Top Open Source Tools for Net­work Se­cu­rity: The Old and the New

OpenSource For You - - Contents -

Data se­cu­rity vul­ner­a­bil­i­ties can re­sult in tremen­dous losses, dam­age to rep­u­ta­tion, and even na­tional se­cu­rity threats. In this ar­ti­cle, we dis­cuss the top open source tools that will help sys­tems ad­min­is­tra­tors to en­hance net­work se­cu­rity. A few of these are time tested, while oth­ers are new en­trants try­ing to make a mark.

The past year has been a tur­bu­lent one for those in the cy­ber se­cu­rity do­main, with events rang­ing from large scale mal­ware at­tacks to the im­proper use of voter data in po­lit­i­cal cam­paigns hog­ging the head­lines. Pri­vacy con­cerns have risen to the fore with the Euro­pean Union com­ing down heav­ily on the un­reg­u­lated and pos­si­bly un­eth­i­cal use of per­sonal data with the in­tro­duc­tion of the GDPR (Gen­eral Data Pro­tec­tion Reg­u­la­tion). There have been cy­ber at­tacks ga­lore, with­out ma­jor pub­lic in­ci­dent, save for the ‘small’ is­sue of mil­lions of com­put­ers at­tacked by Wan­naCry and its suc­ces­sor, Petya.

Of course, the ma­jor leaks in the past year in­cluded parts of the CIA and NSA tool­kits, and strate­gies to em­ploy vul­ner­a­bil­ity bro­kers – over­all, the year ex­posed the dark and murky se­crets em­ployed by the top in­tel­li­gence agencies in their all-out ef­fort to gain an edge in counter-ter­ror­ism ef­forts.

On the cor­po­rate front, fresh from the Cam­bridge An­a­lyt­ica scan­dal, Face­book an­nounced a horde of changes tar­geted at al­le­vi­at­ing user con­cerns re­gard­ing pri­vacy. Amid all the furore over data, pri­vacy and ethics, nu­mer­ous tools have been in­tro­duced to ad­dress cy­ber se­cu­rity con­cerns. In this ar­ti­cle, we delve into the list of the top open source tools for net­work se­cu­rity and a few new en­trants.

The di­rec­tion of growth

The past few years have seen the world plagued by large scale pass­word leaks, DDoS at­tacks on widely used code host­ing web­sites and, most re­cently, the ac­ci­den­tal ex­po­sure of plain­text pass­words by lead­ing so­cial net­works. The re­cent fo­cus on ethics and pol­icy re­gard­ing data us­age has seen much de­bate over the very def­i­ni­tion of ethics. Over­all, the in­dus­try seems to be grow­ing more re­spon­sive to user con­cerns as most com­pa­nies are fall­ing in line with the GDPR, which has been rat­i­fied within the Euro­pean Union. While the in­tru­sion de­tec­tion and se­cu­rity markets are largely catered to by the likes of pro­pri­etary of­fer­ings like McAfee, Sy­man­tec and Ju­niper, var­i­ous open source vari­ants are also be­ing de­ployed within a large num­ber of cor­po­rates. In­tru­sion pre­ven­tion and de­tec­tion has been the ma­jor fo­cus in the launch­ing of such tools. Let’s look at what’s on of­fer un­der the fol­low­ing two cat­e­gories–the good old leg­ends of net­work se­cu­rity and the new­com­ers find­ing a foothold in the in­dus­try.

The stal­warts

NMAP: Pos­si­bly the most pop­u­lar port scan­ning tool of all time, NMAP has been go­ing strong with an ac­tive com­mu­nity to back its de­vel­op­ment and adop­tion across the world. It is used to scan and map the net­work and var­i­ous ports, and is backed by a pow­er­ful set of NSE scripts that can be em­ployed to test and de­tect mis­con­fig­u­ra­tions and se­cu­rity is­sues on the net­work. NMAP also sports its own ver­sion of Net­cat, which is touted to be more pow­er­ful than the orig­i­nal. It has seen the ad­di­tion of OS fin­ger­print­ing fea­tures and the ex­pan­sion of the NSE scripts, among other per­for­mance im­prove­ments.

The Me­tas­ploit Frame­work: Im­pos­si­ble to miss out on, the Me­tas­ploit Frame­work fo­cuses on de­fence from the view of the at­tacker. It of­fers a tool­kit tai­lored to aid the se­cu­rity team in ag­gres­sively test­ing its own sys­tem for vul­ner­a­bil­i­ties

—to per­form se­cu­rity au­dits, and gen­er­ate re­ports and as­sess­ments. The soft­ware com­prises an arse­nal of tools with con­tri­bu­tions by ex­pe­ri­enced pen­e­tra­tion testers in or­der to arm the de­fend­ers of a sys­tem against the

strate­gies adopted by at­tack­ers.

Kali Linux: Most tried and tested ap­proaches to pen­e­tra­tion test­ing use the leg­endary Kali Linux sys­tem.

