Network and Security Utilities
Security is always a high priority in business. If you’re on budget, but you require solutions for areas such as network security, password security, antivirus and mobile device privacy, there are some no-cost options. Here’s a look at the software programs covered in this chapter:
Network Security Auditing:
Password Management:
Packet Analyzer:
Antivirus Protection:
Android and iPhone Privacy:
Nmap: A Free and Open Source Utility for Network Discovery/Security Auditing
The primary purpose of the Nmap application is security auditing by detecting and locating hosts and services on any given computer network (Figure 9-1). In order to do this, Nmap sends packets that are specifically tailored to the target host, at which point the responses are analyzed. Host discovery and service, and operating system detection, are among the many features Nmap offers for probing computer networks. During a scan, Nmap acclimates to various network conditions, such as latency and congestion. While a professional developer originally wrote this software, Nmap is now further developed and refined by the user community.
Figure 9-1. Nmap conducts security audits by detecting and locating hosts and services on computer networks
Nmap is commonly used to audit the security of a device or firewall by identifying the potential network connections. Determining open ports on a target host is another regular use, as are network inventory, network mapping, maintenance, and asset management. While identifying new servers and generating traffic, the security is regularly being audited by finding and exploiting vulnerabilities in a network.
Some facts about Nmap at a glance:
Users will find many benefits to using Nmap. For example, it has a simple installation and front end. With minimal effort, it will give a strong result, making it one of the easiest software products available. Nmap will map the network and ports with the number one port scanning tool.
Feature Highlights
Here are some of the features offered by Nmap:
Nmap was created to quickly scan large networks. It is because of this that it is regularly used for network inventory security audits. While doing this, the user is able to see what types of services a host is using. It is quite remarkable that when one scans a large network, the hosts appear; and for each one, data is provided regarding which OS is running, the service and version of that OS, which firewall is used, etc. This information is meaningful because some older versions may have known security issues that could damage the entire machine. Armed with this knowledge, you can update to the latest version, decreasing the potential for harm.
Nmap displays detected ports in a table. For each port that is detected, a list of the port’s number, protocol, state, and version is displayed. The state can be listed as open, closed, filtered, or unfiltered. The difference between open and closed ports is that open ports listen for packets or connections on that port, while there is no such service on closed ports. On filtered ports, there is a firewall blocking Nmap, preventing it from detecting if it is open or closed. When the port is responsive to Nmap’s probes (but whether open or closed is undetermined), Nmap will classify that port as unfiltered. While this does occasionally happen, it is very rare; the status of ports usually falls under the categories of open, closed, or filtered.
Nmap offers additional information on targets. This could consist of reverse DNS names, device types, operating system guesses, and MAC addresses. Finding a MAC address and reverse DNS appear to be the most highly-utilized features by consumers. Nmap’s attempts to guess the OS can be a bit hit-and-miss, but that occurs even with expensive programs.
For those new to Nmap, the front end is convenient. You can easily use it to pass different preconfigured parameters to Nmap without remembering any commands, and it offers a comprehensive set of options. A convenient feature is that the program highlights some of the info in different colors so you can read it easier.
There are many benefits to using Nmap. To begin, it is powerful enough to satisfy most individual’s needs but it offers a simple installation process. It is also one of the smallest software packages of its kind (0.6 MB) and can be easily deployed in mini-distributions. Nmap is considered one of the best software applications for security auditing, and it can definitely be a good starting point for people who want to explore security options.
The only drawback in functionality is Nmap’s OS guessing game, mentioned above. Additionally, a more aesthetically pleasing, sleek front-end would create a better first impression of this program.
Becoming familiar with the Reference Guide is always recommended. There are a good number of tutorial videos on YouTube that should prove useful.
Keepass: A Free and Open-Source Password Manager
KeePass is a vital security management tool. Professionals suggest that one of the most important things to do is to protect one’s online security. Assigning a unique, lengthy, randomized password for every single site or account you use, and keeping track of the all those passwords, would pose a challenge for even the most organized person. This is where KeePass comes in handy.
KeePass is a free and open-source password manager that is compatible with the following: Windows, Linux, Android, Mac OS X, and with unofficial ports for iOS.
Here are a few facts about Keepass at a glance:
Keepass is a very handy application. Instead of writing passwords down here and there (and worrying about where they are when you can’t find them), Keepass assists you by storing all of your passwords securely in the program’s database. You need to remember only one “master” password to access your stored passwords (Figure 9-2).
