Network Security Tools for Newbies

We all have to start somewhere. The question is, where?

The sheer number of tools available can make it difficult to choose a place to start. This is complicated by the fact that most of the tools on the market have a very steep learning curve, and that many of these tools can be hazardous to run on a production network.

There are several pentesting distributions on the market (PentooNodeZeroKali, and BackBox are good examples) loaded with tools and utilities. Unfortunately, these offer so many tools, they don;t help answer the question of where to start. Let’s look at a couple areas that are important and find some tools that cen help get you started on the road to success. Continue reading “Network Security Tools for Newbies”

Third Step in Reducing the Cost to Implement a Security Plan

Step 3: Paint with Better Brushes

In my previous blogs Step 1 and Step 2 were outlined.

Now that we have covered some of the core issues, it is time to flush out the details. The only real way to do this is to read, and not just a little. Information is your friend here. No technology, product, solution, or approach can totally replace an informed professional with security knowledge. This is why most products focus on finding threats and alerting the operator. This is also where the dollars vs hours balance is focused. The more you understand about the threats to your network, the better you can not only manage the threats but also select the tools with which to do so. It is CRITICAL that you do not underestimate the importance of this step. Continue reading “Third Step in Reducing the Cost to Implement a Security Plan”

Three Steps to Reduce the High Cost of Implementing an Information Security Plan

This is the first blog of a three-part series. I’m in Support at AlienVault and spend my share of time on the forums. I have seen a few posts regarding the cost of implementing security processes and procedures on a network. This is a valid question to consider, as the prospect of creating a security policy and implementing it on a network can be daunting for a beginner. In the following post, are a handful of ideas that hopefully will assist you in developing and implementing your plan. I will also stick to basic theory as my choice of products to use is obviously somewhat biased. 😉 This is the first installment in a blog series intended to share what I’ve learned working on the AlienVault Forums. Continue reading “Three Steps to Reduce the High Cost of Implementing an Information Security Plan”

Monitoring for NDP Spoofing

I have previously posted a blog post describing how to monitor for ARP Spoofing. With IPv6 on everyone’s mind today (It IS on your mind, right?), it would seem that it is a good time to talk about a similar concern for IPv6 networks. IPv6 networks do not support multicast, but they DO have a comparable protocol. Unfortunately, it is also subject to the same exploits using similar techniques. Like ARP however, there are tools available to assist in monitoring and detecting NDP spoofing attempts. Let’s look at how we can proactively monitor this critical function of our network. Continue reading “Monitoring for NDP Spoofing”

Maman

“Maman died today.” I have often wondered why Camus would open such a striking book as The Stranger with those three simple words. It was hard for me to understand what he meant to convey, what he meant to describe when he chose those words, how much he was opening the stage for his story. His wisdom was lost because I did not grasp the depth of his story. I am so sad to say I now understand that the story was not about one man’s journey in life, and the consequences of his mistakes, but the numbness of the soul which a man suffers after the loss of his mother. I regret more than anything to say that I now share Meursault’s sadness. Continue reading “Maman”

Monitoring for ARP Spoofing

Of the many ways that a network can be infiltrated, one of the most difficult to detect and manage is ARP spoofing. This is due to the fact that ARP does not take security into account in its design. Fortunately, there are tools available to assist in monitoring for and detecting ARP spoofing attempts. Obviously, the first steps in addressing a security incident is knowing that there IS an incident, so let’s look at how we can proactively watch for these incidents on our network. Continue reading “Monitoring for ARP Spoofing”