System admins are
frequently bombarded with security concerns, requests, alerts, news items, “did
you see this?!” emails, and more. Keeping up with all the aspects of network
security can seem like an overwhelming task, but in this post we’re going to
look at ten tools a system admin can use to help secure their network. Some you
may be familiar with, like network security software, while others may come as
a surprise, like your email client; but all will help you to stay ahead of the
bad guys, keep yourself informed of the latest threats, and maintain the
security of your network.
1. Network security software
When we talk about
network security software, we’re talking about a class of product more than any
specific tool, and how important it is for you to have an application or small
group of applications that can help you to accomplish most of your tasks.
There are simply too
many things for any one admin to do by hand, and network security software applications
help to automate the heavy lifting and ensure that you can keep up with the
workload. Look for network security software that multitasks. Think about it as
a Swiss Army knife of software packages that includes many of the other items
on this list.
2. Vulnerability scanner
A good vulnerability
scanner is a key part of any toolkit, and should be used by server admins and security
engineers alike. The top network security software apps will include a scanner
that has a database of the thousands of vulnerabilities that could exist on
your network, so that you can quickly, easily and regularly scan your network
to ensure you systems are up-to-date, configured properly and secured.
3. Port scanner
A port scanner is another
regular tool that should be in your network security software application.
Attackers regularly scan your Internet connection looking for ways in and so
should you. But you should also scan internally so you can find unauthorized
services or misconfigured systems, and to validate your internal firewalls are set
up correctly.
4. Patching software
Patching operating
systems and third party applications is one of the most important, regularly recurring
tasks a sys admin has.
Network security
software that can automate this, and handle the hundreds of other applications
on your network, is the only realistic way you can keep up with this.
5. Auditing software
Auditing software may
strike you as a strange recommendation at first, but consider all those apps
you are trying to patch. How can you be sure you have no vulnerabilities on
your systems if your users can install anything on your systems?
How are you going to
maintain licensing compliance if you don’t know who has installed what from
software? Network security software may also include software and hardware
inventory components to help you stay informed and secure.
6. Secure remote clients
Telnet, older versions
of PCAnywhere and several of the web- based remote access apps that are out there
all have a common issue - they’re not secure. Use SSH v2 or later for secure
access to all CLI- based systems, and the most secure versions of Remote
Desktop Protocol to manage Windows boxes.
Using strong encryption,
good passwords, lockout policies and, when possible, mutual authentication
between client and host, will help to ensure no one sniffs credentials or
brute-forces their way into a system. If you have two-factor authentication in
your environment, ensure that every system possible uses it to further reduce
your risk from unauthorized access.
7. A good network analyzer
Whether you like the
open source WireShark, the free Microsoft tool NetMon, or one of the many other
commercial network analysis tools, having a good “sniffer” is key to helping
secure and analyze systems.
There is simply no way
that’s more effective to figure out just what is going on between networked systems
than to see the traffic first hand.
8. Network tools
Whenever you are dealing
with connections from foreign systems, you will find the need to check network
addresses, routes and more. Having good tools like DIG, WHOIS, HOST, TCPING and
others close at hand makes network evaluation a breeze.
9. Log parsing software
Securing systems means
going through logs; lots of them. Web logs, access logs, system logs, security
logs, SNMP logs, syslog logs – the list goes on and on. Having software that
can quickly and easily parse through logs is critical. Everyone has their
favorite. Some install locally like LogParser, while others run on servers like
Splunk. Whichever you prefer, get a good log parser to help wade through what
can be millions of entries quickly and easily so you can find events you need
to check.
10. Your email client
Knowledge is power, and
the best way to amass that knowledge is to stay informed. Whether you subscribe
to email bulletins, security alerts, or RSS feeds, your email client can
provide you the first indications that something new is out there, and also
what you need to do to protect your systems from the threat. Zero day exploits,
out of band patches, best practices and more, can all be yours if you simply join
the right distribution lists and subscribe to the right lists.
These 10 system admin
tools are a great start towards building your toolkit for security. Network security
software plays a major role in this toolkit, which you supplement with other
tools and the information you need to maintain a secure environment.
No comments:
Post a Comment