About this time, your thoughts might turn to hacking, especially if you're planning to attend one or both of the upcoming hacking conferences Black Hat USA 2007 and DEFCON 15 held July 28 - Aug. 2 and Aug. 3-5, respectively, in Las Vegas.
** Security Pro VIP is offering two lucky winners free registration to this year's Black Hat Briefings. **
If you're going to protect your company's network and computers, you have to think like a hacker and put your systems to the same tests a hacker would. To do that, you need some hacking tools, many of which are available free on the Internet. One of the most popular is Nmap, an open-source network port scanner. Jeff Fellinge has written about Nmap several times in his Toolbox column in Security Pro VIP:
Toolbox: "Nmap 4.0 Does Windows" introduces Nmap 4.0, which provides 11 scan techniques and many scan customization features to help you discover and identify the applications installed on your network as well as test firewall and intrusion detection system (IDS) configurations.
Toolbox: "Nmap" shows how to leverage Nmap and its flexible output features to quickly determine whether antivirus software is installed on the computers within a subnet.
Toolbox: "Nmap Output" follows up on the previous "Nmap" article, using Nmap's XML output feature and custom Extensible Style Language Transformations (XSLT) program code to tailor the output exactly as you want it.
Here are descriptions of a few other free hacking tools that might help you protect your environment:
"Audit Your Passwords" explains how to use the powerful password-cracking tool Cain & Abel to test your passwords before a hacker can.
Toolbox: "The Paros Proxy Server" is a Java application that uncovers the behind-the-scenes communication between your Web browser and a Web site and stores the data for analysis. Use it to see exactly how users interact with a Web site and how attackers could exploit the site.
Toolbox: "Sam Spade on the Spam Case" introduces a suite of well-known and separately available network-investigation tools—including IP block, reverse DNS lookups, Ping, Traceroute, and Whois—packaged with a common GUI that lets you easily feed one tool's results to another tool for further analysis.
That's just a sampling of tools that Security Pro VIP has covered within the last year or so. For more, see "Nmap Hackers Pick Top 100 Security Tools," which points to a list compiled in 2006 by Fyodor, who asked users from his nmap-hackers mailing list to share their favorite tools.
If you'd like a little training to go with the tools, "Train to Be a Certified Ethical Hacker" describes a certification program by New Horizons that aims to certify individuals in ethical hacking from a vendor-neutral perspective. The article also links to the New Horizons Web site.
Or, of course, you can attend Black Hat USA 2007 and/or DEFCON 15. Black Hat has three days of hands-on Training sessions before Briefings start on Aug. 1. DEFCON 15's Web site says it will provide some training and demonstration sessions in addition to its other presentations.
If you want to get a flavor for what Black Hat is like, check out "Black Hat Briefly," which describes a couple of notable hacking presentations from Black Hat USA 2006. And don't forget—you could win free registration to this year's Black Hat Briefings.
