Budget Crunch? Free Tools for Securing and Improving Your Network Ernest Staats [email protected] MS Information Assurance, CISSP, MCSE, CNA, CWNA, CCNA, Security+, I-Net+, Network+, Server+, A+ Resources available @ http://www.es-es.net
Budget Crunch? Free Tools for Securing and Improving Your Network Ernest Staats [email protected] MS Information Assurance, CISSP, MCSE, CNA, CWNA, CCNA,
Dec 17, 2015
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Budget Crunch? Free Tools for Securing and Improving Your
Network
Ernest Staats [email protected] MS Information Assurance, CISSP, MCSE, CNA, CWNA, CCNA,
Security+, I-Net+, Network+, Server+, A+
Resources available @ http://www.es-es.net
Partial List of Tools• CD/USB Security (UBCD4Win,
BackTrack, Hacksaw, U3 Security tools)
• What is on your network (Dude, Cain, SuperScanner, Getif)
• Discover Bandwidth hogs (Wireshark, Dude, Qcheck)
• Find current security issues (Nessus, MBSA, Cain Metasploit, BackTrack)
• Password Recovery (Cain, UBCD4Win, BackTrack, John the Ripper)
• Application and Data Base Tools (SQL recon, Metasploit , HPing2, N-Stealth, N-Stealth, Absinthe)
• Encryption Software (True Crypt, Dekart, Windows)
• Wireless Tools (Air Crack, Net Stumbler, Kismet, Cain, Qcheck)
• Virtual Machines (Vmware, MSVirtual Server, Xen, Virtual Iron)
• Perimeter Security (DNS-stuff ,DNS-reports, Open DNS, Firewall check, Security space namap, Nessus)
• Data Rescue and Restoration (SyncBack, Restoration, Zero Assumption ,Free undelete,)
• PC Security (DumpSec, Winfingerprint, Winaudit, MBSA, Windows defender XP-Vista)
• Securely Transfer files (WinSCP, TeraTerm, SyncBack)
• Tiny URL (http://tinyurl.com )
• There is no one Swiss Army knife when it comes to security:– Determine your needs
• Restoring Deleted files
• File Shredding
• Network analysis
• Encryption
• Filtering
– Find the right tools– Use the correct tool for the job
No One Tool Fits All as some claim
• Open DNS-- – Another layer to block proxies and adult sites; http://www.opendns.com/
• Ccleaner – Removes unused files and other software that slows down your PC;
http://www.ccleaner.com/ • PC Decrapifier
– The PC Decrapifier will uninstall many of the common trial ware and annoyances found on new PCs. Free for personal use and 20$ per tech who will use it; http://tinyurl.com/28r8ko
• File Shredder – A fast, safe and reliable tool to shred company files;
http://www.fileshredder.org/ • The Dude
– Auto network discovery, link monitoring, and notifications supports SNMP, ICMP, DNS and TCP monitoring; http://tinyurl.com/mulky
• WinAudit – Audits Windows® based computers. Just about every aspect of computer
inventory is examined. Also can automate inventory administration at the network level; http://tinyurl.com/27pk6t
• Soft Perfect Network Scanner – A multi-threaded IP, SNMP and NetBIOS scanner. Very easy to use;
http://tinyurl.com/2kzpss • SyncBack
– File Backup software; http://tinyurl.com/fmtel
My Most Used Tools:
Dude Screen Shot
• Aidia 32 – System information, diagnostics and benchmarking for Win32 platforms. Screen shots, remote
control, AIDA32 will extract details of all components of the PC. You can display information print it or save it to a .. XML, HTML or CSV.
– http://tinyurl.com/2j9ro8 • SuperScan 4
– Network Scanner finds open ports (I prefer version 3) http://tinyurl.com/2z42uy • Nmap
– Scanning and Foot printing http://tinyurl.com/3dfk7v • Cain and Abel
– the “Swiss Army knife” Cracks passwords, VOIP, and so much more– http://tinyurl.com/53vmz
• Wire Shark – http://tinyurl.com/yclvno
• Autoruns – shows the programs that run during system boot up or login– http://tinyurl.com/3adktf
• Iron Geek – Step by step security training http://tinyurl.com/bzvwx
• Three finger salute (CTR+ALT+DEL)• Default Password List
– http://tinyurl.com/39teob • Nessus
– Great system wide vulnerability scanner http://tinyurl.com/3ydrfu • The Google Hacking Database (GHDB)
– http://tinyurl.com/2mxe2h
Oldies but Goodies
Open DNS
• Phishing Protection
• We operate PhishTank.com, the world's most trusted source of phishing data. We integrate that data into an intelligence feed on our DNS servers to keep everyone on your network safe from phony sites trying to steal personal information.
