[wplug] A who's who of security tools
salm at servanttechnology.com
salm at servanttechnology.com
Fri Sep 12 16:09:56 EDT 2003
Hi all,
Thought this article may be interesting to most of you. It is about a
security consultant and it talks about the tools he uses, most of them are
open source.
Here is a brief selection:
"Hack in Progress"
InformationWeek (09/08/03) No. 954, P. 33; Hulme, George V.
Ethical hackers such as Ryan Breed of Unisys function as security
consultants, and they use a variety of tools--many of them freely
available online--to test the cyber-defenses of the companies that hire
them. Such tools include Ethereal, a network protocol analyzer that can
study network traffic in real time or from a saved file; NetStumbler, a
wireless network locater; Network Mapper, a program that can scan a
network for operating systems, servers, classes of services and ports, and
firewalls and packet filters; Netcat, used for network analysis; Nikto, a
scanning tool that tests Web servers for potential security leaks; and
Nessus, a remote security scanner that searches for network
vulnerabilities and produces lists of the flaws it uncovers. Breed notes
that a hacker can learn a lot about a target company, its corporate
domains, and related Web sites through search services such as Google.com,
while corporate ads for IT job vacancies are another possible source of
information. "You'll find out what kind of software and systems they run
from the skills and experience they're seeking in their IT job listings,"
Breed observes. Another strategy hackers may use is to study Internet
message boards on Yahoo! and other financial sites, as well as sites run
by former employees of the target company. From hacks carried out by
security consultants such as Breed, companies are learning that they need
to beef up network protection--not just by changing passwords more often,
but by formulating and implementing better security policies. Breed
explains that one of his jobs, in which he breached the company's internal
systems via a router misconfiguration, "dispels one of the popular
security myths: That a company can focus only on securing its perimeter
and remain secure."
And a link to the article:
http://www.informationweek.com/story/showArticle.jhtml?articleID=14400070&pgno=1
sal
More information about the wplug
mailing list