BEST OF THE WEB

Free security tools recommended by experts

Network security pros are known for their colourful language, usually because when something hits the fan they get called first.

But their favourite four letter word might be “free” — as in free tools that are available to solve problems.

You may have heard about most of them, but some aren’t as well known as they ought to be. A number were outlined in a recent article which canvassed the opinons of infosec professionals.

One is Microsoft’s Enhanced Mitigation Experience Toolkit (EMET), a utility that helps prevent vulnerabilities in executables  from being successfully exploited. EMET uses security mitigation technologies that function as special protections and obstacles that an exploit author must defeat to exploit software vulnerabilities. These security mitigation technologies do not guarantee that vulnerabilities cannot be exploited, says Microsoft. However, they work to make exploitation as difficult as possible to perform.

EMET also provides a configurable SSL/TLS certificate pinning feature that is called Certificate Trust. This feature is intended to detect (and stop, with EMET 5.0) man-in-the-middle attacks that are leveraging the public key infrastructure (PKI).

Another is the Root the Box open source platform, a real-time scoring engine for computer wargames that IT staff can use to sharpen their pentesting skills and knowledge.  Root the Box attempts to engage novice and experienced hackers by combining a fun game-like environment, with realistic challenges for some applicable, real-world learning.

Also recommended is Rapid7 Nexpose Community edition vulnerability scanner, which includes a wide range of capabilities including discovery, detection, verification, risk classification, impact analysis, reporting and mitigation. The free, community edition scans 32 IPs on networks, operating systems and databases.

These and other tools are worth considering.

Read the full article here

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web