Security Tools: Groundhog Day Special Edition
Just like the famous Groundhog, Punxsutawney Phil, I get asked some of the same questions over and over. One that I hear every time I do an assessment is, “So, what kind of tools are you using?” I suppose it’s just natural to be curious what kind of instrument is about to be used to probe the sensitive parts of your private network. Unless you work in security, you’re probably not very likely to have heard of some of the more eclectic tools in our toolbox.
Even among the IT crowd, security testing tools are not always household names. This is a landscape made up of tools such as Hyena, SATAN, Cain, Brutus, Backtrack, CowPatty, Fierce, AirSnarf, Firewalker, FireSheep, Vomit, and more. As fun as they may sound, they each have a learning curve and from what I see, IT people don’t have a lot of free time.
Other times, I think that maybe we’re not even talking about the same thing. There’s a big difference between security tools and security testing tools. While I’m not without my reservations to talk about security testing tools, I’m still happy to do so but I think the real value comes from having a good mix of security tools that are properly implemented. Just as a trip to the dentist may provide opportunity to check out some cool dental instruments, the dentist is still going to send you home with a toothbrush, floss and familiar instructions.
Parting the Clouds
So even if you limit the conversation to security tools there’s still a lot to know. There are so many tools, vendors, crossovers and caveats that the best way to approach the subject is to break it into categories (e.g. Backup, DLP, Forensics, NAC, SIEM, Virtualization, Wireless, etc.) and look at the tools by function. Some areas (such as antivirus, encryption and vulnerability scanners) have more options and players than the stock market while in other arenas you can hear the sounds of crickets at empty show booths.
Go Get Yourself Some Cheap Sunglasses
Introducing security tools to the mix is a great way to gain visibility into dark and often mysterious aspects of our networks but having a great tool is not the end-all be-all of security. As many of us are technologists, the idea of learning a new tool is appealing especially if it has some blinky lights and a cool GUI. It can also become a distraction if we get in too deep with it. So keep it simple. In the end, being diligent with the essentials is better than being daring with the exceptional when it comes to security.