This question came in via Twitter: “Hey Security Experts, what are your favorite 3 information security tools?” – @614techteam
John Davis responds:
I’m in the risk management area of information security; I don’t know enough about technical information security tools to give an informed opinion about them. However, my favorite information security ‘tool’ is the Consensus Audit Group’s Twenty Critical Security Controls for Effective Cyber Defense (which is very similar to MicroSolved’s own 80/20 Rule of Information Security).
The ‘CAG’ as I call it gives me as a risk manager clearer, more proactive, and detailed information security guidance than any of the other standards such as the ISO or NIST. If you’re not familiar with it, you can find it on the SANS website. I highly recommend it, even (and especially) to technical IT personnel. It’s not terribly long and you’ll be surprised how much you get out of it.
Adam Hostetler adds:
I’ll do some that aren’t focused on “hacking”
OSSEC – Monitor all the logs. Use it as a SIEM, or use it as an IPS (or any other number of ways). Easy to write rules for, very scalable and it’s free.
Truecrypt – Encrypt your entire hard drive, partition, or just make an encrypted “container” to hold files. Again, it’s free, but don’t be afraid to donate.
OCLhashcat-plus – Chews through password hashes, cracking with GPU accelerated speed. Dictionary based attacks, and also has a powerful rule set to go after non-dictionary based passwords.
And Phil Grimes wrote:
NMap is probably one of my favorite tools of all time. It’s veristile and very good at what it does. Using some of the available scripts have also proven to be more than useful in the field.
NetCat – This tool is extremely well rounded. Some of my favorite features include tunneling mode which allows also special tunneling such as UDP to TCP, with the possibility of specifying all network parameters (source port/interface, listening port/interface, and the remote host allowed to connect to the tunnel.
While NMap is my go to port scanner, there is built-in port-scanning capabilities, with randomizer, and dvanced usage options, such as buffered send-mode (one line every N seconds), and hexdump (to stderr or to a specified file) of trasmitted and received data.
Wireshark – Sharking the wires is one of my favorite things to do. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, delving down into just the level of packet detail you need.
What’s your favorite tool? Let us know in the comments or via Twitter (@lbhuston). Thanks for reading!
Cross-posted from State of Security