great tools for securing and testing your network
Skip this Video
Download Presentation
Great Tools for Securing and Testing Your Network

Loading in 2 Seconds...

play fullscreen
1 / 28

securitytools - PowerPoint PPT Presentation

  • Uploaded on

Great Tools for Securing and Testing Your Network. Ernest Staats [email protected] MS Information Assurance, CISSP, MCSE, CNA, CWNA, CCNA, Security+, I-Net+, Network+, Server+, A+ Resources available @ Application and Data Base Tools Encryption Software

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'securitytools' - Gideon

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
great tools for securing and testing your network

Great Tools for Securing and Testing Your Network

Ernest Staats [email protected] MS Information Assurance, CISSP, MCSE, CNA, CWNA, CCNA, Security+, I-Net+, Network+, Server+, A+

Resources available @


Application and Data Base Tools

  • Encryption Software
  • Wireless Tools
  • Virtual Machines
  • New USB Exploits
  • Digital Forensic Tools
  • Backup Software
  • Tools that Cost but Have Great Value
  • Silver Bullet Most Used Tools
  • CD/USB Security
  • Perimeter Security
  • Vulnerability Assessment
  • Password Recovery
  • Networking Scanning
  • Data Rescue and Restoration
no silver bullet
No Silver Bullet
  • No Silver Bullet for network and system testing:
    • Determine your needs
    • Finding the right tools
    • Using the right tool for the job
my most used tools
My Most Used Tools:
  • Google (Get Google Hacking book)
    • The Google Hacking Database (GHDB)
  • SuperScan 4
    • Network Scanner find open ports (I prefer version 3)
  • Cain and Abel
    • (the Swiss Army knife) Crack passwords crack VOIP and so much more
  • NMap
    • (Scanning and Foot printing)
  • Nessus
    • (Great system wide Vulnerability scanner)
my most used tools 2
My Most Used Tools 2:
  • Ethereal or Wireshark
    • (packet sniffers Use to find passwords going across network)
      • SSL Passwords are often sent in clear text before logging on
  • Metasploit
    • (Hacking made very easy)
  • BackTrack or UBCD4WIN Boot CD
    • (Cleaning infected PC’s or ultimate hacking environment will run from USB)
  • Read notify
    • (“registered” email)
  • Virtual Machine for pen testing
    • (Leaves “no” trace)
security testing boot cd usb
Security Testing Boot CD/USB:
  • Bart PE or UBCD4WIN
  • Back Track (one of the more powerful cracking network auditing packages)
  • Other Linux CD
    • Trinity Rescue Kit (recover/repair dead Windows or Linux systems)
    • KNOPPIX (recover/repair dead systems and several security tools)
secure your perimeter
Secure Your Perimeter:
  • DNS-stuff and DNS-reports
      • http://www.dnsstuff.com
    • Are you blacklisted?
    • Test your e-mail system
    • Check your HTML code for errors –
      • (Also use WIN HTTrack for offline testing)
  • Shields UP and Leak test
  • Other Firewall checkers
tools to assess vulnerability
Tools to Assess Vulnerability
  • Nessus(vulnerability scanners)
  • Snort (IDS - intrusion detection system)
  • Metasploit Framework (vulnerability exploitation tools) Use with great caution and have permission
password recovery tools
Password Recovery Tools:
  • Fgdump (Mass password auditing for Windows)
  • Cain and Abel (password cracker and so much more….)
  • John The Ripper (password crackers)
  • RainbowCrack : An Innovative Password Hash Cracker tool that makes use of a large-scale time-memory trade-off.
change discover win passwords
Change/Discover Win Passwords
  • Windows Password recovery - Can retrieve forgotten admin and users\' passwords in minutes. Safest possible option, does not write anything to hard drive.
  • Offline NT Password & Registry Editor - A great boot CD/Floppy that can reset the local administrator\'s password.
  • John the Ripper - Good boot floppy with cracking capabilities.
  • Emergency Boot CD - Bootable CD, intended for system recovery in the case of software or hardware faults.
  • Austrumi - Bootable CD for recovering passwords and other cool tools.
networking scanning
Networking Scanning
  • MS Baseline Analyzer
  • The Dude (Great mapper and traffic analyzer)
  • Getif (Network SNMP discovery and exploit tool)
  • SoftPerfect Network Scanner
  • HPing2 (Packet assembler/analyzer)
  • Netcat (TCP/IP Swiss Army Knife)
  • TCPDump (packet sniffers) Linux or Windump for windows
    • and
  • LanSpy (local, Domain, NetBios, and much more)
file rescue and restoration
File Rescue and Restoration:
  • Zero Assumption Digital Image rescue
  • Restoration File recovery
  • Free undelete
