[Year 12 SofDev] Security of data and networks

Kevork Krozian kevork at edulists.com.au
Wed Jul 4 10:59:59 EST 2012


Hi folks,

 I am working on a few network security activities at the moment. I have
come across a number of tools that are designed for network, wireless and
server security testing, probing and checking. These are relevant to a
number of KKs such as:

 Outcome 42
 KK5 - criteria and techniques for testing the security of networked
environments

 Outcome 41
  KK19 - security measures designed to protect the integrity and security
of data and information.

 Outcome 31
  KK8 - the functions, technical underpinnings and sources of worms,
Trojans and spyware that intentionally threaten the security of networks

   The tools include the following:
 1. Superscan - detects open (layer 4 of the OSI) TCP and UDP ports on a
target host
 2. Microsoft Baseline Security Scanner MBSA - carries out security health
check on Windows clients and servers with fixes.
 3. Password crackers , sniffers, protocol inspectors, vulnerability
scanners , Exploits, Man in the Middle attack simulator ( Ettercap ),
wireless crackers etc  - http://sectools.org/

  In fact http://sectools.org/  is quite amazing in analyzing the top 125
security tools each year. Wireshark the protocol analyzer tool is in
first place. It is free and quite remarkable in the way it peels back
the contents of each layer
Aircrack-ng is the number 1 wireless security auditing software able to
crack 802.11 (only a,b,g ) WEP and WPA-PSK keys once enough packets have
been scanned.

  There is also intruder detection (IDS) and intruder prevention
(IPS)software that detects an attempt to scan a router's ports and
vunlerabilities. An example of this is with Cisco routers that have IDS
and IPS capabilities.

 Also keep in mind attacks do not only happen from external sources,
therefore internally,  networks have to be protected as well. Internal
attacks can be from a variety of sources including introduction of
devices, files, open wireless access points, rogue employees etc.

 Feel free to use or discard.

Take Care
Kevork





More information about the sofdev mailing list