In this article we will inventory 10 IT security toolkits that you should know:
For several generations of IT security professionals, realizing that the network's vulnerability begins with Tenable's Nessus. Nessus is the most popular vulnerability scanner and is currently the third most popular security program. Nessus has a free version and a commercial version. Nessus 7.1.0 is a commercial version. Currently, only the 2005 version is still open source and free.
If Nessus is the starting point for IT security engineers to learn about vulnerability scans, then Snort is the starting point for several generations of IT security personnel to learn about intrusion detection system (IDS) knowledge.
The biggest value of Snort lies in three working modes: sniffer, packet logger, and network intrusion detection system mode. Therefore, it can be the core of an automated security system, or it can be a component of a series of commercial products. Snort is currently owned by Cisco. Snort has an active community. If Snort is not on the list of open source security tools, then this list must be incomplete.
Nagios is a monitoring system that monitors the operating status of the system and network information. Like many other open source packages, Nagios also offers free and commercial versions.
Nagios Core is the core of the open source project and is based on a free open source version. You can check the network status, various system problems, and logs. About 50 based on NagiosDevelopmentThe "official" plugins and plugins contributed by more than 3,000 communities.
Nagios' user interface can be modified from the front end of the desktop, Web, or mobile platform, and can be managed through one of the available configuration tools.
Ettercap is a multipurpose packet sniffing program for Linux and BSD systems and has also been ported to the Windows platform. If you need to test the corporate network to protect against MITM, then Ettercap is definitely your first choice. Because it has been doing one thing since the first release in 2001 - launching a MITM attack.
5, Infection Monkey
Infection Monkey is a data center security inspection tool released by the Israeli security company GuardiCore at the 2016 Black Hat Conference. It is mainly used for data center borders and interiors.serverAutomatic detection of safety. The user interface is also one of the prominent features of Infection Monkey. Although some open source security projects provide a minimalist UI or a GUI-dependent plugin or skin, Infection Monkey has the same GUI as many commercial software tools.
The architecture of the tool is divided into Monkey (scan and exploit side) and C&C server (equivalent to reporter, but only used to collect monkey probe information).
Delta is an SDN security assessment framework. As a project of the Open Network Foundation (ONF), it has two main functions:
● It can automatically instantiate attack events against SDN elements in different environments.
● It helps to discover unknown security issues in the SDN deployment.
7, Cuckoo sandbox
There are many ways to determine if a file is safe, but these methods all present certain risks. The Cuckoo sandbox is a well-known open-source sandbox system for secure test files and analysis of malicious programs based on virtualized environments. The system can automatically execute and analyze program behavior.
8, Sleuth Kit
Finding out what happened during the attack may be a key step to prevent future intrusions. The Sleuth Kit is a collection of CLI-based forensics tools and libraries that can be used to recover lost files from disk images and for disk image analysis for special events.
The Sleuth Kit is the foundation of Autopsy, a GUI front end that provides faster, easier analysis for most users. Both are actively developing and have a large and dynamic user base that contributes to new features and new features.
Lynis is a Linux and Unix auditing tool for system administrators. Lynis scans the configuration of the system and creates professional audits that use it to outline system information and security issues.
The Lynis source code is hosted on GitHub and it also has an active development community, primarily supported by its creator, Cisofy. One of the special features of Lynis is its ability to scan and evaluate popular IoT development boards (including Raspberry Pi) due to its Unix foundation.
Encryption is important for many security standards. Implementing encryption can be complicated and costly, but the EFF has tried to reduce these issues with tools like Certbot, an open source automated client that can be extracted for your web server. And deploy SSL/TLS certificates.
Finally, I hope that these open source security tools mentioned in this article can help you.