Security is always a high priority in business. If you’re on budget, but you require solutions for areas such as network security, password security, antivirus and mobile device privacy, there are some no-cost options. Here’s a look at the software programs covered in this chapter:

Network Security Auditing:

• Nmap: A free and open source utility for network discovery and security auditing

Password Management:

• KeePass: A free and open source password manager that can be helpful for keeping your passwords secure if you have an online presence

Packet Analyzer:

• Tcpdump: A powerful command line packet analyzer

Antivirus Protection:

• Avira: Powerful, free antivirus Protection for PC and Mac
• Clam AV: An open source cross platform antivirus solution

Android and iPhone Privacy:

• Open Whisper Systems: Open source security for mobile devices helps keep your texts and conversations private and secure

Nmap: A Free and Open Source Utility for Network Discovery/Security Auditing

The primary purpose of the Nmap application is security auditing by detecting and locating hosts and services on any given computer network (Figure 9-1). In order to do this, Nmap sends packets that are specifically tailored to the target host, at which point the responses are analyzed. Host discovery and service, and operating system detection, are among the many features Nmap offers for probing computer networks. During a scan, Nmap acclimates to various network conditions, such as latency and congestion. While a professional developer originally wrote this software, Nmap is now further developed and refined by the user community.

Nmap is commonly used to audit the security of a device or firewall by identifying the potential network connections. Determining open ports on a target host is another regular use, as are network inventory, network mapping, maintenance, and asset management. While identifying new servers and generating traffic, the security is regularly being audited by finding and exploiting vulnerabilities in a network.

Some facts about Nmap at a glance:

• Website: https://nmap.org
• License: GPL Version 2
• Current Version: 6.49
• Operating System: Cross-platform

Users will find many benefits to using Nmap. For example, it has a simple installation and front end. With minimal effort, it will give a strong result, making it one of the easiest software products available. Nmap will map the network and ports with the number one port scanning tool.

Feature Highlights

Here are some of the features offered by Nmap:

• Host discovery: This allows the program to identify hosts on the network.
• Port scanning: This application can’t estimate the open ports on target hosts.
• Version detection: Nmap can retrieve data network services on remote devices, and then determine the application name and version number.
• OS detection: This feature allows the determination of the operating system and hardware characteristics of network devices.
• Scriptable target interaction: By using the Nmap scripting engineer and Lua programming language, Nmap can further provide information on targets, including reverse DNS names, MAC addresses, and device types.
• NSE scripts: This feature can detect vulnerabilities, misconfiguration, and security-related information around network services.

Nmap was created to quickly scan large networks. It is because of this that it is regularly used for network inventory security audits. While doing this, the user is able to see what types of services a host is using. It is quite remarkable that when one scans a large network, the hosts appear; and for each one, data is provided regarding which OS is running, the service and version of that OS, which firewall is used, etc. This information is meaningful because some older versions may have known security issues that could damage the entire machine. Armed with this knowledge, you can update to the latest version, decreasing the potential for harm.

Nmap displays detected ports in a table. For each port that is detected, a list of the port’s number, protocol, state, and version is displayed. The state can be listed as open, closed, filtered, or unfiltered. The difference between open and closed ports is that open ports listen for packets or connections on that port, while there is no such service on closed ports. On filtered ports, there is a firewall blocking Nmap, preventing it from detecting if it is open or closed. When the port is responsive to Nmap’s probes (but whether open or closed is undetermined), Nmap will classify that port as unfiltered. While this does occasionally happen, it is very rare; the status of ports usually falls under the categories of open, closed, or filtered.

Nmap offers additional information on targets. This could consist of reverse DNS names, device types, operating system guesses, and MAC addresses. Finding a MAC address and reverse DNS appear to be the most highly-utilized features by consumers. Nmap’s attempts to guess the OS can be a bit hit-and-miss, but that occurs even with expensive programs.

For those new to Nmap, the front end is convenient. You can easily use it to pass different preconfigured parameters to Nmap without remembering any commands, and it offers a comprehensive set of options. A convenient feature is that the program highlights some of the info in different colors so you can read it easier.

There are many benefits to using Nmap. To begin, it is powerful enough to satisfy most individual’s needs but it offers a simple installation process. It is also one of the smallest software packages of its kind (0.6 MB) and can be easily deployed in mini-distributions. Nmap is considered one of the best software applications for security auditing, and it can definitely be a good starting point for people who want to explore security options.

The only drawback in functionality is Nmap’s OS guessing game, mentioned above. Additionally, a more aesthetically pleasing, sleek front-end would create a better first impression of this program.

