New Toys for Security Geeks

June 21, 2005 —

This week I ran into two "new-to-me" toys that I thought I should share with you. They are very useful for working with networks and information security, in general. While, I don't endorse commercial products and such, I mention these two tools because they bring a particular solution for a common problem.

The first tool is Friendly Pinger from Friendly Software. This shareware tool helps network admins and security folks solve a common problem - network visualization. In plain terms, it provides a mechanism for generating network maps and maintaining information and details about the network components. While not a robust solution for a large enterprise, it will provide SMB organizations with a very powerful tool. The process of creating a network map is a bit cumbersome, but it beats creating raw Visio drawings in both ease and functionality. Maps can be exported in a number of formats and components can easily be inventoried, notes added and other details managed. The tool will even ping the systems periodically and alert you when systems are offline, making it a pretty useful low-end network device monitor too!

The second tool is a bit more technical, but still valuable. The tool is called TCPreen and is a protocol re-engineering tool. Think of it like a cross between Achilles and Ethereal, but for TCP services. The tool acts as a man in the middle proxy for TCP services and help technicians reverse engineer the data formats of new protocols. For example, if an in-house developed tool stops working when new firewall rules are put into place, TCPreen would help a technician understand what is going on at the layer of the tool's protocol transactions in order to resolve the problem. While the technical content is high, the details you can learn about tools and programs are immensely helpful. You can bend your imagination to just how this might be used in penetration testing

security.itworld.com, Security Strategies