Security experience: Top 10 network tools help you review network security

Article 3: Other articles can be found on this site

We have discussed several "three major vulnerability exploitation tools to help you" and "four major protection methods" to help you make Rootkit difficult to escape from the "legal" network. let's take a look at ten tools that can help us review network security today.

I. Nessus: This is a UNIX platform vulnerability assessment tool. It can be said that it is the best and free web vulnerability scanning program. Its update speed is very fast, with over 11000 plug-ins. Its key features include security and local security checks, and the client/server architecture with GTK graphical interfaces, there is also an embedded scripting language (we can write our own plug-ins or understand the existing plug-ins ). Nessus 3 is currently a closed-source software, but it is still free unless you need the latest plug-in.

Ii. Wireshark: This is a peculiar open-source network protocol analysis program. It supports Unix and Windows platforms. Previously it was also called Ethereal, and was renamed due to trademark disputes. It allows users to check data from captured files on an active network or disk. Users can view captured data interactively and deeply explore the details of the data packets you need to understand. This software has several features, including rich display filtering language and the ability to view structured data streams of a TCP session. It also supports a large number of protocols and media types, including a console version similar to tcpdump called tethereal. However, it is worth noting that it suffers from a large number of remote security vulnerabilities, so it must be updated in a timely manner and be wary of running on untrusted or hostile networks.

Iii. Snort: this is an open-source Intrusion Detection System that many people love very much. This lightweight network intrusion detection and prevention system performs well in communication analysis and data packet log records in the IP network. Through protocol analysis, content search, and a variety of preprocessing programs, Snort can detect thousands of worms, vulnerability Exploitation attempts, port scans, and many other suspicious behaviors. It uses a flexible rule-based language to describe communication. In addition, it also checks the free basic analysis and security engine, which is a Web interface for analyzing Snort warnings.

Open-source Snort runs well for many individuals, small enterprises, and departments. SourceFire provides a free product line that updates enterprise-level features and real-time rules. Of course, you can also find many powerful free rules in Bleeding Edge Snort.

4. Netcat: the Swiss Army Knife utility can read and write data over a TCP or UDP network connection. It is designed as a reliable backend tool that can be directly and simply driven by other programs and scripts. At the same time, it is also a network debugging and testing tool because it can create almost any type of connection you need, including port binding, to facilitate receiving incoming connections. The earliest Netcat was released by Hobbit in 1995. Although it was very popular, it was not really maintained. Sometimes it is hard to find nc110.tgz. However, the flexibility and practicality of this tool have prompted people to develop a large number of Netcat implementation code, and many modern features do not exist in the original version. One of the most interesting implementations is Socat, which extends Netcat to support many other socket types, such as SSL encryption and SOCKS proxy. There is also Chris Gibson's Ncat, which provides more features while maintaining flexibility and simplicity. There are a lot of software that supports Netcat, such as OpenBSD's nc, Cryptcat, Netcat6, PNetcat, SBD, and the so-called GNU Netcat.

5. Hping2: this small and practical application can assemble and send custom ICMP, UDP, and TCP data packets, and display any response. It is developed based on the ping command, but provides more control over the sent detection information. It also has a convenient routing tracking mode and supports IP packet segmentation. This tool is useful when you try to track/ping/detect the host behind the firewall, because it can block connection requests from other standard applications. This usually allows us to form a firewall rule set. If you want to learn more TCP/IP and use the IP protocol for testing, Hping2 is also a good choice.

6. Kismet: This is a very powerful wireless network sniffing tool. Kimset is a layer 2 wireless network detection program, Sniffer and intrusion detection system based on 802.11. It can detect hidden networks in use through passive sniffing (which is the opposite of active sniffing tools such as NetStumbler. It can automatically detect network IP blocks by sniffing TCP, UDP, ARP, and DHCP packets, and record communications in Wireshark/TCPDump compatible formats. This tool can also be used for warwalking, warflying, warskating, and so on.

VII. Tcpdump: this is a classic network monitoring and data acquisition sniffing program. Before Ethereal (Wireshark) reaches the stage of history, Tcpdump is a widely used IP sniffing program, and many of network administrators continue to use it. It may not have a luxurious appearance (for example, it does not have a very beautiful graphic user interface), but it has almost no security vulnerabilities and requires very few system resources. Although it has few new features, it can often fix patch and mobility issues. It is a valuable tool for tracking network problems or monitoring network activities.

8. Ettercap: Ettercap is a terminal-based Ethernet network sniffer/interception/Record Program. It supports active and passive decomposition of many protocols (even encrypted protocols such as SSH and HTTPS. It can also intercept data from established networks and filter dynamic data to keep the connection synchronized. It provides many sniffing methods, which gives us a powerful and complete package of sniffing program components and supports plug-ins. It can check whether the user's network is in an exchange network, and use the system fingerprint code (in active or passive mode) to let the user know the geometric structure of the LAN.

9. Nikto: This is a comprehensive open-source Web scanning program that can scan a variety of projects on the Web server, including more than 3200 potentially dangerous files/CGI, including specific issues on 230 types of servers. Scanning projects and plug-ins can be updated from time to time and automatically performed. It uses Whisker/libwhisker to support its underlying functions.

10. THC Hydra: this is a fast network authentication and cracking program that supports many different services. Hydra may be the best choice when we need to launch a powerful attack on a remote authentication service. It can perform fast directory attacks on over 30 protocols, including telnet, ftp, http, https, smb, and multiple databases.