Nmap Support

Becoming familiar with the Reference Guide is always recommended. There are a good number of tutorial videos on YouTube that should prove useful.

Keepass: A Free and Open-Source Password Manager

KeePass is a vital security management tool. Professionals suggest that one of the most important things to do is to protect one’s online security. Assigning a unique, lengthy, randomized password for every single site or account you use, and keeping track of the all those passwords, would pose a challenge for even the most organized person. This is where KeePass comes in handy.

KeePass is a free and open-source password manager that is compatible with the following: Windows, Linux, Android, Mac OS X, and with unofficial ports for iOS.

Here are a few facts about Keepass at a glance:

• Alternative to: Steganos Password Manager 16
• Website: www.keepass.info
• License: GNU GPL Version 2+
• Current Version: 2.29
• Operating Systems: Windows, Mac OS, Linux
• Potential Savings: $24.99 (5 PC Edition of Password Manager 16)

Keepass is a very handy application. Instead of writing passwords down here and there (and worrying about where they are when you can’t find them), Keepass assists you by storing all of your passwords securely in the program’s database. You need to remember only one “master” password to access your stored passwords (Figure 9-2).

Feature Highlights

Here are the main features of Keepass:

• Password management: Passwords stored in this application’s database can be further divided into manageable groups. Each group can have its own separate identifying icon.
• Extensible: Offers a number of different configuration options.
• Tracks passwords: KeePass tracks the creation time, modification time, last access time, and expiration time of each password stored, allowing you to attach and store a password on files and text notes.
• Import and export: The password list is exportable to various formats, such as TXT, HTML, XML, and CSV.
• Multiuser support: This application supports simultaneous access and changes to a shared password file by utilizing multiple computers, often using a shared network drive.
• Autotype, global hotkeys, drag-and-drop: KeePass provides support for these features. KeePass can minimize itself and type the information of the currently selected entry into such things as dialogs, web forms, etc.
• Browser support: The available autotype functionality works very well with all browsers. There is a Keeform extension that allows users to open websites with Internet Explorer and Mozilla Firefox. For Firefox, there is an additional extension called KeeFox, which will automatically connect to KeePass when a user needs access to a password.
• Built-in password generator: This generates random passwords, and random seating is available for user input.
• Plug-ins: KeePass possesses a plug-in architecture, and there are a variety of plug-ins available on the KeePass homepage. One thing to bear in mind is that plug-ins may compromise the security of KeePass because they are written by independent authors, and these authors have full access to the database while developing their plug-ins.

Unlike other competitors, KeePass doesn’t automatically put your password database in the cloud, although another option is to put your password into Dropbox manually.

KeePass presents its own random password generator to ensure the user doesn’t have to take on the arduous task of coming up with, and then remembering, countless lengthy, complex passwords on their own. Additionally, KeePass includes a quick-search box where one can type even a fragment of a website’s name to quickly find it on the list. The list itself is created to contain thousands of records, which can be subdivided into folders and subfolders, keeping things organized.

KeePass isn’t just limited to usernames and passwords; every entry has multiple alternate fields, one of which is a free-form Notes field which allows the safe storing of text of any kind.

One technique hackers use to circumvent password protection is to use a keylogger. A keylogger is a background application that secretly logs every keystroke that is typed, and that information is transmitted to the hacker. If a keylogger is installed on a user’s system, an attacker could conceivably learn everything that was typed throughout the day, including all usernames and passwords.

Another protection feature that Keepass offers is its AutoType feature. This feature prevents the user from having to type individual website passwords by pasting them into the browser window and applying a combination of virtual keystrokes and clipboard obfuscation, making it all the more difficult for a keylogger to figure out what the password actually is. While AutoType can be temperamental, when it does work, it’s extremely useful.

KeePass also lets the user enter their master database password in a prompt that is protected by UAC. This protects it from any software keylogger that isn’t running with Administrator rights on the machine.

Keepass is recommended to anyone with an online presence (no matter how small) because, when a major website has its security breached, users of Keepass are unaffected, knowing their personal information remains safe and secure.

In summation, KeePass is a quality, easy-to-use, password protection system. There seem to be few bugs with the program, but there are many great security benefits. Whether a business or an individual, extra password protection is very important, especially in these times of rampant hacking. KeePass can offer peace of mind regarding your computer’s safety.

Keepass Support

Keepass is a relatively easy program to come to grips with, but if you get stuck, the Help Center can be found at http://keepass.info/help. The FAQ page is another source of assistance, as are the numerous YouTube tutorials.

tcpdump: A Powerful Command Line Packet Analyzer

tcpdump was designed for users that need to analyze network traffic by capturing packets from a certain adapter. It is a network sniffer tool, and it can capture all the data packets that are transmitted or received through a network adapter. The program is executable in command line mode, and it allows the user to perform multiple actions by using arguments.

