5 Tools Everyone in the Security Information Industry Should Be Using

(Ping! Zine Web Hosting Magazine) – Information security is everyone’s responsibility. Whether you are a user, administrator, IT manager, or business owner information security should be on your mind. Information used, collected and owned has value and because of this businesses must prepare for security threats and vulnerabilities. The following examines 5 tools everyone should use in the information security industry.

Network vulnerability scanners

Vulnerability scanners are programs designed to access computers, networks, applications, and computer systems to discover weaknesses. These can be applied either as part of a vulnerability assessment or by black hat attackers seeking to gain unauthorized access.

One of the most popular and widely used scanners is OpenVAS – one of the top scanners available for network use. Some of the main features with this tool include remote and local security checks, an embedded scripting language so you can write your own plugins, and a web based interface.

The features included in all versions include:

  • Vulnerability scanning
  • Configuration audits
  • Malware detection
  • Web application scanning
  • Reports
  • Scan scheduling

The other features become more advanced depending on the need for in-depth scanning. OpenVAS will run on any environment from on-premises to cloud, or hybrid.

Vulnerability scanners include different types such as:

  • ERP security scanners
  • Single vulnerability tests
  • Port scanners
  • Network vulnerability scanners
  • Web application security scanners
  • Host based vulnerability scanners

Each of these are features within certain tools such as OpenVAS’ capability to perform single vulnerability tests and web application scanning.

Intrusion detection and prevention systems (IDS/IPS)

These tools are placed on a network to monitor the activity that occurs. Any type of malicious network activity will be pinpointed by the IDS/IPS and reported in a detailed log. An IDS and IPS are not the same thing however the technology used to detect security issues is similar in both. An IDS detects and reports an IPS detects and prevents access by blocking attempts to infiltrate the network. Both tools fit into the network in different places with different functions and different sets of issues.

You can compare an IPS to a firewall. Many of the rules set on an IPS are either pass or deny which either allow traffic through the network or drops it off. There are hundreds to thousands of IPS rules, many of which are deny. When a malicious packet appears, the IPS reads through the rule list.

Cisco has been providing network security solutions for a number of years that defeat threats from multiple intrusions. Cisco offers an array of IPS devices that lead the market in network protection. Some of their latest solutions include the Cisco MARS, ASA 5500 Series IPS, the 4200 series sensors, and the Catalyst 6500 series IDS module. Each of these devices offer varying protection in standalone intrusion prevention.

Gateway Mail protection

Inbound and outbound emails are one of the most commonly exploited gateway security risks. Spam and phishing attempts are the most common emails received which need to be scanned and filtered to ensure protection is not ignored.

You should consider finding a product that provides email protection by scanning all inbound and outbound messages for malicious intent and provide proper security. One such vendor that offers a messaging gateway is PostFW by REMSYS. Our solution allows businesses to secure their email with real time antispam and antimalware protection. Messaging Gateway can capture over 99% of spam with very few false positives.

This type of protection is perfect for a business that deals with the public to send and receive countless amounts of emails every day. With this type of security tool, email borne threats will be quickly identified and filtered. Any email is vulnerable to spam and malicious intent so messaging gateways are a tool all businesses should use to protect themselves.

Load balancing

If you have multiple networks running over a main network i.e. multiple campuses that connect to a main campus, your network workload increases which increases the criticality of managing it effectively. In this case you will need to have a good load balancing to reduce workload through maximizing the usage of network resources.

You need to balance network sessions such as email, web traffic, data and file transfer, etc. in order to distribute the bandwidth amount each user is utilizing over the LAN which will in turn increase the amount of overall bandwidth available. For example, session balancing can split web traffic across multiple sessions. One session could include the text, another the images, one for video, etc. Each session could be balanced through multiple connections.

Our solution is based on open source software and is a load balancing tool that allows you to balance multiple applications to match a wide range of performance and business requirements in your network to include virtual machines. Our solution also works with mobile networks to provide security and visibility into your mobile business applications.

You can test your load balancer by establishing benchmarks. A benchmark is a set of conditions against which you can measure a product or system. If you wish to benchmark your load balancing software you should use a benchmark.

A load balancer can be benchmarked through virtual machines. You can configure one host for your monitoring tool, one for load balancing, and a couple for your business cluster. You can run your benchmark through separate data tables and set a certain amount of disk space for the results.

Automatic link failover

Your business should be prepared for the unexpected that may occur at any time such as ISP outages. A complete network disruption can occur and a stoppage of an ISP line can shut a network down at any given time if you are not prepared. If you have automatic link failover your data can take a detour automatically to move from an inactive ISP to another source to optimize productivity.

You should spend on research that best address security resiliency and provide a stable preventative, and responsive controls.
In most organizations, security investments, processes, and technology, are not balanced. The best thing you can do for your security is to get those tools coordinated.

By: Valeria Crasov, Remsys TECH, [email protected]

Advertisement