Editor's note: This is the first of a three-part series examining the best ways to ensure network security. Read part two here.
Security breaches -- where a
1. A bootable Linux distribution: Backtrack is among the most popular bootable Linux distros, and it's loaded with all of the most current security tools and applications. Backtrack allows you to load a purely native hacking environment that is dedicated to penetration testing. If you are wondering what a live CD/DVD or bootable distribution is, it's simply a fully configured OS that allows a user to experience and evaluate an operating system without installing it to a hard drive. You can run it from a Live DVD, thumb drive or virtual machine.
2. A malware analysis toolkit: Virustotal and Jotti are two websites that you will want to have at your disposal. If you're a pen tester, you are going to encounter lots of potential malware. While it's true that you can rely on one antivirus, wouldn't 10 to 20 be better? Sometimes, what one AV may not detect another may flag as malicious. Websites like virustotal.com and jotti.org allow you to scan a malicious file or URL against several different AV products. This provides a quick and easy way to determine if several different AV vendors have defined the software as malicious.
3. An exploit framework: Metasploit is one exploit framework that every pen tester will want to have at their disposal. An exploit framework is simply an environment from which to create or execute exploit code against an identified vulnerable target. Metasploit offers a 1-2-3 approach where you choose an exploit, configure a payload and execute the attack.
4. A world-class port scanner: Nmap is one of the very best port scanning applications. It's available on both Linux and Windows platforms and can be run from both the command line and from a GUI. It provides a variety of features for probing computer networks such as TCP scanning, user datagram protocol (UDP) scanning and OS fingerprinting. It's one tool that every pen tester should have at their disposal.
5. A network traffic analysis tool: Wireshark is a network protocol analyzer for Windows and Unix. It's a well-known packet analyzer. As a pen tester, you will be examining network traffic, and there is no better tool than Wireshark. Not only has the tool won several awards over the years, it's one of the best ways to investigate TCP/IP traffic anomalies. It's also useful for analyzing the activity of other security tools.
6. A tool to test for SQL injection: Acunetix can be used to test websites and Web applications for cross-site scripting, SQL injection and other acknowledged Web vulnerabilities. Just consider how many applications are Web-based and you'll understand why this is one tool no pen tester wants to be without.
7. A Web application testing tool: Burp Suite is a complete package of tools designed to test the security of Web applications. It has the ability to act as a proxy server, a Web spider, an intruder and a repeater, and requests can be automated.
8. A Swiss Army knife hacking tool: Cain and Abel is a password-cracking, enumeration, sniffing, address resolution protocol/DNS poisoning tool and more. What really makes Cain and Abel so useful is that it can serve so many different roles.
9. A world-class encryption tool: TrueCrypt is an open source encryption software package for Windows, Linux and OS X. While you may not consider it a hacking tool, I would describe it as something most pen testers cannot live without. After all, you are going to have notes, records and maybe even reports on your computer that list discovered vulnerabilities. Are you really going to want to leave this information in an unencrypted state?
10. A tool to load multiple operating systems: VMware. As a pen tester, you are going run multiple OSes, and VMware is one application that will allow you to do so easily. You will be able to use these virtual systems for testing, to load bootable OSes such as BackTrack and to support applications that only run on certain versions of operating systems. VMware offers both paid and free versions of its products.
Michael Gregg, CISSP, CISA, CISM, CASP, is an "ethical hacker" who provides cybersecurity and penetration testing services to Fortune 500s and U.S. government agencies. He's published more than a dozen books on IT security and is a well-known speaker and security trainer. Gregg is COO of Superior Solutions Inc., headquartered in Houston.
This was first published in April 2013