• Domain Blocking
• You want to secure your network and have control over what resolves. We give you that control by providing the tools to block any website or DNS zone on the Internet, all through an easy-to-use interface.
• Adult Site Blocking
• Safeguard your kids, protect your students, or limit your corporate liability by blocking adult websites. Our adult site blocking solution can be deployed in minutes and provides granular levels of blocking. Did we mention it's completely free?
• Web Proxy Blocking
• Prevent people on your network from bypassing the access restrictions you put in place. Blocking Web proxies helps ensure your network remains secure.
Cain and Abel Local Passwords
Nessus Summary
My Most Used Tools 2:• Wireshark
– Packet sniffer used to find passwords and other important network errors going across network
– SSL Passwords are often sent in clear text before logging on – http://tinyurl.com/yclvno
• Metasploit – Hacking/networking security made easy– http://www.metasploit.com/
• BackTrack or UBCD4WIN Boot CD – Cleaning infected PC’s or ultimate hacking environment. Will run
from USB– http://tinyurl.com/2y2jdj – http://tinyurl.com/38cgd5
• Read notify – “Registered” email– http://www.readnotify.com/
• Virtual Machine – For pen testing – http://tinyurl.com/2qhs2e
http://www.virtualiron.com/
Wireshark Screen Shot
Security Testing Boot CD/USB:• Bart PE or UBCD4WIN
– http://www.bartpe.com– http://www.ubcd4win.com
• UBCD – hardware testing including BIOS; HD cloning, recovery, destruction
tools, ram testing, and so much more– http://www.ultimatebootcd.com/download.html
• Back Track – one of the more powerful cracking network auditing packages– http://www.remoteexploit.org
• KNOPPIX – recover/repair dead systems and several security tools– http://www.knoppix.net/
BackTrack
UBCD4WIN/BartPE
Perimeter Security:• DNS-stuff and DNS-reports
– http://www.dnsstuff.com
– http://www.dnsreports.com
– Are you blacklisted?– Test your e-mail system– Check your HTML code for errors
• WINHTTrack – For offline testing– http://tinyurl.com/2qukbx
• Open DNS– http://www.opendns.com/
• Firewall checkers– www.firewallcheck.com
• Security Space– http://tinyurl.com/cbsr
Tools to Assess Vulnerability • Nessus
– Vulnerability scanners– http://www.nessus.org
• Snort – IDS - intrusion detection system– http://www.snort.org
• Metasploit Framework – Vulnerability exploitation tools– Use with great caution and have permission– http://tinyurl.com/3d57vu
• MBSA Microsoft Baseline Security Analyzer (MBSA) – Used to determine their security state and specific remediation
guidance– http://tinyurl.com/39vfhe
Password Recovery Tools:• Fgdump
– Mass password auditing for Windows– http://tinyurl.com/2c7hf4
• Cain and Abel – Password cracker and so much more….– http://tinyurl.com/dlvva
• John The Ripper – Password crackers– http://tinyurl.com/26kt7p
• RainbowCrack – An Innovative Password Hash Cracker tool that makes use of a
large-scale time-memory trade-off.
– http://tinyurl.com/ysfgtx
Change/Discover Win Passwords• Windows Password recovery - Can retrieve forgotten
admin and users' passwords in minutes. Safest possible option, does not write anything to hard drive.
• Offline NT Password & Registry Editor - A great boot CD/Floppy that can reset the local administrator's password.
• John the Ripper - Good boot floppy with cracking capabilities.
• Emergency Boot CD - Bootable CD, intended for system recovery in the case of software or hardware faults.
• Austrumi - Bootable CD for recovering passwords and other cool tools.