Figure 9-2. Keepass stores all of the passwords you create, so you only need to remember one master password
Feature Highlights
Here are the main features of Keepass:
Unlike other competitors, KeePass doesn’t automatically put your password database in the cloud, although another option is to put your password into Dropbox manually.
KeePass presents its own random password generator to ensure the user doesn’t have to take on the arduous task of coming up with, and then remembering, countless lengthy, complex passwords on their own. Additionally, KeePass includes a quick-search box where one can type even a fragment of a website’s name to quickly find it on the list. The list itself is created to contain thousands of records, which can be subdivided into folders and subfolders, keeping things organized.
KeePass isn’t just limited to usernames and passwords; every entry has multiple alternate fields, one of which is a free-form Notes field which allows the safe storing of text of any kind.
One technique hackers use to circumvent password protection is to use a keylogger. A keylogger is a background application that secretly logs every keystroke that is typed, and that information is transmitted to the hacker. If a keylogger is installed on a user’s system, an attacker could conceivably learn everything that was typed throughout the day, including all usernames and passwords.
Another protection feature that Keepass offers is its AutoType feature. This feature prevents the user from having to type individual website passwords by pasting them into the browser window and applying a combination of virtual keystrokes and clipboard obfuscation, making it all the more difficult for a keylogger to figure out what the password actually is. While AutoType can be temperamental, when it does work, it’s extremely useful.
KeePass also lets the user enter their master database password in a prompt that is protected by UAC. This protects it from any software keylogger that isn’t running with Administrator rights on the machine.
Keepass is recommended to anyone with an online presence (no matter how small) because, when a major website has its security breached, users of Keepass are unaffected, knowing their personal information remains safe and secure.
In summation, KeePass is a quality, easy-to-use, password protection system. There seem to be few bugs with the program, but there are many great security benefits. Whether a business or an individual, extra password protection is very important, especially in these times of rampant hacking. KeePass can offer peace of mind regarding your computer’s safety.
Keepass Support
Keepass is a relatively easy program to come to grips with, but if you get stuck, the Help Center can be found at http://keepass.info/help. The FAQ page is another source of assistance, as are the numerous YouTube tutorials.
tcpdump: A Powerful Command Line Packet Analyzer
tcpdump was designed for users that need to analyze network traffic by capturing packets from a certain adapter. It is a network sniffer tool, and it can capture all the data packets that are transmitted or received through a network adapter. The program is executable in command line mode, and it allows the user to perform multiple actions by using arguments.
Information regarding captured packets may be viewed in real time using the command prompt window or recorded to a log file to assist in analyzing the packets at a later date.
Here are a few facts about tcpdump at a glance:
tcpdump works on most UNIX-like operating systems (see above). When used in those systems, tcpdump uses the libpcap library to capture packets. The software provider’s website indicates that the port utilized by tcpdump for Windows is called WinDump, which usesWinPcap, the Windows port of libpcap.
Feature Highlights
Here are a few of the features found in this program:
The information on the software provider’s website indicates that Tcpdump works on most UNIX-like operating systems. When used in those systems, tcpdump uses the libpcap library to capture packets. The port utilized by tcpdump for Windows is called WinDump, which usesWinPcap, the Windows port of libpcap.
tcpdump Support
The documentation for tcpdump (www.tcpdump.org/index.html#documentation) is a good starting point, and the FAQ is also a source of help (www.tcpdump.org/faq.html). There are quite a few video introductions and tutorials on YouTube as well.
Avira: Powerful, Free Antivirus Protection for Personal PCs and Macs
Avira Operations GmbH & Co. KG is a German multinational-owned antivirus software company. It provides IT security for computers, smartphones, servers, and networks, which can be delivered as both software and cloud-based services.
A few facts about Avira at a glance:
If you stay on the Internet a great deal, it’s a wise investment to step up to Avira Pro, or something comparable. However, if you only use the Internet for short periods from time to time (and are truly on a strict budget), then you may find that the free version of Avira will suit you (however, the license for the free version of Avira is for personal use only). According to the information on their website, the free version of Avira tops the free versions of the competition (such as AVG and Avast) in degree of protection (Figure 9-3).
Figure 9-3. According to Avira’s website, the free version tops the competition in degree of protection (free versions)
Note If you require a free antivirus program for commercial use, try NANO Antivirus (www.nanoav.ru). It states clearly on the FAQ page it is allowed for commercial use.
