OpenSource For You

Top Open Source Tools for Network Security: The Old and the New


Data security vulnerabil­ities can result in tremendous losses, damage to reputation, and even national security threats. In this article, we discuss the top open source tools that will help systems administra­tors to enhance network security. A few of these are time tested, while others are new entrants trying to make a mark.

The past year has been a turbulent one for those in the cyber security domain, with events ranging from large scale malware attacks to the improper use of voter data in political campaigns hogging the headlines. Privacy concerns have risen to the fore with the European Union coming down heavily on the unregulate­d and possibly unethical use of personal data with the introducti­on of the GDPR (General Data Protection Regulation). There have been cyber attacks galore, without major public incident, save for the ‘small’ issue of millions of computers attacked by WannaCry and its successor, Petya.

Of course, the major leaks in the past year included parts of the CIA and NSA toolkits, and strategies to employ vulnerabil­ity brokers – overall, the year exposed the dark and murky secrets employed by the top intelligen­ce agencies in their all-out effort to gain an edge in counter-terrorism efforts.

On the corporate front, fresh from the Cambridge Analytica scandal, Facebook announced a horde of changes targeted at alleviatin­g user concerns regarding privacy. Amid all the furore over data, privacy and ethics, numerous tools have been introduced to address cyber security concerns. In this article, we delve into the list of the top open source tools for network security and a few new entrants.

The direction of growth

The past few years have seen the world plagued by large scale password leaks, DDoS attacks on widely used code hosting websites and, most recently, the accidental exposure of plaintext passwords by leading social networks. The recent focus on ethics and policy regarding data usage has seen much debate over the very definition of ethics. Overall, the industry seems to be growing more responsive to user concerns as most companies are falling in line with the GDPR, which has been ratified within the European Union. While the intrusion detection and security markets are largely catered to by the likes of proprietar­y offerings like McAfee, Symantec and Juniper, various open source variants are also being deployed within a large number of corporates. Intrusion prevention and detection has been the major focus in the launching of such tools. Let’s look at what’s on offer under the following two categories–the good old legends of network security and the newcomers finding a foothold in the industry.

The stalwarts

NMAP: Possibly the most popular port scanning tool of all time, NMAP has been going strong with an active community to back its developmen­t and adoption across the world. It is used to scan and map the network and various ports, and is backed by a powerful set of NSE scripts that can be employed to test and detect misconfigu­rations and security issues on the network. NMAP also sports its own version of Netcat, which is touted to be more powerful than the original. It has seen the addition of OS fingerprin­ting features and the expansion of the NSE scripts, among other performanc­e improvemen­ts.

The Metasploit Framework: Impossible to miss out on, the Metasploit Framework focuses on defence from the view of the attacker. It offers a toolkit tailored to aid the security team in aggressive­ly testing its own system for vulnerabil­ities

—to perform security audits, and generate reports and assessment­s. The software comprises an arsenal of tools with contributi­ons by experience­d penetratio­n testers in order to arm the defenders of a system against the

strategies adopted by attackers.

Kali Linux: Most tried and tested approaches to penetratio­n testing use the legendary Kali Linux system.

Kali offers an entire operating system dedicated to the single task of emulating an infiltrato­r within the network. It is supported by a robust developmen­t environmen­t with thousands of packages available for use. Recent releases have focused on addressing the much-hyped Spectre and Meltdown vulnerabil­ities and now support hardware-level encryption of sorts.

Bro IDS: Marketed as the software that has successful­ly brought together research and implementa­tion, Bro is an intrusion detection system that has been developed at Berkeley and the National Centre for Supercompu­ting Applicatio­ns at Urbana-Champaign, Illinois, USA. Focusing on network security and monitoring, it provides a comprehens­ive platform for network traffic analysis.

Wireshark: Running on Windows, OS X, and UNIX, Wireshark is one of the most effective network packet analysers. It offers a variety of capturing and analysing options, along with a welldesign­ed interface to visualise and view the contents and details of the captured data. Alternativ­es that focus on the command line execution include Tshark and Tcpdump.

Social Engineerin­g Toolkit

(SET): One of the more fun tools to play around with, the SET presents, quite literally, a menu of options that can be leveraged to exploit the human factors that impact the system. It focuses on phishing, malware delivered via infected PDF files and other social engineerin­g practices that can be used to bypass the security rules within a system. Using SET, security teams can design and deploy internal attacks on members of the organisati­on in order to test the security awareness and resilience of the network.

The new entrants

We now shift our focus to a few noteworthy tools that caught our attention based on their popularity in the open source community.

WiPi Hunter: This is designed to detect illegal wireless network activities performed by special software and hardware, and comprises various modules involving fake access points for monitoring and analysis, detection of attacks using KARMA, apart from calculatin­g a wireless security score.

WHID or WiFi-HID Injector: Since the initial appearance of HID attacks, many tools and devices to guard against them have been released. However, offensive security researcher­s were always seeking cheap and dedicated hardware that could be controlled remotely and that’s how the WHID Injector was born. It has been designed using an Atmega 32u4 and an ESP-12, which means it can be easily controlled over the Wi-Fi network and potentiall­y bypass air-gapped environmen­ts.

Leviathan Framework: Leviathan is a mass-audit toolkit comprising various features including SQL injection, custom exploits, brute force attacks and wide range service discovery. It offers the flexibilit­y of using tools like dsss, massscan and ncrack, or a combinatio­n of these. The goal is to audit as many systems as possible within a wide IP range.

LuLu: As its website states, the world has turned into a Web of connected devices. And often, the root cause of these problems is the very connection that initiated the Web. LuLu presents a fresh perspectiv­e; it is a firewall that aims to block all outgoing connection­s unless explicitly approved by the user.

 ??  ??
 ??  ?? Figure 2: Rapid7’s Metasploit Framework (Credits:
Figure 2: Rapid7’s Metasploit Framework (Credits:
 ??  ?? Figure 1: The NMAP tool (Credits:
Figure 1: The NMAP tool (Credits:
 ??  ?? Figure 5: Social Engineerin­g Toolkit
Figure 5: Social Engineerin­g Toolkit
 ??  ?? Figure 8: Leviathan Framework (Credits:
Figure 8: Leviathan Framework (Credits:
 ??  ?? Figure 4: Wireshark(Credits: howtouseli­
Figure 4: Wireshark(Credits: howtouseli­
 ??  ?? Figure 6: WiPi Hunter (Credits:
Figure 6: WiPi Hunter (Credits:
 ??  ?? Figure 7: WHID Injector (Credits:
Figure 7: WHID Injector (Credits:
 ??  ?? Figure 9: LuLu (Credits: hehacktoda­
Figure 9: LuLu (Credits: hehacktoda­
 ??  ?? Figure 3: Kali Linux (Credits:
Figure 3: Kali Linux (Credits:

Newspapers in English

Newspapers from India