Networking Scanning• MS Baseline Analyzer
– http://tinyurl.com/27obrz
• The Dude – Great for mapping and analyzing traffic– http://tinyurl.com/2kzejg
• Getif – Network SNMP discovery and exploit tool– http://tinyurl.com/23uhdo ]
• SoftPerfect Network Scanner– http://www.softperfect.com/
• Enumerate Windows Shares – Start – Run - \\IP\C$ Login is administrator Password Start – Run \\(server
name or IP)
• Enumerate Windows Directory– LDAP query – Dump Accounts and Groups on a 2000/2003 Server Tool is
on the Windows 2000/2003 Server CD (LDP.EXE)
Networking Scanning cont.• HPing2
– Packet assembler/analyzer– http://www.hping.org
• Netcat – TCP/IP Swiss Army Knife– http://tinyurl.com/2r4fx9
• TCPDump for Linux or Windump for Windows– packet sniffers– http://www.tcpdump.org and http://tinyurl.com/2gkvqq
• LanSpy – local, Domain, NetBios, Global and local users, policy settings and
much more– http://www.lantricks.com/• Qcheck • Checks network response time, throughput, and streaming
performance • http://tinyurl.com/3csl3l
File Rescue and Restoration:• Zero Assumption
– Digital Image rescue– http:// http://tinyurl.com/372643
• Restoration File Recovery – http://tinyurl.com/2ymm46
• Free Undelete– http://tinyurl.com/2tp2zd
• Effective File Search – Find data inside of files or data bases– http://tinyurl.com/ynojg6
Discover & Securely Delete Important Information:
• Windows and Office Key finder/Encrypting – Win KeyFinder (also encrypts the keys)
• http://www.winkeyfinder.tk/ – ProduKey (also finds SQL server key)
• http://www.nirsoft.net
• Secure Delete software– Secure Delete
• http://tinyurl.com/27p8uh
• File Shredder – has been developed as a fast, safe and reliable tool to shred
company files – http://www.fileshredder.org/
• DUMPSEC – Dump all of the registry and share permissions– http://www.somarsoft.com/
• Win Finger Print – Scans for Windows shares, enumerates usernames, groups, sids
and much more– http://tinyurl.com/2jeyto
Application and Data Base Tools• N-Stealth
– An effective HTTP/Web application Security Scanner – http://tinyurl.com/32owl7
• WINHTTrack– Website copier– http://tinyurl.com/ypmdq2
• SQLRecon – Performs both active and passive scans of your network in order
to identify all of the SQL Server/MSDE installations– http://tinyurl.com/3bgj44 – More SQL Tools http://tinyurl.com/3bgj44
• Absinthe – Tool that automates the process of downloading the schema &
contents of a database that is vulnerable to Blind SQL Injection– http://tinyurl.com/34catv
• WebInspect- SpyDynamics – 15 day trial against your web/application servers– http://tinyurl.com/359dsv
Encryption Software:• Hard drive or Jump Drives
– True Crypt for cross platform encryption with lots of options
• http://tinyurl.com/2ovdtm
– Dekart its free version is very simple to use paid version has more options
• http://tinyurl.com/2z6uv2• http://www.dekart.com/
• Email or messaging– PGP for encrypting email
• http://tinyurl.com/2w4g9q
Wireless Tools:• Aircrack
– The fastest available WEP/WPA cracking tool– A suite of tools for 802.11a/b/g WEP and WPA cracking– Can recover a 40 through 512-bit WEP or WPA 1 or 2– The suite includes
• airodump (an 802.11 packet capture program)• aireplay (an 802.11 packet injection program)• aircrack (static WEP and WPA-PSK cracking)• airdecap (decrypts WEP/WPA capture files)
– http://tinyurl.com/2xzyu6
• Net Stumbler – Finds wireless networks – http://wwww.netstumbler.com
• Kismet – Wireless tools or packet sniffers– http://wwww.kismetwireless.net
• Qcheck – Determine real application speeds in WIFI networks– http://tinyurl.com/3csl3l
Virtual Machines• Xen for Linux
– http://tinyurl.com/2pbmp4
• VM server or VM workstation – for booting Part Pe ISO’s or Remote Exploit – http://tinyurl.com/7gqmw
• MS Virtual Server – slower but very easy to use– http://tinyurl.com/33mhln
• MS Virtual PC – http://tinyurl.com/2jr7a7
• Virtual Iron– http://virtualiron.com
• VM’s can be used to run auditing applications that typically would require a dedicated server
Network Toolbox U3• Analyzers• Network monitors• Traffic Generators• Network Scanners• IDS• Network Utilities • Network Clients• Secure Clients• SNMP• Web• Auditing Tools• Password revealers• System Tools• Supplementary tools (Dos prompt, Unix shell, etc..)
