5 Security Tools for a New IT Pro
Security breaches cost businesses lots of money — and heartaches. To combat this issue, every IT professional should have a basic understanding of network security tools and how to use them. The broad threat landscape requires an “all-hands-on-deck” approach in defending our IT environments. There are plenty of software solutions out there, such as firewalls, intrusion detection systems, malware blockers. But we thought it would help to touch on some network security troubleshooting tools that a beginning IT professional needs to know.
We debated whether to write about general types of security tools or specific brands or pieces of software. As a compromise, we decided to do both. Here are six types of security tools with a specific example for each.
There is plenty to learn about security, but it’s important that you do as much as you can as soon as you can. Hackers are not waiting around, and neither should you.
Protocol Analyzer: Wireshark
If you know anything about networking, you know that it’s built on protocols. We don’t want to get too much into the protocols that you should know about, such as TCP/IP. But the more protocols you know, the better. If you don’t know your protocols, then it would be a good idea to study them. Network protocols are defined in Requests for Comment (RFCs) published by IETF. You can even find an RFC that gives a tutorial about TCP/IP.
Protocols are conversations between computers. One computer sends a request and the other sends a response. They negotiate connections and transmit data. Every time you surf the internet, there is a constant back-and-forth of traffic across various protocols. These conversations may be layered in what is called a protocol stack.
What a layman may not know is that a good network engineer — or a bad network hacker — can see all of that traffic passing back and forth at the protocol level. A beginning network security professional should quickly become familiar with protocol analyzers like Wireshark. This tool is open source and free to download and use. Of course, it helps to know what you’re looking for.
Windows Command Line: Ping, Tracert, and More
It’s typical for a network engineer to use a Windows-based laptop to connect either remotely or by a physical cable to network components. Of course, a Linux-based laptop, if preferred, could do the same things with similar software. There are many tools available through the Windows command line window. Here is a sample:
These tools are really not specialized for security. Every network engineer should know their way around these commands on the Windows interface. Here are screenshots of the ping and tracert commands:
Network engineers use these tools for a variety of purposes, including configuration, monitoring, and troubleshooting. They are particularly helpful for a network security engineer who needs to jump into a device and get a quick snapshot of the network.
If you’re looking to see if there are intruders in the network, netstat could be a big help. Netstat shows current TCP/IP connections, and could help you detect unwanted applications running across the network:
Network Scanner: SolarWinds
Like all the types of security tools mentioned here, there are many choices when it comes to network scanners. You can choose from a free one like Angry IP Scanner, or you can set up your own network support environment with Spiceworks. But for the purposes of this article, we will briefly discuss a software program called Solarwinds.
The IT management software from Solarwinds covers a lot of bases. They have products for other things beside network security such as network management and systems management. Their software packages do cost money, but you can try any of them out for free. And they do offer products specifically for IT security. But their network device scanner is a tool that they were known for in the early days, and it’s still available.
With Solarwinds network device scanner, you can automatically discover and scan network devices. You can map network technology and you can monitor performance. You can also use it to find intruders. If you run network discovery and you find a device that shouldn’t be there, it’s time to do some investigation.
Wireless Scanners: LizardSystems
Beyond just scanning for IP addresses, wireless scanners target Wi-Fi-enabled devices. With a Wi-Fi scanner, you can see network SSIDs that are configured to be visible. This tool will help you analyze 802.11a/b/g/n/ac wireless networks.
We picked LizardSystems more as an example than a recommendation. Such software can help you see what kinds of Wi-Fi activity is going on around you. You can see which networks are using WEP, WPA or WPA2 security, and what kind of signal strength they have.
One thing a wireless scanner will do is help you identify rogue access points. If you are in a large office, well-meaning employees may be a bit too ambitious and set up unauthorized access points. With a Wi-Fi scanner, you can find those so you can shut them down,
Vulnerability Scanner: OWASP List
Rather than pick out one specific vulnerability scanning tool, we thought we would let OWASP’s list of choices guide you. OWASP is an organization dedicated to web application security. CBT Nuggets has a detailed description of the hacks that OWASP deals with in their OWASP Top 10 List.
A vulnerability scanner goes through a network environment looking for any weaknesses. It can identify such vulnerabilities as cross-site scripting and SQL Injection simply by scanning web pages. Many of these tools are offered as Software-as-a-Service (SaaS) solutions with no download required.
Antivirus Software: Avast!
It would be hard to qualify as a security specialist if you didn’t know anything about virus protection. Of course, the term antivirus has been adopted as a general term for any software that is used to combat malware. But this kind of threat can include spyware, adware, worms, trojans, phishing, and a number of other unwanted software.
There are plenty of free and paid software choices available on the market. Avast! is a free option that will scan your computer and block malware based on a list that is continually updated.
Even as a beginner, an IT security professional should become proficient quickly on how to use antivirus programs to protect the network. Malware is something you have to stay on top of.
The Bottom Line
As for the examples that we used here, keep in mind that there is a lot of overlap. Solarwinds could be considered both a protocol analyzer and a network scanner. Angry IP Network could do just as well on a fixed as well as a wireless network. The important thing is that you get your hands on these things and get some experience. Security is everyone’s responsibility. But the IT security professional needs to learn to take initiative to protect IT resources and those that use them.