Information regarding captured packets may be viewed in real time using the command prompt window or recorded to a log file to assist in analyzing the packets at a later date.

Here are a few facts about tcpdump at a glance:

• Website: www.tcpdump.org
• License: BSD License
• Current Version: 4.7.4 / 1.7.4
• Operating System(s): Linux, Solaris, FreeBSD, NetBSD, Open BSD, OS X, Android, AIX, and others

tcpdump works on most UNIX-like operating systems (see above). When used in those systems, tcpdump uses the libpcap library to capture packets. The software provider’s website indicates that the port utilized by tcpdump for Windows is called WinDump, which usesWinPcap, the Windows port of libpcap.

Feature Highlights

Here are a few of the features found in this program:

• Powerful command-line packet analyzer: tcpdump works with libpcap, a portable C/C++ library, for network traffic capture.
• Can run remotely: through an SSH or Telnet.
• Writes packets to standard output/file: tcpdump prints the contents of network packets, and it can also read packets from a network interface card, or even from a previously created saved packet file.
• Monitor communications: It is possible to use this program for the specific purpose of intercepting and displaying the communications of another user or computer.
• Optional BPF-based filter: The user may add this filter to limit the number of packets seen by tcpdump. This does render the output more usable on networks with a high volume of traffic

The information on the software provider’s website indicates that Tcpdump works on most UNIX-like operating systems. When used in those systems, tcpdump uses the libpcap library to capture packets. The port utilized by tcpdump for Windows is called WinDump, which usesWinPcap, the Windows port of libpcap.

tcpdump Support

The documentation for tcpdump (www.tcpdump.org/index.html#documentation) is a good starting point, and the FAQ is also a source of help (www.tcpdump.org/faq.html). There are quite a few video introductions and tutorials on YouTube as well.

Avira: Powerful, Free Antivirus Protection for Personal PCs and Macs

Avira Operations GmbH & Co. KG is a German multinational-owned antivirus software company. It provides IT security for computers, smartphones, servers, and networks, which can be delivered as both software and cloud-based services.

A few facts about Avira at a glance:

• Alternative to: McAfee AntiVirus Plus
• Website: www.avira.com
• License: Proprietary Freeware
• Current Version: 1.1.35.25717
• Operating System(s): tk
• Potential Savings: $34.99 (McAfee annual subscription)

If you stay on the Internet a great deal, it’s a wise investment to step up to Avira Pro, or something comparable. However, if you only use the Internet for short periods from time to time (and are truly on a strict budget), then you may find that the free version of Avira will suit you (however, the license for the free version of Avira is for personal use only). According to the information on their website, the free version of Avira tops the free versions of the competition (such as AVG and Avast) in degree of protection (Figure 9-3).

Feature Highlights

Here are a few of the features found in this program:

• Comprehensive and user-friendly antivirus program that works efficiently on all computers.
• Avira AntiVir is specifically designed for personal use, not for business or commercial use.
• Rated number one by consumers in the list of the top five best free antivirus software for Windows.
• The Avira antivirus program is an effective antivirus protection against viruses, worms, and Trojans.
• Avira is integrated with rootkit detection.
• Avira offers anti-phishing protection.
• Avira offers anti-spyware protection against spyware and adware.

Viruses can be removed quickly with the Quick Removal feature. The scanning technology is able to open locked files and provide internal security, preventing the alteration of AntiVir’s files.

It’s quite clear through customer and critic ratings, and actual downloads, that Avira is a popular product. The company has been around for enough years to have refined their business model, and it provides a comprehensive, useful tool for individuals for free. They have found their niche field, and by not continuously delving into other areas of IT and software, they’ve stayed focused and on point on antivirus applications in other related programs.

Avira Support

Avira is an easy program to install and run. If you encounter any problems, the Avira Support page should have most of the answers to any questions you have, so go to www.avira.com/en/support. There are several video tutorials on YouTube as well.

ClamAV: An Open Source Cross-Platform (Including Linux) Antivirus Program

ClamAV is a cross-platform, free, open-source antivirus software toolkit used by millions of people. It is capable of detecting a wide variety of malicious software, including viruses.

Here are a few facts about ClamAV at a glance:

• Website: www.clamav.net
• License: GPL
• Current Version: 0.98.7
• Operating System(s): Windows, Mac OS, Linux, BSD, Solaris

A primary purpose of ClamAV is on mail servers, where it acts as a server-side email virus scanner (Figure 9-4). ClamAV was created for Unix, but third-party versions are available for AIX, HP-UX, Linux, BSD, OS X, OpenVMS, Solaris, and OSF (True 64). Starting with version 0.97.5, ClamAV is also available for Microsoft Windows. Not only is the initial program free, but future updates will be available at no cost.

