Tools YOU need to know about

Written by Tom Canavan | November 18, 2009 | (1)

Good Day to you and welcome to Tools you need to know about.

This article is part one of the TOOL Series. In this I want to introduce you to some of my favorite tools. In the first few articles, I will discuss them generally, then in future articles, I'll spend time discussing each one.

The tools discussed will be both GPL and NON-GPL tools as well as Joomla based tools.  Your comments are welcome and I hope that you find this series helpful.

Diagnostic and troubleshooting tools:

NMAP - Available from insecure.org - GPL and runs on many platforms.

NMAP has been around since September 1997 - and  is STILL in very active development. In fact, NMAP has been used in a quite a few Hollywood movie such as Diehard 4, The Bourne Ultimatum and The Matrix Reloaded. NMAP is a "network-mapper", hence the name, and in my opinion is the KING of mapping networks. The most recent version 5.00, sports many features such ability to map out each device on a target network with uncanny accuracy, identify the OS, other devices and more. Scanning a target server or device will tell you a wealth of other information such as which ports are open, closed or filtered. It can provide in many cases a very good topology of your network. NMAP can provide you the information about services running on a server or network.

NMAP is a diagnostic and administrative tool. It however can be used for ill gain as easily as it can be used for good. The reason I like NMAP is it gives me a good picture of my servers, from the inside and from the outside. I can see if a port has been left open or should be open and is not open. I can determine quickly if a nasty root kit or RAT (Trojan) has been placed on a server by the opening of certain ports and much more.

This tool can help quickly determine if you have MALWARE on your server, it can help you sort out DNS issues, look for HTTP-OPEN-PROXY issues. I love the fact that it will read back to you in many cases, the equipment sitting behind the firewall - such as temperature sensors, various routers, Printers, Wi-Fi gear and on and on. Why should you care? This is 'fodder' for the bad guys. Much of what the Joomla community deals with is "kiddie-scripters" and wanna-be types. Yes, they do break in, and cause havoc. However, beyond that, the really, really good hackers out there - would want more info to prepare their assault, take up residence in your server and commence what ever activity they are after using your gear.

With NMAP you can (with proper written permissions) learn much about your site and server - use that information to close holes.

I STRONGLY recommend you learn all you can about NMAP. It is a powerful tool to help keep your server safe. I must also point out that unauthorized port scanning may be a crime and should NEVER be done without the targets permission. So in other words, DO NOT download NMAP and start scanning servers - that's a huge no-no.

WIRESHARK - Available from wireshark.org - GPL and runs on many platforms

Wireshark is a tool that anyone running a dedicated server should have. This is essentially a wire sniffer. It "Sniffs" packets on the wire and will tell you everything from where a browser is going or coming from all the way to showing you all clear-text passwords. If it is ran on the inside (behind the firewall) of a server, it can report on every single packet on the network that it sees. This quickly becomes information overload and thus it offers many methods to filter. One use of this for security is to determine if there is unauthorized activity on your server. Working a few months ago with a client, I used Wireshark to determine there was unauthorized activity (FTP) in progress. Which of course allowed us to shut down the perpetrators quickly. Wireshark is powerful and in the wrong hands - dangerous. Other uses for Wireshark include finding weak or bad cables or physical ports in your network, bad drivers, etc. Anything that is ON the wire.  Again - sniffing without permission is illegal in many places and should not be done.

NETCAT - Available from Sourceforge- GPL and is THE Swiss Army Knife of networking.

By far one of the best tools out there - and one of the ones used to open 'back doors' by hackers . This tool can Open Backdoor Shells, Conduct File Transfers (the infamous "Captain Crunch" team from Russia uses a similar function in their C99 Shell), offers port scanning, creates a variety of relays, can grab the TCP banner and more. Over all this a strong and powerful tool that if you run a dedicated server you should now all about.

In the next article, I'll pick up where I left off with a couple of more tools designed to evaluate the sturdiness of your server code and your application code. Until then  - Stay safe!

 

Tom is a security expert, and he has authored the book Joomla Web Security (Packt) as well as Dodging the Bullets - A Disaster Preparation Guide for Joomla! Based Websites. He offers his services to websites that have been attacked and compromised. Tom has begun work on his next book due out in 2010.

Trackback(0)

Comments (1)

Write comment

Copyright © 2009, Cory Webb Media, LLC. All rights reserved.

Website Designed and Developed by Cory Webb Media | Powered by Joomla! | Hosted by Eleven2

The Joomla!® name is used under a limited license from Open Source Matters in the United States and other countries. HowToJoomla! is not affiliated with or endorsed by Open Source Matters or the Joomla! Project.