Feature Highlights
Here are a few of the features found in this program:
Viruses can be removed quickly with the Quick Removal feature. The scanning technology is able to open locked files and provide internal security, preventing the alteration of AntiVir’s files.
It’s quite clear through customer and critic ratings, and actual downloads, that Avira is a popular product. The company has been around for enough years to have refined their business model, and it provides a comprehensive, useful tool for individuals for free. They have found their niche field, and by not continuously delving into other areas of IT and software, they’ve stayed focused and on point on antivirus applications in other related programs.
Avira is an easy program to install and run. If you encounter any problems, the Avira Support page should have most of the answers to any questions you have, so go to www.avira.com/en/support. There are several video tutorials on YouTube as well.
ClamAV: An Open Source Cross-Platform (Including Linux) Antivirus Program
ClamAV is a cross-platform, free, open-source antivirus software toolkit used by millions of people. It is capable of detecting a wide variety of malicious software, including viruses.
Here are a few facts about ClamAV at a glance:
A primary purpose of ClamAV is on mail servers, where it acts as a server-side email virus scanner (Figure 9-4). ClamAV was created for Unix, but third-party versions are available for AIX, HP-UX, Linux, BSD, OS X, OpenVMS, Solaris, and OSF (True 64). Starting with version 0.97.5, ClamAV is also available for Microsoft Windows. Not only is the initial program free, but future updates will be available at no cost.
Figure 9-4. ClamAV serves well as a server side e-mail scanner
It should be kept in mind, however, that ClamAV is not a real-time virus scanner, meaning it does not scan when a file is read or written. To provide real-time checks, ClamAV can be used with other applications such as ClamFS (for a Unix-like OS supporting FUSE), DazukoFS (for Linux), Clam Sentinel (for Windows), and Winpooch (also for Windows).
The ClamAV engine can be dependably used to identify several kinds of files. Specifically, some phishing emails can be exposed using antivirus techniques. It should be noted, however, that false positive rates are inherently higher than those of traditional malware detection.
Despite that, ClamAV is both widely known and widely respected, keeping it in the forefront of the antivirus market. There are many reasons for ClamAV’s continued success; the main ones are the following: simple installation, easy to launch, compatible with almost all MTAs, solid protection, customization, and the economic fact that it costs nothing.
Feature Highlights
Here are the higlights as shown on the ClamAV website:
ClamAV Support
You can download the User Manual from https://github.com/vrtadmin/clamav-faq/raw/master/manual/clamdoc.pdf. Numerous YouTube tutorials cover Clam Av, particularly for Linux distributions.
Open Whisper Systems: Open Source Security for Mobile Devices
Open Whisper Systems is a non-profit group of software developers whose primary goal is to provide security and privacy for mobile devices.
Here are a few facts about Open Whisper Systems at a glance:
RedPhone is the application for Android phones that provides private conversations (Figure 9-5). The following are its strong points, as shown on the software provider’s website:
Figure 9-5. RedPhone provides end-to-end encryption for private conversations
TextSecure provides secure and private text messaging for Android phones. According to the developers, “Using TextSecure, you can communicate instantly while avoiding SMS fees, create groups so that you can chat in real time with all your friends at once, and share media or attachments all with complete privacy. The server never has access to any of your communication and never stores any of your data.”
Signal is the application that provides security and privacy for iPhones. The website states that it provides secure “free, worldwide, encrypted voice calls for iPhone, and is fully compatible with RedPhone for Android.”
Open Whisper Systems Support
On the Support page, you can type in a question or search term, and you’ll be directed to the forum where topics related to yours are displayed. You’ll also have access to numerous articles covering various aspects such as general questions, security, etc. Although there don’t seem to be many video tutorials on YouTube, there are one or two that provide some general information.
Summary
In this chapter, you looked a several solutions for various security measures. Nmap provides network auditing and detection. Keepass is an excellent program that manages important passwords and keeps them secure; you only need to keep up with a master password, and not worry about remembering the rest.
Analyzing packets with tcpdump allows the user to display the packets being transmitted or received on a network. Avira (although licensed only for personal use) is an excellent, free antivirus program ideal for computers that don’t frequent the Internet very much. ClamAV is an open source antivirus program that can be installed on numerous operating systems. Open Whisper Systems provides several applications for Android mobile phones and Apple iPhones to help keep texts and conversations secure and private.
In the next chapter, you’ll look at several Linux distributions, which, for many users throughout the world, are viable alternatives to the Windows and Mac computer operating systems.
18.116.80.45