– http://tinyurl.com/yttny6
USB Switchblade• Access all stored passwords on a windows computer
– [System info] [Dump SAM] [Dump Product Keys] [Dump LSA secrets (IE PWs)] [Dump Network PW] [Dump messenger PW] [Dump URL History]
• Available at http://tinyurl.com/2kwqgp
• Plug U3 Drive in any windows XP/2000/2003 computer• Wait about 1 minute• Eject Drive• Go to run on the start menu, then type x:\Documents\
logfiles (x = flash drive letter) then press enter• Look at username and passwords or start cracking
hashed windows passwords
Digital Forensic Tools• The Sleuth Kit and Autopsy Browser
– Open source digital investigation tools (digital forensic tools)– http://www.sleuthkit.org/
• Boot CD – UBCD4WIN
• http://www.ubcd4win.com
– BACKTRACK • http://www.remote-exploit.org/
• Disclaimer – Be very careful when it comes to doing any
forensic work as you can end up in Jail
Backup Software• SyncBack
– http://tinyurl.com/29elte Secure
• Encrypt a zip file with a 256-bit AES encryption– Copy Open Files (XP/2003)– Compression
• You can compress an unlimited size, and an unlimited number of files. (Paid)
– Performance & Throttling • limit bandwidth usage, (Paid)
– FTP and Email• Backup or sync files with an FTP server. Auto email the
results of your backup
– Overview PPT on my web site• http://www.es-es.net/
• WinSCP
– wraps a friendly GUI interface around the command-line switches needed to copy files between Windows and Unix/Linux
– http://tinyurl.com/yvywqu
• Nagios– Highly configurable, flexible network resource monitoring tool. – http://www.nagios.org/
• EventSentry – Allows you to consolidate and monitor event logs in real-time, as well
as monitor performance, disk space, services, processes and software/hardware installations on servers and workstations.
– Additional features include temperature & humidity monitoring, motion/smoke/water detection, process, logon and print tracking for audit purposes
– http://tinyurl.com/2g64sy
• WSUS– Administrators can fully manage the distribution of updates that are
released through Microsoft Update to computers in their network. – http://tinyurl.com/22anrz
Network Tools Misc.
Network Tools Misc.
• SyncToy – Used for copying, moving, and synchronizing different
directories http://tinyurl.com/3b3wrd
• PsTools – manage remote systems as well as the local one
http://tinyurl.com/2xq8nu
• FoundStone – Hack Pack: a collection of several hacking/security tools
http://tinyurl.com/22bap7
• 22 Essential Mac utilities – http://tinyurl.com/2er2je
Q&A • Resources are available at
– Files and suggestions • http://www.es-es.net/9.html
– Security and Information Assurance Links• http://www.es-es.net/6.html
– PPT for this and VM Security • http://www.es-es.net/3.html
• Best Step by Step Security Videos Free– http://www.irongeek.com
• Build a slipstream Windows install CD at http://tinyurl.com/4n7y5
Fun Tools• YouSendit
– Send large files for free up to 100mb – www.yousendit.com
• Odeo – Setup your own free podcast – www.odeo.com
• Tiny URL – Make long URL’s short and easy to remember – http://tinyurl.com/
QCheck• Qcheck, the network troubleshooting utility from Ixia, slices, dices, and checks network response
time, throughput, and streaming performance. It even runs anywhere-to-anywhere traceroute!
• Qcheck provides a more realistic assessment of network performance. While Ping tracks the response time of ICMP (Internet Control Message Protocol) messages, Qcheck sends real application flows across the network to test connectivity and performance. When Qcheck tests network response time, it determines how well real client/server applications will perform on the network. In addition, Qcheck tests network throughput, which is a more appropriate measurement than response time for determining how well an FTP or similar application will perform.
• Qcheck tests can determine whether a network can support multimedia traffic. Qcheck can test a network link using the application flows generated by streaming multimedia applications. Qcheck will determine at what rate streaming traffic is received and how much packet loss is occurring.
• Qcheck can test network performance between any two computers in your network once they have Performance Endpoints installed. With Ping, a user is limited to testing the network connectivity between his or her own computer and another computer. A Qcheck user can test network performance between any two workstations on his or her network, regardless of their location, once a Performance Endpoint is installed.
• Qcheck supports multiple protocols. Unlike Ping, Qcheck supports the variety of protocols that are present in most network environments. Qcheck can test the performance of TCP, UDP, SPX, and IPX networks.
• Qcheck provides diagnostic information about end systems. Qcheck gives you a glimpse into a computer that may identify whether that particular computer is causing a network performance problem. Reports from Qcheck indicate an endpoint computer's physical memory, operating system levels, and (for streaming tests) CPU utilization, useful indicators of network performance.
• Qcheck's traceroute tests collect information about network hops and hop latency between endpoints. Traceroute information helps locate network problems down to the level of a specific router.
Related Documents
