Security Tool Websites

Having the right tool can make the testing and analysis of infrastructure security much easier. Listed next are some sites that maintain various security tools:

DumpSec is a GUI Windows-based enumeration tool that can provide account information, RID information, open shares, and more. The link is shown as follows:

www.somarsoft.com

A nice list of bootable Linux CDs is available at the following address. Many of these have really good distributions of tools preconfigured and ready to go that will be of aid to those doing security work.

www.frozentech.com/content/livecd.php

Cain and Abel is a GUI Windows-based password cracking and enumeration tool that is free to download at

www.oxid.it

NetStumbler is the leading wireless scanning tool used to identify and enumerate 802.11 wireless networks. You can download it at

www.netstumbler.org

Nmap is an open source Windows and Linux scanning tool. To learn more about it or download the tool, visit the following link:

www.insecure.org

SuperScan is a Windows scanning tool for TCP and UDP. It's available for free from Foundstone at

www.foundstone.com/resources/freetools.htm

Scanrand is another useful security tool that is free to download from the following url:

www.lurhq.com/scanrand_dissected.pdf

TCH-Amap is a valuable scanning tool that is free to download at

http://thc.org/thc-amap/

John the Ripper is a Linux and Windows password-cracking tool that can be used to audit the strength of your passwords. It can be downloaded from

www.openwall.com/john

SNORT is a great open source IDS tool available for Windows and Linux. SNORT can be downloaded at the following site:

www.snort.org

Packetyzer is Ethereal with a new interface. It's free to download from:

www.networkchemistry.com/products/packetyzer

Rainbowcrack is a password-cracking tool that works off of the fast time-memory trade-off technique. You can download it at

www.antsight.com/zsl/rainbowcrack

Ophcrack is another password-cracking tool that uses the fast time-memory trade-off technique. You can download it from the following site:

http://lasecwww.epfl.ch/~oechslin/projects/ophcrack/

Nessus is one of the premiere open source scanning tools. You can download it from the following site:

www.nessus.org

Metasploit is an exploit and vulnerability assessment tool. You can download it at:

www.metasploit.com

Introduction to Assessing Network Vulnerabilities

Foundations and Principles of Security

Why Risk Assessment

Risk-Assessment Methodologies

Scoping the Project

Understanding the Attacker

Performing the Assessment

Tools Used for Assessments and Evaluations

Preparing the Final Report

Post-Assessment Activities

Appendix A. Security Assessment Resources

Appendix B. Security Assessment Forms

Appendix C. Security Assessment Sample Report

Appendix D. Dealing with Consultants and Outside Vendors

Appendix E. SIRT Team Report Format Template



Inside Network Security Assessment. Guarding your IT Infrastructure
Inside Network Security Assessment: Guarding Your IT Infrastructure
ISBN: 0672328097
EAN: 2147483647
Year: 2003
Pages: 138

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net