Today, we'll learn about some of the best network security tools that can help you to keep your infrastructure safe from attacks. Tools like TCPDump, WinDump, Nmap, Wireshark, Aircrack-ng and Kali Linux can all help you to carry out intrusion tests and identify weak points in your network's security.
In the last few years, the number of cyberattacks has increased, particularly during the pandemic, when more and more people started working from home and businesses began to depend more on their IT systems to stay operational.
However, despite this increased dependency and the increased exposure of SMEs to attacks, it is still safe to say that businesses have not increased their investment in the right infrastructure or expertise to protect themselves.
Image. Graph showing the trend in DDoS attacks during the COVID-19 pandemic according to Microsoft.
This lack of investment is often due to the fact that most businesses are small or medium-sized enterprises (SMEs) that simply don't have a huge amount of capital to dedicate to such improvements and thus see themselves that much more exposed to these growing online threats.
At Jotelulu, we are fully aware of this and are fully committed to helping our customers and partners. Therefore, we thought it would be useful to share with you a list of the best tools available for checking the security of your IT infrastructure.
And better yet, all of these tools are free and simple to use.
In reality, this article could actually be much longer, but we don't want to overdo things. Today, we'll take a look at the most interesting tools and provide you with links where you can find more information and learn about how they work.
Before we get started, we just want to take a moment to say that most of these are tools that tend to be used by the 'bad guys'. Whilst this is unfortunate that there are people like this out there, it does at least mean that you will get a clear idea of where your security weaknesses are and what you need to improve.
The tools that we will look at in this article are:
TCPDump is a free program designed to analyse network traffic. It runs under a command-line interface and it is very powerful, allowing you to capture and display all traffic that passes through your network, showing packets sent and received.
It works on the majority of UNIX-based operating systems, including, of course, GNU/Linux. For Windows, there is an adapted version called WinDump that requires WinPCAP to be installed first.
The problem with these tools is that they use a command-line interface which can make them a little complicated to use if you are only an average user. So, if you're not an advanced IT user, we might recommend other tools instead. TCPDump is best left to more experienced technicians or for use on devices without a graphic interface, such as GNU/Linux or Windows Server Core.
Nmap is a multi-platform free tool that allows you to perform scans and audits of your network. It is quite a simple tool that works by sending a series of predefined packets to a range of IP addresses to check for open ports and then analyse each response to describe the services allocated to each one.
Amongst its other functionalities, it also reports whether an IP address is available, which operating system is being used, which ports are open and what services it provides. This tool is very useful for checking which attack surfaces are exposed on a device.
It is worth remembering that knowing a device's operating system and listening ports is useful when searching for vulnerabilities to exploit them later. This is why this tool is often used by cybercriminals when preparing an attack.
Wireshark (previously Ethereal) is one of the most well-known and popular network security tools available. It is a packet analyser that will be known to anyone who has received training on Cisco Systems because it is used to learn how communications work and how TCP and UDP packets are put together.
This tool allows you to see network traffic in the same way as TCPDump but without the complexity of using a command-line interface. Wireshark has a graphic user interface instead.
When inspecting network traffic, you can encapsulate it and see the internal structure in great detail, helping you to detect a wide range of communications problems.
In any list of network security tools, we obviously have to include wireless networks, and so it's time to look at Aircrack-ng.
Aircrack-ng is a suite of wireless security tools that works on both Windows and GNU/Linux systems. It allows you to analyse packets on wireless networks, extracting WEP, WPA and WPA2 passwords, amongst other things, making it a vital tool for strengthening your infrastructure and passwords.
The tool works by collecting wireless packets and then using the most common cracking algorithms to extract passwords and keys. Furthermore, it includes tools used to inject packets in order to simulate an attack or a network overload.
Kali Linux is a GNU/Linux distribution design for penetration testing on networks and systems. It is not technically a tool, per sé, but a collection of tools. In fact, some of the tools we have already mentioned are included in Kali Linux. This GNU/Linux distribution can be run from an executable, from a CD, from a USB stick or be installed on the system. It contains multiple tools designed for testing systems and networks. Despite being a GNU/Linux distribution, it includes a graphic interface, as do the majority of the tools it contains, making it easier to use.
Some of the tools included in Kali Linux are port scanners, password testers, web information collectors, vulnerability analysers, SQL injectors, etc.
Some of our readers might have noticed the absence of other tools like Nessus or Snort. Sadly, although these were previously free, they are no longer, so we have decided not to include them in this list. There are also some infrastructure monitoring tools that we have left out, such as Nagios, since this is not the focus of this article. But it's probably something that we will return to in the future.
Aside from these useful network security tools, if you haven't already read the article entitled “The 5 Most Useful Free Tools for Windows Systems Administrators (I)”, we recommend you take a look, particularly because it talks about tools like PsTools and TCPView that are really useful programs.
We hope that you find all this information useful and that it helps you to improve your network security. We will return to this topic again in future articles, so stay tuned!
Have a nice day!
Categories: Sysadmin, Comunicaciones y seguridadSeguridadRedPen-TestingAuditoría
22 July 2021
Here at Jotelulu, we take our users' security very seriously. That is why we have now added a new feature that allows users to reset their passwords periodically. This new feature sits alongside the 2-factor verification to make our services even more secure. It also provides the systems administrat
13 January 2022
One of the biggest problems for systems administrators is that they are constantly firefighting, solving problems that need an immediate response, and therefore, dedicating less time to more important tasks like improving their IT infrastructure. In fact, there are studies that show that technicians
1 February 2022
These days, data security is a top concern for almost every company. A single incident could mean significant financial losses, whether it is unauthorised access to confidential data, modification of business data or the theft of intellectual property. But actually, these financial losses could