Slashdot Mirror

← Back to Stories (view on slashdot.org)

Nmap Security Tool Survey

Posted by michael on from the portscanning-for-fun-and-profit dept.

spring writes "Every so often, the author of everyone's favorite network reconnaissance tool, nmap, runs a survey to determine which security-oriented software products are most popular. This year's tool survey was just released, and it contains some interesting results. Old favorites like Nessus, Snort, Netcat, and Ethereal made the list, of course. SAINT and SARA are still around. But a number of new tools appeared this year, like Windows-only GFI LANguard, SuperScan, and Cain & Abel. Nikto and Kismet demonstrate the growing importance of wireless networks. The survey contains many good tools. Certainly worth a read."

9 of 104 comments (clear)

  1. Security tools are awesome, but.... by whiteranger99x · · Score: 5, Insightful

    remember that these tools aren't going to be the "end all/be all" of network security.

    You also have to have a good preventive security plan, which these tools will help out in. However, there should also be a plan of action should these security measures get bypassed (i.e. an insider job, program exploits, trojans, etc...)

    But that's just my contention...

    --
    Join the TWIT army now!
    1. Re:Security tools are awesome, but.... by FiDooDa · · Score: 5, Insightful

      remember that these tools aren't going to be the "end all/be all" of network security.

      isn't why they are called tools and not solutions ?!?!

    2. Re:Security tools are awesome, but.... by whiteranger99x · · Score: 3, Insightful

      Isn't why they are called tools and not solutions ?!?!

      Fair enough, I agree with you there. I simply meant to say that sometimes these tools are referred to as a complete solution, which is most likely a misnomer.

      --
      Join the TWIT army now!
    3. Re:Security tools are awesome, but.... by FiDooDa · · Score: 2, Insightful

      sometimes these tools are referred to as a complete solution, which is most likely a misnomer.

      sooo true, I (unfortunately) witnessed it too many times.

    4. Re:Security tools are awesome, but.... by SEWilco · · Score: 4, Insightful

      There is also no requirement to depend upon a single tool. Having alarms on your doors doesn't protect your windows. Perimeter detectors establish a fence, while tripwires, beams, and area detectors offer notification of activity in different ways -- and design is affected by issues such as whether or not you have a cat. Don't limit your design to only using one tool, consider your needs and the variety of tools.

    5. Re:Security tools are awesome, but.... by jjb · · Score: 3, Insightful
      I totally agree. But they're tools, not "solutions."


      Anyway, Defense in Depth is always good -- if an attacker penetrates the firewall, it's good to have hosts that are harder to crack. If the host gets cracked, you'd want to have an incident response plan and policy so that you can contain the damage.


      In Bastille Linux's defense, we try very hard to educate the sysadmin/user so they'll make better decisions. Bastille tries to educate the user, to help her build a good hardening policy for her hosts and hopefully her site.


      And that education is one of the few things that will actually keep your sysadmins or users from blowing the entire site's security away with a bad decision... Who cares if you're proactively scanning for open ports when you don't know why some of those open ports are worse than others? Your admin has to know that allowing Samba/CIFS/Windows filesharing through the perimeter firewall is asking to be hurt badly. Your admin has to know that setting every Unix box to give root via rsh from a particular (spoofable) IP addess is asking for a domino effect.


      Education, unfortunately, is the hardest step.

  2. Re:Ethereal a security tool ? by the+uNF+cola · · Score: 4, Insightful

    You'd be surprised. tcpdump/ethereal is great for say, when some jerk is trying to DOS you and you need to know how.

    Knowing the how allows you to put in filters. Filters allows you to operate.

    --

    --
    "I'm not bright. Big words confuse me. But Wanda loves me and that should be enough for you." - Cosmo

  3. Re:Ethereal a security tool ? by hbackert · · Score: 4, Insightful

    It's a nice way to check a connection is not made, that packets do not go out of one or another interface, that traffic is encrypted. tcpdump can do the same (except follow TCP traffic, which is very enlightning for users who like telnet).

    So while Ethereal does not increase security by itself, it does add security by making it possible to check out the packets. That makes is IMHO a security tool.

  4. Re:Strangely enough... by jareds · · Score: 2, Insightful

    Your analogy to file sharing is bad. A better analogy would be to weapons.

    In some la-la fantasy world where violence does not exist, no one would no needs weapons for self-defense. In reality, however, not allowing weapons puts the law-abiding at the mercy of criminals, who may still yet possess illegal weapons.

    In some la-la fantasy world where exploits do not exist, no would need to audit their network for security holes. In reality, however, not allowing such tools would leave law-abiding network administrators at the mercy of those who would scan their networks with an illegal tool and discover holes that the administrators have never even heard of.

    When a technology A has "strong dark uses", but one of its legitimate uses is defending against technology A, and it is in fact one of the best ways of defending against A, it is clear that making it illegal is sheer folly. For unless you stamp it out entirely, you are worse off than you would be if it were legal, and you could at least use it against itself.