Great tools for securing and testing your network
1 / 28

securitytools - PowerPoint PPT Presentation

  • Updated On :

Great Tools for Securing and Testing Your Network. Ernest Staats [email protected] MS Information Assurance, CISSP, MCSE, CNA, CWNA, CCNA, Security+, I-Net+, Network+, Server+, A+ Resources available @ Application and Data Base Tools Encryption Software

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'securitytools' - Gideon

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Great tools for securing and testing your network l.jpg

Great Tools for Securing and Testing Your Network

Ernest Staats [email protected] MS Information Assurance, CISSP, MCSE, CNA, CWNA, CCNA, Security+, I-Net+, Network+, Server+, A+

Resources available @

Outline l.jpg

  • Application and Data Base Tools

  • Encryption Software

  • Wireless Tools

  • Virtual Machines

  • New USB Exploits

  • Digital Forensic Tools

  • Backup Software

  • Tools that Cost but Have Great Value


  • Silver Bullet Most Used Tools

  • CD/USB Security

  • Perimeter Security

  • Vulnerability Assessment

  • Password Recovery

  • Networking Scanning

  • Data Rescue and Restoration

No silver bullet l.jpg
No Silver Bullet

  • No Silver Bullet for network and system testing:

    • Determine your needs

    • Finding the right tools

    • Using the right tool for the job

My most used tools l.jpg
My Most Used Tools:

  • Google (Get Google Hacking book)

    • The Google Hacking Database (GHDB)


  • SuperScan 4

    • Network Scanner find open ports (I prefer version 3)


  • Cain and Abel

    • (the Swiss Army knife) Crack passwords crack VOIP and so much more


  • NMap

    • (Scanning and Foot printing)


  • Nessus

    • (Great system wide Vulnerability scanner)


My most used tools 2 l.jpg
My Most Used Tools 2:

  • Ethereal or Wireshark

    • (packet sniffers Use to find passwords going across network)

      • SSL Passwords are often sent in clear text before logging on



  • Metasploit

    • (Hacking made very easy)


  • BackTrack or UBCD4WIN Boot CD

    • (Cleaning infected PC’s or ultimate hacking environment will run from USB)



  • Read notify

    • (“registered” email)


  • Virtual Machine for pen testing

    • (Leaves “no” trace)

Security testing boot cd usb l.jpg
Security Testing Boot CD/USB:

  • Bart PE or UBCD4WIN



  • Back Track (one of the more powerful cracking network auditing packages)


  • Other Linux CD

    • Trinity Rescue Kit (recover/repair dead Windows or Linux systems)


    • KNOPPIX (recover/repair dead systems and several security tools)


Secure your perimeter l.jpg
Secure Your Perimeter:

  • DNS-stuff and DNS-reports

    • http://www.dnsstuff.com

  • Are you blacklisted?

  • Test your e-mail system

  • Check your HTML code for errors –

    • (Also use WIN HTTrack for offline testing)

  • Shields UP and Leak test



  • Other Firewall checkers


  • Tools to assess vulnerability l.jpg
    Tools to Assess Vulnerability

    • Nessus(vulnerability scanners)


    • Snort (IDS - intrusion detection system)


    • Metasploit Framework (vulnerability exploitation tools) Use with great caution and have permission


    Password recovery tools l.jpg
    Password Recovery Tools:

    • Fgdump (Mass password auditing for Windows)


    • Cain and Abel (password cracker and so much more….)


    • John The Ripper (password crackers)


    • RainbowCrack : An Innovative Password Hash Cracker tool that makes use of a large-scale time-memory trade-off.


    Change discover win passwords l.jpg
    Change/Discover Win Passwords

    • Windows Password recovery - Can retrieve forgotten admin and users' passwords in minutes. Safest possible option, does not write anything to hard drive.

    • Offline NT Password & Registry Editor - A great boot CD/Floppy that can reset the local administrator's password.

    • John the Ripper - Good boot floppy with cracking capabilities.

    • Emergency Boot CD - Bootable CD, intended for system recovery in the case of software or hardware faults.

    • Austrumi - Bootable CD for recovering passwords and other cool tools.