It should be kept in mind, however, that ClamAV is not a real-time virus scanner, meaning it does not scan when a file is read or written. To provide real-time checks, ClamAV can be used with other applications such as ClamFS (for a Unix-like OS supporting FUSE), DazukoFS (for Linux), Clam Sentinel (for Windows), and Winpooch (also for Windows).

The ClamAV engine can be dependably used to identify several kinds of files. Specifically, some phishing emails can be exposed using antivirus techniques. It should be noted, however, that false positive rates are inherently higher than those of traditional malware detection.

Despite that, ClamAV is both widely known and widely respected, keeping it in the forefront of the antivirus market. There are many reasons for ClamAV’s continued success; the main ones are the following: simple installation, easy to launch, compatible with almost all MTAs, solid protection, customization, and the economic fact that it costs nothing.

Feature Highlights

Here are the higlights as shown on the ClamAV website:

• Command-line scanner
• Melcher interface for sending mail
• Advanced database updates with support for scripted updates in digital signatures
• Virus database updated multiple times per day
• Built-in support for all standard mail file formats
• Built-in support for various archive formats, including ZIP, RAR, DMG, Tar, Gzip, Bzip2, OLE2, Cabinet, CHM, BinHex, SIS, and others
• Built-in support for ELF executables and portable executable files packed with UPX, FSG, Petite, NsPak, wwpack32, MEW, Upack, and obfuscated with SUE, YOda Cryptor, and others
• Built-in support for popular document formats, including MS Office and MacOffice files, HTML, Flash, RTF, and PDF
• Can be installed on all major operating systems including Linux, Windows, BSD, Solaris, and even Mac OSX

ClamAV Support

You can download the User Manual from https://github.com/vrtadmin/clamav-faq/raw/master/manual/clamdoc.pdf. Numerous YouTube tutorials cover Clam Av, particularly for Linux distributions.

Open Whisper Systems: Open Source Security for Mobile Devices

Open Whisper Systems is a non-profit group of software developers whose primary goal is to provide security and privacy for mobile devices.

Here are a few facts about Open Whisper Systems at a glance:

• Website: http://whispersystems.org
• License: GPL
• Products: RedPhone, TextSecure, and Private Messenger
• Operating System(s): Android, iPhone

RedPhone is the application for Android phones that provides private conversations (Figure 9-5). The following are its strong points, as shown on the software provider’s website:

• Free, world-wide, end-to-end encryption for your calls, securing your conversations so that nobody can listen in.
• RedPhone uses your normal phone number to make and receive calls, so you don’t need yet another identifier.
• RedPhone calls are encrypted end-to-end, but function just like you’re used to.
• Free and open source, enabling anyone to verify its security by auditing the code.
• Uses Wi-Fi or data, not your plan’s voice minutes.
• All RedPhone calls are free, including long distance and international.

TextSecure provides secure and private text messaging for Android phones. According to the developers, “Using TextSecure, you can communicate instantly while avoiding SMS fees, create groups so that you can chat in real time with all your friends at once, and share media or attachments all with complete privacy. The server never has access to any of your communication and never stores any of your data.”

Signal is the application that provides security and privacy for iPhones. The website states that it provides secure “free, worldwide, encrypted voice calls for iPhone, and is fully compatible with RedPhone for Android.”

Open Whisper Systems Support

On the Support page, you can type in a question or search term, and you’ll be directed to the forum where topics related to yours are displayed. You’ll also have access to numerous articles covering various aspects such as general questions, security, etc. Although there don’t seem to be many video tutorials on YouTube, there are one or two that provide some general information.

Summary

In this chapter, you looked a several solutions for various security measures. Nmap provides network auditing and detection. Keepass is an excellent program that manages important passwords and keeps them secure; you only need to keep up with a master password, and not worry about remembering the rest.

Analyzing packets with tcpdump allows the user to display the packets being transmitted or received on a network. Avira (although licensed only for personal use) is an excellent, free antivirus program ideal for computers that don’t frequent the Internet very much. ClamAV is an open source antivirus program that can be installed on numerous operating systems. Open Whisper Systems provides several applications for Android mobile phones and Apple iPhones to help keep texts and conversations secure and private.

In the next chapter, you’ll look at several Linux distributions, which, for many users throughout the world, are viable alternatives to the Windows and Mac computer operating systems.