Most enterprises tend to provide Web services to their customers as an Internet presence is important due to factors like the high revenue-generation potential, exposure to a wide range of customers, etc. This fact makes enterprise services susceptible to various Web application related attacks like cross site scripting, SQL injections, buffer overflows, etc, as well as attacks over the network like distributed denial-of-service (DDoS), malware intrusion, sniffing, etc.
Security is one of the most important aspects when it comes to building large scale IT enterprises. There is an extensive collection of tools that deal with various security threats and make systems less vulnerable to them. This article aims at describing a few popular tools that are aimed at enhancing the security of servers in a data centre environment.
Server auditing and hardening tools
This is an interactive system-hardening open source program. It bundles a variety of system-hardening options into a single easy-to-use package. Bastille can be employed to harden a number of platforms and distributions including Red Hat and Red Hat Enterprise, SUSE, Mandriva, Gentoo, Fedora Core, Debian and TurboLinux. It is also supported on HP-UX and, in beta, on OS X. It is a collection of PERL scripts that create a custom security configuration based on the answers provided by the administrator to a specific set of questions. It also does an in-depth analysis of the systems current hardening level and its various security loopholes, thereby decreasing the chances of the system getting compromised.
Download link: http://sourceforge.net/projects/bastille-linux/
This is an open source security audit tool that can perform server hardening and vulnerability scanning of UNIX and Linux based servers. Lynis performs an extensive set of individual tests based on security guidelines to assess the security level of the system. It scans the system and available software to detect security issues. Besides security related information, it also scans for general system information, installed packages and configuration vulnerabilities. The tool is written in shell script and, hence, can be easily used on most systems.
Download link: http://sourceforge.net/projects/lynis/
Microsoft Attack Surface Analyzer
This is a free tool developed by Microsoft. It aims at analysing the changes made to the attack surface of the system (on the installation of software) by analysing the registry, file permissions, Windows IIS server, GAC assemblies, etc. It assesses the severity of the change in the attack surface and its implications on the vulnerability of the system. A proper categorisation of the analysed threats by the attack surface analyser under specific labels ensures a better understanding of the generated report.
Download link: http://www.microsoft.com/en-in/download/details.aspx?id=24487
Microsoft SDL Threat Modelling Tool
Microsoft developed this tool with the aim of incorporating threat modelling as part of the standard software development lifecycle. The current version of the tool provides enhanced features like better visualisation and customisation features, updated threat definitions, etc. The use of this tool significantly reduces the efforts required to identify security vulnerabilities and helps users take the necessary measures to counter them in the early stages of the SDL (software development lifecycle).
Download link: http://www.microsoft.com/en-in/download/details.aspx?id=42518
Penetration testing tools
ZAP (Zed Attack Proxy)
ZAP is a cross-platform tool developed by OWASP, which is primarily used for penetration testing of Web applications. Ease of use and extensive documentation makes it popular among developers/security experts with varying degrees of security knowhow. The main features of this tool include an automated and passive scanner, an intercepting proxy, port scanner (nmap), etc.
Download link: https://code.google.com/p/zaproxy/wiki/Downloads
IronWASP is an open source, powerful scanning engine that aims at vulnerability testing in Web applications (like SQL injections, XSS, etc), and supports both Python and Ruby scripts. It supports further extensibility by allowing plugins or modules written in Python, Ruby, C# or VB.Net to be incorporated with the source. The simple GUI and advanced scripting support add to this efficient tools appeal.
Download link: http://ironwasp.org/download.html
This is the most popular cross-platform tool used today for penetration testing of the network. It has seven interfaces, among which Rapid 7 and Strategic Cyber LLC are the most popular. It allows users to identify various vulnerabilities in the system and take the required mitigation steps. Moreover, the Metasploit Framework can be extended to use add-ons in multiple languages.
Download link: http://www.metasploit.com/
Network security tools
Wireshark is the most commonly used network protocol analyser and monitoring tool. It is also used to perform certain network exploits like sniffing, password hacking, etc. Network sniffing also allows systems admins to analyse the various security loopholes in the network and undertake proper remedial measures to overcome them. This tool is supported on UNIX/Linux as well as on Windows.
Download link: https://www.wireshark.org/download.html
The Nessus tool is designed to scan a remote system and analyse the various weak points that a malicious hacker can utilise to launch an attack. It is one of the widely deployed network scanners that can check for vulnerabilities like default password attacks, DoS (denial-of-service) attacks, etc. Versions after Nessus 3.0 also provide auditing functionality and thus help in hardening the system against known threats. Additionally, the tool provides an embedded scripting language, which can be used for plugin development. It started out being open source but later became proprietary.
Download link: http://www.tenable.com/products/nessus
NMAP is another scanner that is used to probe various networks and analyse the responses. The main services provided by this tool include host detection, port scanning, version and/or OS detection, etc. The above services help in network mapping, security audits of the network, and in performing certain exploits on the network.