I won't keep you in suspense. I'll go ahead and name them right here, at the top of my post -- the six free security tools that all IT folks should know about and use. (But, you'll have to click through this nifty mult-page post to let me explain my choices.) And the winners are ... MetaSploit, Splunk, Google (don't laugh -- it's true!), KeePass, Helix and Netwox. Now read on to learn why ...

MetaSploit

It has a strange name, but MetaSploit is a very cool development platform that assists information security professionals in creating tools and exploits. Using the framework (its built-in tools), you can conduct penetration tests, verify patch installations and even perform regression testing. Written using Ruby, the current 3.1 version comes with over 450 modules, including 265 remote exploits that can be targeted against various releases of Windows, Linux, BSD, Unix, and the Mac OS. If that isn't enough built-in functionality for your tastes, you can also use MetaSploit to create your own modules or scour around for ones that have already been created.

Overall this is a great tool and in the hands of system administrations it can be put to good use testing your organization’s defenses. However, there are always two-sides to a shiny coin. MetaSploit is also an effective tool for conducting attacks.

Click to enlarge.

For more information see: www.metasploit.com

Splunk

I first talked about Splunk when I wrote about the 2008 RSA Conference. Yes, the Security Incident and Event Manager (SIEM) space is crowded. But Splunk is not a SIEM per se. Its approach is slightly different in that it is, like Google, primarily a search engine. As such its developers have focused much of their effort on making Splunk into a good information aggregator for IT-related information and events. So Splunk is different from other SIEMs in that it is able to provide a very good platform for correlation and analysis. From the get go, by some hidden method, Splunk takes in data and provides order where there was once chaos. In my opinion, being able to dynamically figure out different logging structures (provided you can feed Splunk data via a known basis – text primarily) is a very powerful feature which makes this tool a must-have.

Note: Splunk is not open source but you can download it for free under its developer's freeware license.

Click to enlarge.

For more information see: www.splunk.com

Google

You might be laughing now, after all Google is just a search engine, right? Funny enough, Google is also a really great security tool. Like Splunk, Google is an information aggregator. The primary difference between the two is that Google provides you with a massive amount of publicly available (sometime meant to be private) information. Things that you can use Google for include:

Gathering information about your target

Performing basic penetration testing

Finding sites that allow directory indexing

Searching for pages for/with a particular phrase in the title (intitle)

Finding certain pages via a particular phrase (allinurl)

Or even pilfering the Google cache for information (that shouldn't be there).

Click to enlarge.

For more information about how to use Google as a security tool see: johnny.ihackstuff.com

KeePass

I can’t tell you how much I love this little program. KeePass is a free, open-source password management application. Using KeePass, you can store all of your credentials in a single secure database that can only be accessed by using a master password, key (a file), master password + key, or Windows credentials. Here are some reasons to use this utility:

Database is encrypted using AES and Twofish

Portable and no installation required

Easy database transfer

Support of password groups

Intuitive and secure Windows Clipboard handling

Searching and sorting

Multi-language support

Strong random password generator

Plugin architecture

Last of all, and most importantly, KeePass is open source!

Click to enlarge.

For more information see: www.keepass.info

Helix

Picture this; your CEO has just been put on probation for possibly pilfering the company’s coffers. You, being an incident-handling wizard, have been asked to perform an analysis of the CEO’s computer in an effort to obtain evidence. Besides performing other obvious incident-handling steps (depending on your organization) how might you go about obtaining evidence in a forensically sound way?

One method might be to purchase and use something like EnCase (which costs a bit of money). Another method might be to hire a forensics firm (which costs a bit more money and they just use EnCase). Or you could turn to a something called Helix which is a customized distribution of the Knoppix Live Linux CD. By using Helix and its boatload of tools you can easily conduct an investigation that doesn’t modify the host computer in any way.

Click to enlarge.

For more information see: www.e-fense.com/helix

Netwox

Netwox is both an oldie and a goodie. But chances are, you have never heard of this tool and that’s a shame. With over 222 various tools, Netwox is a network toolbox powerhouse. While work on the project was stopped in 2004, the tasks that you can “complete” using this utility are still very relevant. For example you could:

Sniff packets

Grab files via HTTP

Attempt a brute force crack on an FTP server

Use Netwox as a back door on an system

Spoof packets

Even compute cryptographic hash of a file

The list is just staggering. If you have time on your hands… you could spend hours playing.

Click to enlarge.

For more information see: http://www.laurentconstantin.com/en/netw/netwox/