system admin can use to help secure their network. Some you may be familiar with, like network security software, while others may come as a surprise, like your email client; but all will help you to stay ahead of the bad guys, keep yourself informed of the latest threats, and maintain the security of your network.
1. Network security software
When we talk about network security software, we’re talking about a
class of product more than any specific tool, and how important it is
for you to have an application or small group of applications that can
help you to accomplish most of your tasks. There are simply too many
things for any one admin to do by hand, and network security software
applications help to automate the heavy lifting and ensure that you can
keep up with the workload. Look for network security software that
multitasks. Think about it as a Swiss Army knife of software packages that includes many of the other items on this list.
2. Vulnerability scanner
A good vulnerability scanner is a key part of any toolkit, and should be
used by server admins and security engineers alike. The top network
security software apps will include a scanner that has a database of the
thousands of vulnerabilities that could exist on your network, so that
you can quickly, easily and regularly scan your network to ensure you
systems are up-to-date, configured properly and secured.
3. Port scanner
A port scanner is another regular tool that should be in your network
security software application. Attackers regularly scan your Internet
connection looking for ways in and so should you. But you should also
scan internally so you can find unauthorized services or misconfigured
systems, and to validate your internal firewalls are set up correctly.
4. Patching software
Patching operating systems and third party applications is one of the
most important, regularly recurring tasks a sys admin has. Network
security software that can automate this, and handle the hundreds of
other applications on your network, is the only realistic way you can
keep up with this.
5. Auditing software
Auditing software may strike you as a strange recommendation at first,
but consider all those apps you are trying to patch. How can you be sure
you have no vulnerabilities on your systems if your users can install
anything on your systems? How are you going to maintain licensing
compliance if you don’t know who has installed what from \software?
Network security software may also include software and hardware
inventory components to help you stay informed and secure.
6. Secure remote clients
Telnet, older versions of PCAnyWhere and several of the web-based remote
access apps that are out there all have a common issue - they’re not
secure. Use SSH v2 or later for secure access to all CLI-based systems,
and the most secure versions of Remote Desktop Protocol to manage
Windows boxes. Using strong encryption, good passwords, lockout policies
and, when possible, mutual authentication between client and host, will
help to ensure no one sniffs credentials or brute-forces their way into
a system. If you have two-factor authentication in your environment,
ensure that every system possible uses it to further reduce your risk
from unauthorized access.
7. A good network analyzer
Whether you like the open source WireShark, the free
Microsoft tool NetMon, or one of the many other commercial network
analysis tools, having a good “sniffer” is key to helping secure and
analyze systems. There is simply no way that’s more effective to figure
out just what is going on between networked systems than to see the
traffic first hand.
8. Network tools
Whenever you are dealing with connections from foreign systems, you will
find the need to check network addresses, routes and more. Having good
tools like DIG, WHOIS, HOST, TCPING and others close at hand makes
network evaluation a breeze.
9. Log parsing software
Securing systems means going through logs; lots of them. Web logs,
access logs, system logs, security logs, SNMP logs, syslog logs – the
list goes on and on. Having software that can quickly and easily parse
through logs is critical. Everyone has their favorite. Some install
locally like LogParser, while others run on servers like Splunk.
Whichever you prefer, get a good log parser to help wade through what
can be millions of entries quickly and easily so you can find events you need to check.
10. Your email client
Knowledge is power, and the best way to amass that knowledge is to stay
informed. Whether you subscribe to email bulletins, security alerts, or
RSS feeds, your email client can provide you the first indications that
something new is out there, and also what you need to do to protect your
systems from the threat. Zero day exploits, out of band patches, best
practices and more, can all be yours if you simply join the right
distribution lists and subscribe to the right lists.
These 10 system admin tools are a great start towards building your
toolkit for security. Network security software plays a major role in
this toolkit, which you supplement with other tools and the information
you need to maintain a secure environment.
This guest post was provided by Emmanuel Carabott on behalf of GFI
Software Ltd. Learn more about the importance of a secure business
network by downloading the free eBook: A first aid kit for SysAdmins. All product and company names herein may be trademarks of their respective owners.