Kali of­fers an en­tire op­er­at­ing sys­tem ded­i­cated to the sin­gle task of emulating an in­fil­tra­tor within the net­work. It is sup­ported by a ro­bust de­vel­op­ment en­vi­ron­ment with thou­sands of pack­ages avail­able for use. Re­cent re­leases have fo­cused on ad­dress­ing the much-hyped Spec­tre and Melt­down vul­ner­a­bil­i­ties and now sup­port hard­ware-level en­cryp­tion of sorts.

Bro IDS: Mar­keted as the soft­ware that has suc­cess­fully brought to­gether re­search and im­ple­men­ta­tion, Bro is an in­tru­sion de­tec­tion sys­tem that has been de­vel­oped at Berke­ley and the Na­tional Cen­tre for Su­per­com­put­ing Ap­pli­ca­tions at Ur­bana-Cham­paign, Illi­nois, USA. Fo­cus­ing on net­work se­cu­rity and mon­i­tor­ing, it pro­vides a com­pre­hen­sive plat­form for net­work traf­fic anal­y­sis.

Wire­shark: Run­ning on Win­dows, OS X, and UNIX, Wire­shark is one of the most ef­fec­tive net­work packet anal­y­sers. It of­fers a va­ri­ety of cap­tur­ing and analysing op­tions, along with a wellde­signed in­ter­face to vi­su­alise and view the con­tents and de­tails of the cap­tured data. Al­ter­na­tives that fo­cus on the com­mand line ex­e­cu­tion in­clude Tshark and Tcp­dump.

So­cial Engi­neer­ing Tool­kit

(SET): One of the more fun tools to play around with, the SET presents, quite lit­er­ally, a menu of op­tions that can be lever­aged to ex­ploit the hu­man fac­tors that im­pact the sys­tem. It fo­cuses on phish­ing, mal­ware de­liv­ered via in­fected PDF files and other so­cial engi­neer­ing prac­tices that can be used to by­pass the se­cu­rity rules within a sys­tem. Us­ing SET, se­cu­rity teams can de­sign and de­ploy in­ter­nal at­tacks on mem­bers of the or­gan­i­sa­tion in or­der to test the se­cu­rity aware­ness and re­silience of the net­work.

The new en­trants

We now shift our fo­cus to a few note­wor­thy tools that caught our at­ten­tion based on their pop­u­lar­ity in the open source com­mu­nity.

WiPi Hunter: This is de­signed to de­tect il­le­gal wire­less net­work ac­tiv­i­ties per­formed by spe­cial soft­ware and hard­ware, and com­prises var­i­ous mod­ules in­volv­ing fake ac­cess points for mon­i­tor­ing and anal­y­sis, de­tec­tion of at­tacks us­ing KARMA, apart from cal­cu­lat­ing a wire­less se­cu­rity score.

WHID or WiFi-HID In­jec­tor: Since the ini­tial ap­pear­ance of HID at­tacks, many tools and de­vices to guard against them have been re­leased. How­ever, of­fen­sive se­cu­rity re­searchers were al­ways seek­ing cheap and ded­i­cated hard­ware that could be con­trolled re­motely and that’s how the WHID In­jec­tor was born. It has been de­signed us­ing an At­mega 32u4 and an ESP-12, which means it can be eas­ily con­trolled over the Wi-Fi net­work and po­ten­tially by­pass air-gapped en­vi­ron­ments.

Le­viathan Frame­work: Le­viathan is a mass-au­dit tool­kit com­pris­ing var­i­ous fea­tures in­clud­ing SQL in­jec­tion, cus­tom ex­ploits, brute force at­tacks and wide range ser­vice dis­cov­ery. It of­fers the flex­i­bil­ity of us­ing tools like dsss, masss­can and ncrack, or a com­bi­na­tion of these. The goal is to au­dit as many sys­tems as pos­si­ble within a wide IP range.

LuLu: As its web­site states, the world has turned into a Web of con­nected de­vices. And of­ten, the root cause of these prob­lems is the very con­nec­tion that ini­ti­ated the Web. LuLu presents a fresh per­spec­tive; it is a fire­wall that aims to block all out­go­ing con­nec­tions un­less ex­plic­itly ap­proved by the user.

Fig­ure 2: Rapid7’s Me­tas­ploit Frame­work (Cred­its: me­tas­ploit.com)

Fig­ure 1: The NMAP tool (Cred­its: nmap.org)

Fig­ure 5: So­cial Engi­neer­ing Tool­kit

Fig­ure 8: Le­viathan Frame­work (Cred­its: tool­swatch.org)

Fig­ure 4: Wire­shark(Cred­its: how­touselinux.net)

Fig­ure 6: WiPi Hunter (Cred­its: tool­swatch.org)

Fig­ure 7: WHID In­jec­tor (Cred­its: tool­swatch.org)

Fig­ure 9: LuLu (Cred­its: hehack­to­day.com)

Fig­ure 3: Kali Linux (Cred­its: kali.org)

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.