I've found several types of essential security testing tools that cover all areas of network security. I'm partial to commercial products because of their ease of use, reporting features and overall professional look and feel, but there are some good freeware and open source options as well. It all depends on your taste and budget.
General network scanning: A ping sweeper and port scanner tool will help you browse your network and find which hosts are active so you'll know what to probe. Mission Viejo, Calif.-based Foundstone Inc.'s SuperScan version 3 is great for getting things kicked off. SuperScan version 4 offers even more options for enumerating Windows systems that can prove to be very fruitful for scanning your own systems. Foundstone's SiteDigger is another neat tool for performing advanced Google queries. SiteDigger allows you to to dig up stuff you may not know has been publicized.
File scanning: A file-scanning utility can be something as basic as the DOS "find" command or the Search function built into Windows Explorer. Files containing private, confidential and other sensitive information are commonly stored on local hard drives and network shares that not everyone needs access to. This is a big vulnerability, especially when it concerns information that's regulated under the Health Insurance Portability and Accountability Act or the Gramm-Leach-Bliley Act.
A great tool for searching local and network drives is Effective File Search. It's blazingly fast (compared with standard Windows programs) and has a lot of interesting text search capabilities. Download this tool and search your network for dob, ssn, license, etc. and I guarantee you'll find some unprotected files in the wrong places.
Operating system scanning: Once you've identified systems with potential vulnerabilities you can dig deeper, looking for specific OS vulnerabilities: Share and file permissions, missing patches and weak security policy settings. A great starter tool that has received significant improvements over the years is GFI Software Ltd.'s LANguard Network Security Scanner. This is especially good if you have a lot of systems and pricing is an issue. My all-time favorite is QualysGuard by Qualys Inc. -- an extremely powerful and comprehensive tool that's a great fit for critical systems. If you're really price-conscious, many people rave about Nessus, which has recently become much more powerful and easier to use.
Password cracking: This is yet another hot issue, especially in light of all the emerging privacy and security regulations. My clients and I are often very surprised at how vulnerable most users' network passwords are. Plain old trial and error guessing or password cracking is still very common. A basic tool that can check for some common password weaknesses in Windows is Microsoft's Microsoft Baseline Security Analyzer. However, if you want to do some hard-core cracking you should look into Elcomsoft Co.'s Proactive Password Auditor, Cain and Abel, or the "no password left uncracked" RainbowCrack.
Web application scanning: These tools are essential for finding common flaws in Web applications. Some even scan back-end databases. They aren't flawless, as manual testing is still often required, but such tools can save you a lot of time and effort. A formidable tool to get started with is N-Stalker, along with my favorite, WebInspect, by SPI Dynamics inc. A reasonably priced tool for scanning back-end databases (you know, where the "money" is) is Application Security Inc.'s AppDetective line of products.
Network analysis: A network analyzer (a.k.a. sniffer) will dig up rogue systems, employees doing things they shouldn't be doing, protocols that don't belong, hack attacks in action, data leakage, and more. They're great for looking at both wired and wireless networks. TamoSoft's CommView products are great for getting started and are very reasonably priced. EtherPeek SE is an extremely powerful wired network analyzer that practically anyone can use. For wireless testing, outside of NetStumbler, check out the bootable Auditor collection of powerful Linux-based utilities and AirMagnet Inc.'s Laptop Analyzer -- all tools that can make your security testing much, much easier.
Kevin Beaver is founder and information security advisor with Atlanta-based Principle Logic LLC. He has more than 17 years of experience in IT and specializes in performing information security assessments. Kevin has authored five information security-related books including Hacking For Dummies (Wiley), the brand new Hacking Wireless Networks For Dummies, and The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He can be reached at kbeaver @ principlelogic.com.