  • Effective File Search : Find data inside of files or data bases
discover securely delete important information
Discover & Securely Delete Important Information:
  • Windows and Office Key finder/Encrypting
    • Win KeyFinder (also encrypts the keys)
    • ProduKey (also finds SQL server key)
  • Secure Delete software
    • Secure Delete
  • DUMPSEC — (Dump all of the registry and share permissions)
  • Win Finger Print (Scans for Windows shares, enumerates usernames, groups, sids and much more )
application and data base tools
Application and Data Base Tools
  • N-Stealth – an effective HTTP Security Scanner
  • WINHTTrack – Website copier
  • SQLRecon (SQLRecon performs both active and passive scans of your network in order to identify all of the SQL Server/MSDE installations)
  • Absinthe (Tool that automates the process of downloading the schema & contents of a database that is vulnerable to Blind SQL Injection.)
  • AppDetective discovers database applications and assesses their security strength
  • AppDetective assess two primary application tiers - application / middleware, and back-end databases - through a single interface
  • AppDetective locates, examines, reports, and fixes security holes and misconfigurations
  • Cost $900
encryption software
Encryption Software:
  • Hard drive or Jump Drives
    • True Crypt for cross platform encryption with lots of options
    • Dekart its free version is very simple to use paid version has more options
  • Email or messaging
    • PGP for encrypting email
wireless tools
Wireless Tools:
  • Aircrack : The fastest available WEP/WPA cracking toolAircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking. It can recover a 40 through 512-bit WEP or WPA 1 or 2
    • The suite includes
      • airodump (an 802.11 packet capture program)
      • aireplay (an 802.11 packet injection program)
      • aircrack (static WEP and WPA-PSK cracking)
      • airdecap (decrypts WEP/WPA capture files)
  • Net Stumbler (finds wireless networks works well)
  • Kismet (wireless tools or packet sniffers)
virtual machines
Virtual Machines
  • Xen for Linux
  • VM server or VM workstation for booting Part Pe ISO’s or Remote Exploit
  • MS Virtual Server (slower but very easy to use)
  • VM’s can be used to run auditing applications that typically would require a dedicated server
network toolbox u3
Network Toolbox U3
  • Analyzers
  • Network monitors
  • Traffic Generators
  • Network Scanners
  • IDS
  • Network Utilities
  • Network Clients
  • Secure Clients
  • SNMP
  • Web
  • Auditing Tools
  • Password revealers
  • System Tools
  • Supplementary tools (Dos prompt, Unix shell, etc..)
usb switchblade
USB Switchblade
  • Access all stored passwords on a windows computer
    • [System info] [Dump SAM] [Dump Product Keys] [Dump LSA secrets (IE PWs)] [Dump Network PW] [Dump messenger PW] [Dump URL History]
  • Available at
  • Plug U3 Drive in any windows XP/2000/2003 computer
  • Wait about 1 minute
  • Eject Drive
  • Go to run on the start menu, then type x:\Documents\logfiles (x = flash drive letter) then press enter
  • Look at username and passwords or start cracking hashed windows passwords
digital forensic tools
Digital Forensic Tools
  • The Sleuth Kit and Autopsy Browser. Both are open source digital investigation tools (digital forensic tools)
  • Boot CD
    • UBCD4WIN
backup software
Backup Software
  • SyncBack
    • Secure: Encrypt a zip file with a 256-bit AES encryption
    • Copy Open Files (XP/2003)
    • Compression: You can compress an unlimited size, and an unlimited number of files. (Paid)
    • Performance & Throttling limit bandwidth usage, (Paid)
    • FTP and Email :Backup or sync files with an FTP server. Auto email the results of your backup
    • Overview PPT on my web site
tools that cost but have great value
Tools That Cost But Have Great Value:
  • Spy Dynamics Web Inspect
  • QualysGuard
  • EtherPeek
  • Netscan tools Pro (250.00 full network forensic reporting and incident handling)
  • LanGuard Network Scanner
  • AppDetective (Data base scanner and security testing software)
  • Air Magnet (one of the best WIFI analyzers and rouge blocking)
  • RFprotect Mobile
  • Core Impact (complete vulnerability scanning and reporting)
  • WinHex– (Complete file inspection and recovery even if corrupt ) Forensics and data recovery
  • Resources are available at
    • Files and suggestions
    • Security and Information Assurance Links
    • PPT for this and VM Security
  • Best Step by Step Security Videos Free
  • Shameless plug
    • Virtual Server Security Presentation
    • Thursday 9:30AM Location: Salon 7