3 Great Apps for your Security Toolkit

December 30th, 2009 by Patrick M.

Any admin worth his/her salt has a common set of tools and applications they use on a regular basis for managing whatever environment for which they are responsible. Managing the security of the environment is no exception. While this meager blog post makes no claims to aid you in performing a full scale security analysis or penetration test, there are some basic tools you can use to ensure that the most glaring problems are found and mitigated.

NMap – This is one of the most popular port scanners found on the Internet, and the reason for this is because it’s, well, a great tool. With configuration options a mile long and a great development community behind it, it really does exactly what it says it will and not much more.
Nessus – Nessus is a network vulnerability scanner that constantly updates a list of plugins and “checks” which it uses to evaluate a server for given vulnerabilities. While they did recently change their licensing model, replaced their free registered plugin feed with a feature-sparse “home” feed, and also changed from open to closed source, Nessus is still one of the premier vulnerability scanning tools available.
Metasploit – I initially hesitated to include this tool in this list, as when used improperly it can be fairly dangerous. But then I thought the same about chainsaws and if I’m trying to fell a tree you can be sure I’d want someone to recommend a chainsaw.
Anyway, Metasploit, or more appropriately the Metasploit framework, is a collection of tested exploits which allow a qualified security professional to perform some light penetration testing. So where the previous two tools would give you a good view of the target system, this one will actually allow you to test some of the holes and vulnerabilities discovered. The most recent version boasts over 400 exploits for various systems and “hundreds of payloads.”

I must reiterate, using this last tool for the wrong reasons is highly discouraged. A lot of computer criminals end up in the same prisons as regular criminals. Take heed.

These three applications are a great starting point for any security conscious administrator who’s willing to get their hands dirty and protect themselves in the long-run. There are literally hundreds more tools which can help secure your environment, so I definitely recommend not stopping with these.