When I first started teaching computer security, it was not too hard to keep up with the industry. One had a couple of publications to read, a few mailing lists to follow and maybe a website or three to read on occasion. It’s clearly not that way anymore. There is a lot going on and things change frequently. One has to do a lot of reading to keep up. While I love to read about security “just for the fun of it” sometimes I need good information quickly. Here are two sites I’ve used to find valuable information:
Securelist is a site provided by Kapersky Lab. The site has articles about security threats, security in general, a blog and other topics. What I find especially useful is the descriptions of malware. For instance, have you ever heard of the “Exploit.JS.Pdfka.crr”? According to Securelist it’s an exploit using vulnerabilities in Adobe Reader. The link takes you to the description. The descriptions are thorough and readable and most or all of them include removal instructions. That can be very useful!
Another feature I like on the site is the Statistics area. It is interesting to see what areas of the world have the most infections and what infections and threats are most common.
Sectools is site that lists network security tools. It lists what it says are the top 125 network security tools.
As I write this, the number one tool on the list is the network protocol analysis tool Wireshark. (I am on the Wireshark development team, but haven’t contributed in some time.) We use Wireshark (formerly Ethereal) in Learning Tree’s System and Network Security A Comprehensive Introduction class (Course 468). It is a very robust tool for displaying and analyzing network traffic. If you are not using it, you probably should be.
Another tool we use in Course 468 is number 12 on the list just now: PuTTY. PuTTY is an implementation of the SSH (Secure Shell) protocol for logging in to remote systems. I have used it from and to linux and Windows systems. I also use a companion tool WinSCP to do secure file transfers to remote systems. It would be hard for me to manage remote computers without it.
A tool I just discovered while writing this post is Nikto. Nikto is an open source tool used to scan websites for vulnerabilities. According the Nikto page on sectools and its own site it checks for over 6400 dangerous files and scripts, and outdated versions of over 1200 servers. It also checks for specific issues with over 270 servers among numerous other tests.
There are 122 more programs in that “Top 125” list and I will write about more of them in future. Please remember, though, that they are just tools: while they will help in securing networks and systems none is a “magic cream”. What are your favorite security tools, free or not? Let us know in the comments below.