Escolar Documentos
Profissional Documentos
Cultura Documentos
Tyranny of
Expensive
Security Tools:
A New Hope
Who Am I?
Michele Chubirka, aka "Mrs. Y., Security Architect
and professional contrarian.
So Many Tools.
So Little
Budget
Monitoring Tools
Helpful in identifying anomalies.
Can detect signs of malicious activity.
Some provide canned compliance and security reports.
Information can be correlated with data from security
tools for better intrusion detection and incident
response.
Some have historical data useful during and post
breach.
MRTG
Solarwinds Orion
Nagios
Netdisco
Wireless Management
Systems (WMS)
Nagios
Is it a security
incident or just an
outage?
Netdisco
Open
source
network
management
tool
that
keeps
a
history
of
MAC
to
IP
address.
Useful
in
iden>fying
hosts
for
malware
remedia>on
and
other
incident
response.
Uses
SNMP
to
collect
ARP
and
MAC
tables,
then
stores
in
a
database.
Compliance
Initiatives?
PCI DSS
SOX
HIPAA
Make existing tools work for
you.
Aerohive
Reporting
System Tools
Cron and Logcheck alerting
Configuration management tools for automated
patching, tracking and reporting:
Puppet
Chef
Microsoft System Center Configuration Manager (SCCM)
OSSEC: an open
source Host Intrusion
Detection tool can
also be used as a file
integrity monitoring
tool to meet PCI DSS
requirements.
SYN Cookie
Server receives SYN.
Sends SYN+ACK, but discards the original SYN.
If server receives ACK, server reconstructs SYN entry
using information encoded in the TCP sequence
number.
Shodan
Search engine of
insecure devices
and systems
available on the
Internet.
Is your network in
Shodan?
Aircrack-NG
An open source reconnaissance, key-cracking and testing
tool.
Aircrack-NG
Kismet
inSSIDer
notice any
similarities?
Whats Inside?
Snort
Suricata
Bro Network Security Monitor
Argus and Ra
Xplico
Network Miner
Squil and Snorby
ELSA
Threat and
Vulnerability
Management with
Zenmap a GUI
front-end to Nmap
Raspberry Pi
Intel NUC
TP-Link portable routers running Open-Wrt.
Pwnie Express even has a community edition you can
build yourself.
Available Tools
Aircrack-NG
Iperf
OpenVPN
SSLStrip
Tor
TTCP
Kismet
Get A Pineapple
A wireless network
auditing tool. Highly
customizable Wifi
router, based on OpenWrt and Jasager.
Resources
Securitytube.net
Hak5.org
Metasploit Minute with @mubix
OWASP
Offensive Security
Questions?