Data Center Services Inc. (DCS) is committed to providing effective solutions at the lowest possible cost and fully embraces the concept of professional grade industry proven open source software. Identified below are just some of the key tools that DCS feels all IT professionals should become familiar with.
Security Configuration Compliance
OpenSCAP (Security Configuration Automation Protocol)
SCAP is a line of standards managed by NIST. It was created to provide a standardized approach to maintaining the security of enterprise systems, such as automatically verifying the presence of patches, checking system security configuration settings, and examining systems for signs of compromise. SCAP provides standardized approach to maintaining the security of systems. Beside others, OpenSCAP tool can evaluate machine compliance with a given profile.
The main goal of this application is to lower the initial barrier of using SCAP. Therefore, the scope of very narrow – scap-workbench only scans a single machine and only with XCCDF/SDS (no direct OVAL evaluation). The assumption is that this is enough for users who want to scan a few machines and users with huge amount of machines to scan will just use scap-workbench to test or hand-tune their content before deploying it with more advanced (and harder to use) tools like
Spacewalk is a software package that provides a usable user interface to process of scheduling and reporting of SCAP scans. The aim is to provide an easy way for admins to scan whole infrastructure and view results and trends.
Microsoft Baseline Security Analyzer (MBSA)
MBSA is an easy-to-use tool designed for the IT professional that helps small and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Built on the Windows Update Agent and Microsoft Update infrastructure, MBSA ensures consistency with other Microsoft management products including Microsoft Update (MU), Windows Server Update Services (WSUS), Systems Management Server (SMS) and Microsoft Operations Manager (MOM).
The Most Widely Deployed Vulnerability Assessment & Management Solution
The Open Vulnerability Assessment System (OpenVAS) is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.
The actual security scanner is accompanied with a daily updated feed of Network Vulnerability Tests (NVTs), over 35,000 in total (as of April 2014).
All OpenVAS products are Free Software. Most components are licensed under the GNU General Public License (GNU GPL).
System/Network Management and Monitoring
With Nagios you can:
- Monitor your entire IT infrastructure
- Spot problems before they occur
- Know immediately when problems arise
- Share availability data with stakeholders
- Detect security breaches
Suricata is a high performance Network IDS, IPS and Network Security Monitoring engine. Open Source and owned by a community run non-profit foundation, the Open Information Security Foundation (OISF). Suricata is developed by the OISF and its supporting vendors.
Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system. Kismet will work with any wireless card which supports raw monitoring (rfmon) mode, and (with appropriate hardware) can sniff 802.11b, 802.11a, 802.11g, and 802.11n traffic. Kismet also supports plugins which allow sniffing other media such as DECT.
Kismet identifies networks by passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and infering the presence of nonbeaconing networks via data traffic.
Host Based Security Tools
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response. It runs on most operating systems, including Linux, MacOS, Solaris, HP-UX, AIX and Windows.
Data Loss Prevention suite with centralized web frontend to manage Windows agent filesystem scanners, agentless database scanners, and agentless Windows/UNIX filesystem scanners that identify sensitive data at rest.
ModSecurity is an open source, cross-platform web application firewall (WAF) module. Known as the “Swiss Army Knife” of WAFs, it enables web application defenders to gain visibility into HTTP(S) traffic and provides a power rules language and API to implement advanced protections.
Trinity Rescue Kit | CPR for your computer
Trinity Rescue Kit or TRK is a free live Linux distribution that aims specifically at recovery and repair operations on Windows machines, but is equally usable for Linux recovery issues. Since version 3.4 it has an easy to use scrollable text menu that allows anyone who masters a keyboard and some English to perform maintenance and repair on a computer, ranging from password resetting over disk cleanup to virus scanning
Backup and Restore
Redo Backup and Recovery
Redo Backup and Recovery is so simple that anyone can use it. It is the easiest, most complete disaster recovery solution available. It allows bare-metal restore. Bare metal restore is not only the best solution for hardware failure, it is also the ultimate antivirus: Even if your hard drive melts or gets completely erased by a virus, you can have a completely-functional system back up and running in as little as 10 minutes.
Clonezilla is a partition and disk imaging/cloning program similar to True Image® or Norton Ghost®. It helps you to do system deployment, bare metal backup and recovery. Two types of Clonezilla are available, Clonezilla live and Clonezilla SE (server edition). Clonezilla live is suitable for single machine backup and restore. While Clonezilla SE is for massive deployment, it can clone many (40 plus!) computers simultaneously
The MobiSec Live Environment Mobile Testing open source project is a live environment for testing mobile environments, including devices, applications, and supporting infrastructure. The purpose is to provide defenders the ability to test their mobile environments to identify design weaknesses and vulnerabilities.
Penetration Testing/Analysis Tools
Kali Linux contains a large amount of penetration testing tools from various different niches of the security and forensics fields. This site aims to list them all and provide a quick reference to these tools.
SANS Investigative Forensic Toolkit (SIFT)
An international team of forensics experts, led by SANS Faculty Fellow Rob Lee, created the SANS Investigative Forensic Toolkit (SIFT) Workstation and made it available to the whole community as a public service. The free SIFT toolkit, that can match any modern forensic tool suite, is also featured in SANS’ Advanced Computer Forensic Analysis and Incident Response course (FOR 508).