This is a continuation from Part 1.
- Basic security module (BSM):a security audit API and file format originally developed by Sun.
- OpenBSM: portable, open source implementation of Sun’s BSM.
- Tcpdump: common packet analyzer that runs under the command line and works on most Unix-like operating systems, including OS X.
- Network utility: available network utilities for OS X are here.
- PGP: Symantec’s data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. (Wiki)
- GPG (OpenPGP): open source version of PGP.
- Message digest (SHA, MD): secure one-way hash functions that take arbitrary-sized data and output a fixed-length hash value.
Network security manager (NSM)
- Network mapper (Nmap): a security scanner originally written by Gordon Lyon (also known by his pseudonym Fyodor Vaskovich)used to discover hosts and services on a computer network.
- Zenmap: the official Nmap Security Scanner GUI. It is a multiplatform (Linux, Windows, Mac OS X, BSD, etc.) free and open source application that aims to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users.
- IPNetMonitorX: a network troubleshooting toolkit for debugging Internet service problems and optimizing performance.
A good reference on the subject mentioned by O’Donnell is Richard Bejtlich: The Practice of Network Security Monitoring: Understanding Incident Detection and Response.
- Nessus: a proprietary comprehensive vulnerability scanner developed by Tenable Network Security. It is free of charge for personal use in a nonenterprise environment.
- Metasploit: a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
Network intrusion detection system (NIDS) and sniffers
- Bro Network Security Monitor (Broids): a powerful network analysis framework that is very different from the typical IDS.
- Snort: an open source intrusion prevention system capable of real-time traffic analysis and packet logging.
- Continuous diagnostic monitoring (CDM)
Packet capture (Pcap) and analysis
- Tcpdump: native in OS X and available as libcap.
- Frameseer: an inexpensive network packet capture application for the Apple Macintosh; a “universal binary” that runs on Mac OS X 10.4.5 (Tiger) or later; owned by Logosys.
- Wireshark: a network protocol analyzer for Unix and Windows.
Security information and event management (SIEM) is an approach to security management that seeks to provide a holistic view of an organization’s information technology security.
- Splunk: offers the leading platform for operational intelligence.
- Elastic: Elasticsearch has three open source projects ( Elasticsearch, Logstash, and Kibana) designs to take data from any source and search, analyze, and visualize them in real time,
- ELSA: a centralized syslog framework built on Syslog-NG, MySQL, and Sphinx full-text search. It provides a fully asynchronous web-based query interface that normalizes logs and makes searching billions of them for arbitrary strings as easy as searching the web. It also includes tools for assigning permissions for viewing the logs as well as email-based alerts, scheduled queries, and graphing.
Pen testing (penetration testing)
CSOOnline: CSO provides news, analysis, and research on a broad range of security and risk management topics.
- Nessus: see above
- Nmap: see above
- Metasploit: see above
- Kali Linux: advanced penetration testing Linux distribution used for pen testing, ethical hacking, and network security assessments
- kisMac: a wireless network discovery tool for Mac OS X. It has a wide range of features, similar to those of Kismet (its Linux/BSD namesake).
- Netspot: the only professional app for wireless site survey, Wi-Fi analysis, and
troubleshooting on Mac OS X.
- Net monitor: a network utility for the rest of us. Graphs network activity of local and remote computers. Records traffic activity. Calculates total traffic between dates. Measures traffic speed. Highly customizable.
- Sidekick: an application that automatically updates your laptop settings based on where you are.
- IPNetMonitorX: see above
The presentation was tailored towards the Mac OS X community, but it was useful for people who don’t use Macs.
Finally, O’Donnell gave the following references for further study.
- SANS: The SANS Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals around the world.
- Open Web Application Security Project (OWASP): The Open Web Application Security Project is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software.
- ISACA: As an independent, nonprofit, global association, ISACA engages in the development, adoption, and use of globally accepted, industry-leading knowledge and practices for information systems.
- Blackhat: The most technical and relevant global information security event series in the world, for more than 16 years Black Hat has provided attendees with the very latest in information security research, development, and trends in a strictly vendor-neutral environment.
- Securosis: Securosis is an information security research and advisory firm dedicated to transparency, objectivity, and quality.