Sunday, July 22, 2012

Technical Aspects of CyberSecurity


There's a plethora of Cyber Security tools available on the Internet, but I've come up with a top 10 list of my favorite tools which I feel are beneficial for any Cybersecurity Professional.

·         The Cyber Security Evaluation Tool (CSET):  A Department of Homeland Security (DHS) that aids organizations in protecting their cyber assets.  Loaded with a variety of standards (NIST, NERC, ISO, DoD, etc), that can be selected and used to scan security assurance levels of systems.  The software generates a detailed report which indicates areas that can be improved.  
 

·         Microsoft Security Essentials:  A free tool provided by Microsoft to aid in protecting against viruses, spyware, and other malicious software.  Easy to install, update, and runs in the background so it's not intrusive to end-users.


·         Ad-Aware Free Antivirus+:  Free Anti-spyware and Ant-Virus software; features download protection, sandboxing, and advanced detection.


·         RootkitRemover:  A free, stand-alone McAfee product which is used to detect and remove complex rootkits and associated malware.  


·         Wireshark:  A free, open-source network protocol analyzer.  Wireshark is a great tool for network troubleshooting and analysis.  It's user-friendly with a graphical frond-end.


·         NMAP:  A free and open-source tool for network discovery and security auditing.  This is a must have tool for Cyber Security.  


·          Leviathan Auditor:  A network auditing and penetration tool which works on (and against) Microsoft machines.  Leviathan can enumerate: users, local groups, shares, hidden shares, transports, installed services, registry and more.


·         THC-Hydra:  A free, open-source network logon cracker.  Easy to use and one of the faster network logon crackers.


·         Cain & Abel:  A password recovery tool for Microsoft operating systems.  Can be used to sniff networks, crack encrypted passwords via dictionary, brute force, and cryptanalysis attacks.  It can also capture VoIP conversations, decode scrambled passwords, capture and crack wireless networking keys.


·         BackTrack Linux:  Hands down my favorite technical security tool.  BackTrack is the one-stop-shop of security tools.  It can be installed to a PC or run from a Live CD distribution.  Installing BackTrack, and utilizing Metasploit, NMAP, and Nessus, and it's one of the greatest tools a security professional could hope for!   

Also, two great sites to peruse for an abundance of tools (many of them free) are:

-and-




References:

Ad-Aware Free Antivirus+.  Retrieved 22 July, 2012, from: http://www.lavasoft.com/products/ad_aware_free.php?t=overview

Backtrack Linux:  Retrieved 22 July, 2012, from: http://www.backtrack-linux.org/

Cain & Able.  Retrieved 22 July, 2012, from: http://www.oxid.it/cain.html

Control Systems Security Program (CSSP): CSET.  Retrieved 22 July, 2012, from: http://www.us-cert.gov/control_systems/satool.html

Leviathan Auditor.  Retrieved 22 July, 2012, from: http://leviathan.sourceforge.net/

Microsoft Security Essentials.  Retrieved 22 July, 2012, from: http://windows.microsoft.com/en-US/windows/products/security-essentials

NMAP.  Retrieved 22 July, 2012, from: http://nmap.org/

RootkitRemover.  Retrieved 22 July, 2012, from: http://www.mcafee.com/us/downloads/free-tools/rootkitremover.aspx

SecTools.org: Top 125 Network Security Tools.  Retrieved 22 July, 2012, from: http://sectools.org/

THC-Hydra.  Retrieved 22 July, 2012, from: http://freeworld.thc.org/thc-hydra/

Wireshark.  Retrieved 22 July, 2012, from: http://www.wireshark.org/

No comments:

Post a Comment