Security on a single home computer connected to the Internet can be a nightmare all by itself. Let a bunch of them talk to each other and the possible dangers multiply dramatically. Then there are the challenges of optimizing network speed and keeping all your client computers on the same software versions. A few free network tools can help get a handle on all that.
This program consistently wins the #1 spot in voting on SecTools.org for top network security tools. It’s a network protocol analyzer, letting you see the traffic bouncing around your network in real time. Viewing everything can easily become a mass of benevolent requests between chatty applications, so Wireshark has hundreds of available filters for including or excluding certain types of traffic. Drilling down helps isolate a problem that might be affecting only one machine or program.
As appealing as representing packets as bulbous avians sounds, no, this program has nothing to do with Angry Birds; it’s been around quite a bit longer. Give it a range of IP addresses and it quickly pings them all, giving you a list of active devices on your network. It can also display MAC addresses, open ports, NetBIOS names, and other tidbits in an easily savable format. There are even Java-based plugins available to extend its functionality further. The Windows program itself is a single executable that can run from a flash drive with no install.
Including both a GUI and a command-line tool, Nmap is designed for security auditing and exploration of large networks. It shows running operating systems, services, packet filters, and other information, and can generate maps around difficult devices like firewalls and routers. Its makers even boast of its fairly accurate use in movies like The Matrix Reloaded and Live Free or Die Hard, though of course they would never support malicious hacking.
For intrusion detection and prevention, Snort uses three different methods: signature, protocol, and anomaly inspection. Signature inspection matches network activity against known attacks, similar to an antivirus program recognizing a particular worm in its database. Protocol inspection analyzes commands going through predefined communication channels like FTP, RDP, etc. Anomaly inspection simply flags unusual activity. Together with a rules file updated regularly by Snort’s developers, these methods alert you to just about any kind of attempted incursion on your network.
If you like the idea of encrypting your communications but not giving more money to Symantec, GnuPG is your answer. It’s rewritten from the ground up to be open source, implementing the OpenPGP standard. It supports a number of encryption protocols and comes with both a command-line interface and a GUI .
Although there’s a bit of functionality shared across a few of these tools, you might find yourself more comfortable with one interface or another. Give them a try and share your experience with these or similar programs!
John Andrews writes for INE, a leading provider of online CCIE training courses that help IT professionals prepare for IT certification exams. Learn more about the INE All Access Pass that grants unlimited access to thousands of instructor-led videos.