    Networking scanning l.jpg
    Networking Scanning

    • MS Baseline Analyzer


    • The Dude (Great mapper and traffic analyzer)


    • Getif (Network SNMP discovery and exploit tool)


    • SoftPerfect Network Scanner


    • HPing2 (Packet assembler/analyzer)


    • Netcat (TCP/IP Swiss Army Knife)


    • TCPDump (packet sniffers) Linux or Windump for windows

      • and

    • LanSpy (local, Domain, NetBios, and much more)


    File rescue and restoration l.jpg
    File Rescue and Restoration:

    • Zero Assumption Digital Image rescue


    • Restoration File recovery


    • Free undelete


    • Effective File Search : Find data inside of files or data bases


    Discover securely delete important information l.jpg
    Discover & Securely Delete Important Information:

    • Windows and Office Key finder/Encrypting

      • Win KeyFinder (also encrypts the keys)


      • ProduKey (also finds SQL server key)


    • Secure Delete software

      • Secure Delete


    • DUMPSEC — (Dump all of the registry and share permissions)


    • Win Finger Print (Scans for Windows shares, enumerates usernames, groups, sids and much more )


    Application and data base tools l.jpg
    Application and Data Base Tools

    • N-Stealth – an effective HTTP Security Scanner


    • WINHTTrack – Website copier


  • SQLRecon (SQLRecon performs both active and passive scans of your network in order to identify all of the SQL Server/MSDE installations)


  • Absinthe (Tool that automates the process of downloading the schema & contents of a database that is vulnerable to Blind SQL Injection.)


  • Appdetective l.jpg

    • AppDetective discovers database applications and assesses their security strength

    • AppDetective assess two primary application tiers - application / middleware, and back-end databases - through a single interface

    • AppDetective locates, examines, reports, and fixes security holes and misconfigurations


    • Cost $900

    Encryption software l.jpg
    Encryption Software:

    • Hard drive or Jump Drives

      • True Crypt for cross platform encryption with lots of options


      • Dekart its free version is very simple to use paid version has more options



    • Email or messaging

      • PGP for encrypting email


    Wireless tools l.jpg
    Wireless Tools:

    • Aircrack : The fastest available WEP/WPA cracking toolAircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking. It can recover a 40 through 512-bit WEP or WPA 1 or 2

      • The suite includes

        • airodump (an 802.11 packet capture program)

        • aireplay (an 802.11 packet injection program)

        • aircrack (static WEP and WPA-PSK cracking)

        • airdecap (decrypts WEP/WPA capture files)


    • Net Stumbler (finds wireless networks works well)


    • Kismet (wireless tools or packet sniffers)


    Virtual machines l.jpg
    Virtual Machines

    • Xen for Linux


    • VM server or VM workstation for booting Part Pe ISO’s or Remote Exploit


    • MS Virtual Server (slower but very easy to use)


    • VM’s can be used to run auditing applications that typically would require a dedicated server

    Network toolbox u3 l.jpg
    Network Toolbox U3

    • Analyzers

    • Network monitors

    • Traffic Generators

    • Network Scanners

    • IDS

    • Network Utilities

    • Network Clients

    • Secure Clients

    • SNMP

    • Web

    • Auditing Tools

    • Password revealers

    • System Tools

    • Supplementary tools (Dos prompt, Unix shell, etc..)


    Usb switchblade l.jpg
    USB Switchblade

    • Access all stored passwords on a windows computer

      • [System info] [Dump SAM] [Dump Product Keys] [Dump LSA secrets (IE PWs)] [Dump Network PW] [Dump messenger PW] [Dump URL History]

    • Available at

    • Plug U3 Drive in any windows XP/2000/2003 computer

    • Wait about 1 minute

    • Eject Drive

    • Go to run on the start menu, then type x:\Documents\logfiles (x = flash drive letter) then press enter

    • Look at username and passwords or start cracking hashed windows passwords

    Digital forensic tools l.jpg
    Digital Forensic Tools

    • The Sleuth Kit and Autopsy Browser. Both are open source digital investigation tools (digital forensic tools)


    • Boot CD

      • UBCD4WIN




    Backup software l.jpg
    Backup Software

    • SyncBack


      • Secure: Encrypt a zip file with a 256-bit AES encryption

      • Copy Open Files (XP/2003)

      • Compression: You can compress an unlimited size, and an unlimited number of files. (Paid)

      • Performance & Throttling limit bandwidth usage, (Paid)

      • FTP and Email :Backup or sync files with an FTP server. Auto email the results of your backup

      • Overview PPT on my web site


    Tools that cost but have great value l.jpg
    Tools That Cost But Have Great Value:

    • Spy Dynamics Web Inspect

    • QualysGuard

    • EtherPeek

    • Netscan tools Pro (250.00 full network forensic reporting and incident handling)

    • LanGuard Network Scanner

    • AppDetective (Data base scanner and security testing software)

    • Air Magnet (one of the best WIFI analyzers and rouge blocking)

    • RFprotect Mobile

    • Core Impact (complete vulnerability scanning and reporting)

    • WinHex– (Complete file inspection and recovery even if corrupt ) Forensics and data recovery

    Slide28 l.jpg

    • Resources are available at

      • Files and suggestions


      • Security and Information Assurance Links


      • PPT for this and VM Security


    • Best Step by Step Security Videos Free


    • Shameless plug

      • Virtual Server Security Presentation

      • Thursday 9:30AM Location: Salon 7