Network security is serious business. With attacks and hackers out there using the best tools they can find, you need the best tools to defend and protect your network. It may seem like an expensive proposition, but some of the best network security tools are free.
Network Security Tools Anyone Can Afford
Network security can seem like a complex and expensive undertaking. With so many commercial offerings, and so many expensive ones, it can appear that spending more makes things more secure. This may not be the case. There are free, open source tools available to help you secure your network. Here are the top ten.
Nagios provides network monitoring as well as problem notification and management. Nagios has enterprise-class features, has been around for over 10 years, and has a large user base & support community. Nagios runs on Linux or Unix based operating systems. You can monitor Windows systems and other devices with it as well.
Regular traceroute and ICMP tools to map networks may be foiled by firewalls. But you can still see what may be on the other side of a firewall using Hping. Use this tool to see what your firewall reveals about the systems and networks it's protecting.
Ntop is a tool for network traffic monitoring including protocol information & statistics. Information can be sorted or detailed by host, subnet, or viewed in total for the network. Ntop works with NetFlow and sFlow as well. It can be compiled for Windows as well as Unix.
Netfilter is the Linux firewall software that replaces and improves upon the older ipchains firewall. Netfilter provides stateless and stateful packet filtering, for IPV4 and IPV6, NAT and port translation and much more. You may recognize iptables as the interface for it. If you need a custom firewall, proxy, or NAT solution this is the open source solution.
Wireshark is my tool for sniffing and capturing network traffic, as well as examining protocols and sessions in depth. Whether you need to capture wireless ethernet traffic, or examine specific session content, this is an indispensable tool. Wireshark runs on many platforms, and supports many capture file formats.
Snort is a free, open source intrusion detection and prevention system (IDS/IPS). It can also function as a sniffer and packet logger. Real time alerts and analysis are possible with Snort as well. It is a high performance IDS that supports logging to many different databases, and can run on Unix based operating systems as well as Windows.
Nessus has long been my favorite vulnerability scanner, due to its speed, accuracy, and depth. Be warned, with such a large vulnerability library it can mean long times for scans. Currently there are over 28K plugins available, with automatic updates possible for new plugins. Nessus 4 is one of the fastest scanners I've used.
Nmap is a versatile tool for network scanning, port mapping, and OS & application discovery. Whether you want to find and identify every host on a large network, or port map and discover every application running on a single host, nmap excels. To find out more, see my article on how to use nmap.
Stunnel allows you to encrypt any TCP connection using SSL. If you have a service or daemon that is not secure sockets layer (SSL) capable, but you need to protect sensitive information being sent, this is a great tool for doing that. Stunnel does require an SSL library in order to function, such as OpenSSL.
Secure Shell is the de facto replacement for telnet and other plaintext terminal applications on all Unix-like operating systems. OpenSSH is the free, open source version of secure shell. Secure copy and secure FTP functionality is included. Strong authentication is supported, including public key and Kerberos authentication.
Where to Start?
Some of these tools you really should be using every day--especially if you're not right now. If there are logistical reasons you aren't running an IPSec VPN, look into Stunnel. OpenSSH should be your standard for console access to all your Linux and Unix based hosts. If you haven't looked into Snort yet, check out my review of it here. You really should have netfilter running on your Linux systems just like a host based firewall on your Windows systems. These tools should be able to solve most of your top ten network security needs.