Security Tools More Harmful Than Helpful?

soblasted writes "With the recent 2.0 release of the Metasploit Framework, people are wondering if security tools like it do more good than harm. This article attempts to answer the question. The legitimate use of the framework is for security researchers to use in exploit testing and development.It will run on any OS with Perl, and includes a CLI and web GUI, along with many ready to run exploits and payload modules. With HP also developing systems to preemptively attack their own networks, has this become acceptable?" This issue reminds me of the first release of SATAN and the uproar it caused.

re: metasploit

[brennz]

Metasploit is similar to Core Impact.

I'll gladly add this to my tools, without any cash outlay.

Want more security tools?

Re:Patching is a faulty security paradigm

[gtall]

It will not be the one of the few things M$ actually innovated. I learned about capability based architectures back in 1976 and I believe they were "innovated" in the '60's, but security wasn't such a problem back then. Here's a url for 1980's article. You can pick up the trail there:

http://portal.acm.org/citation.cfm?id=850709&dl= AC M&coll=portal

Other Useful Utilities

[Inhibit]

NMAP Port scanner from insecure.org

SATAN the aformentioned Security Admin Tool for Analyzing Networks.

TripWire for checking when someone's trying to access your system, and stopping them.

Shorewall a relatively easy to set up firewall-in-a-box for Linux.