While many of these tools are used by crackers and intruders, they also help the security administrator detect and stop malicious scans. Used with intrusion detection systems, these tools can provide some level of protection by identifying vulnerable systems, and they can provide data about the level of activity directed against a machine or network. Since scanning is a continuous activity (that is all networked systems are being scanned all of the time).
It’s very important that the security professional know what can be compromised. Some common scanning tools are:
- Computer Oracle and Password System (COPS) – examines system for a number of known weaknesses and alerts the administrator.
- HPing – a network analysis tool that sends packets with non-traditional IP stack parameters. It allows the scanner to gather information from the response packets generated.
- Legion – will scan for and identify shared folders on scanned systems, allowing the scanner to map drives directly.
- Nessus – a free security-auditing tool for Linux, BSD, and a few other platforms. It requires a back-end server that has to run on a Unix-like platform.
- NMap – a very common port-scanning packages.
- Remote Access Perimeter Scanner (RAPS) – part of the corporate edition of PCAnywhere by Symantec. RAPS will detect most commercial remote control and backdoor packages like NetBus, and it can help lockdown PCAnywhere.
- Security Administrator’s Integrated Network Tool (SAINT) – examines network services such as finger, NFS, NIS, ftp and tftp, rexd, statd, and others, to report on potential security flaws.
- System Administrator Tool for Analyzing Networks (SATAN) – is one of the oldest network security analyzers. SATAN scans network systems for well known and often exploited vulnerabilities.
- Topview – will allow identification of what application opened which port on Windows platforms.
- Snort – is a utility used for network sniffing. Network sniffing is the process of gathering traffic from a network by capturing the data as it passes and storing it to analyze later.