, which is to launch MITM attacks.

Ettercap has four basic attack modes: IP-based, MAC-based, and two ARP-based strategies. Users can decide which type of vulnerability to explore and see how their environment responds to each vulnerability.

During scanning and testing attacks, Ettercap can provide a great deal of information about the network and its devices. As part of the overall security toolkit, Ettercap provides powerful capabilities for man-in-the-middle (MITM) attacks and powerful enhancements to analysis and visibility.

(5) Infection Monkey: testing

Infection Monkey is a fairly comprehensive testing tool designed to show users what can happen within the network if an attacker succeeds in breaking through the boundaries. Developed and supported by GuardiCore, Infection Monkey is free and fully functional.

User interface is one of the prominent features of Infection Monkey. Although some open source security projects provide a minimalist user interface (UI) or graphical user interface (GUI)-dependent plug-ins or skins, Infection Monkey has the same GUI as many commercial software tools.

The source code for Infection Monkey is available on GitHub and there is an active developer community around the project. Other tools are critical to detecting defenses for breach of vulnerabilities. Infection Monkey can tell users why their entire infrastructure should be strengthened.

(6) Delta (Test)

Today, there are many options for testing traditional network security. However, the specific security problems that may arise from testing software-defined networks (SDN) are still a developing field, which is an important reason for the application of Delta.

As a project of the Open Network Foundation (ONF), Delta looks for potential problems in SDN and then explores them to help determine their availability. Delta has a built-in ambiguity feature designed to detect known and unknown network vulnerabilities.

Based on Florence and Poseidon, the previous ONF project, Delta code and executables are available on GitHub and are still growing rapidly.

7) Cuckoo Sandbox (Forensics)

Today, there are many ways to determine whether a file is malicious, but many of them are risky to a certain extent. Cuckoo Sandbox is an open source framework for safely testing a file to find out what it is and what it will actually do if it is started in a user's environment.

Through the source code provided by GitHub, Cuckoo Sandbox can analyze files and websites under a variety of different operating systems. It analyzes API and network traffic and completes memory dumps to analyze in detail where the software being tested puts its own fragments and whether it attempts to expand beyond its permissible range.

(8) The Sleuth Kit (obtaining evidence)

Figuring out what happened in the attack may be a key step in preventing future intrusions. Sleuth Kit is a collection of command-line interface (CLI)-based tools and libraries that allow investigators to learn more about hard drives formatted in a variety of formats and conditions.

Sleuth Kit is the foundation of Autopsy, and Autopsy is a graphical user interface (GUI) front end that provides faster and easier analysis for most users. Both are in active development and have a large number of dynamic user groups that contribute to new features and features.

(9) Lynis (Compliance)

Lynis is a listing tool, a list of applications and utilities found on Unix systems, a list of versions of these systems, and a list of vulnerabilities they find in code or in each configuration.

Through the source code provided by GitHub, Lynis has an active development community, mainly supported by its creator Cisofy. One of the special features of Lynis is that because it is based on the Unix system, it can scan and evaluate popular development boards of the Internet of things (including Raspberry Pi).

(10) Certbot (Compliance)

Encryption is important for many security standards, including the recently issued General data Protection regulations (GDPR) of the European Union. Implementing encryption can be complex and costly, but the Electronic Frontier Foundation (EFF) has tried to reduce these two tools through tools like Certbot, an open source automated client that can extract and deploy SSL/TLS certificates for users' Web servers.

Certbot started as a front end to Let's Encrypt, but it has grown into a client for any CA that supports the ACME protocol.

The Certbot project is part of EFF's efforts to encrypt the Internet, a goal that has been accepted by many privacy advocates and government regulators. Keeping employees, partners and customers safe is both a valuable goal and a legal responsibility. The open source tools discussed here help move in this direction.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.