The following information is from my College Archive of assigned weekly Blogs.
This blog comes from my Web Application Security Class
Web Application Security Topic – Free Web Network Security Tools for Network Administrators
Original Post Date: Sunday, April 8th, 2012
This week’s blog focuses on packaged solutions to address the fundamentals of web server security testing. Let’s dig right in and look at some examples of tools and collections that are open source and free to use.
Let’s begin by introducing BackTrack Linux. BackTrack is a large collection of tools that can be installed onto a hard drive or run from portable storage devices such as flash drives without requiring installation. Its wide of array of gathered programs includes reporting tools, information gathering applications and password crackers. Some of the well-known tools included with BackTrack are Kismet, Nmap and Wireshark.
Next is the Network Security Toolkit. The Network Security Toolkit was developed to provide a network security administrator with a large set of open source network security applications such as Nessus, Wireshark, and Cain & Abel. It is a downloadable ISO file that can run on most x86/x86_64 platforms. It provides the user with a WUI (Web User Interface) for system/network administration, navigation, and security configurations amongst many other features.
There are other tools that offer a collection of programs that can be used by network security administrators. For example, Operator can be run from any computer or PC from a bootable CD entirely in RAM; no installation required. Operator can be used to monitor and discover networks and contains a set of computer forensic and data recovery tools.
Another tool that is similar to BackTrack and the Network Security Toolkit is the INSERT Rescue Security Toolkit. INSERT is another bootable LINUX system that has a GUI (Graphical User Interface) and has a multitude of tools that encompass network analysis, disaster recovery, antivirus, and forensics.
Currently I have no desire to be responsible for keeping a company’s web server secure. My main focus after graduating with my Web Systems degree is to focus on the overall design of web sites. I am fairly comfortable with my smaller projects requiring security monitoring on my part, but am definitely not ready for the larger situations. With that being said, if I were to step into the security arena or to give advice to a new network security administrator, I would highly recommend that they include one or more of the above tools. Toolkits such as BackTrack and Operator offer easy access a wide array of software that is vital to their network security management.