A consistent problem facing small businesses is how to manage IT Security on little or no budget. While this is not a comprehensive list, it provides enough tools to immediately help secure your websites and internal networks starting today.
Qualys SSL Web Server Analysis
- This free online service performs a deep analysis of the configuration of any SSL web server on the public Internet. It provides a grade based on the resulting SSL configuration and ciphers, and provides directions on how to mitigate the vulnerabilities.
- Difficulty rating: Easy
ASafaWeb Security Analyzer for ASP.NET websites
- ASafaWeb is a free online service that scans servers on the public internet. ASafaWeb doesn’t attempt any attack sequences or other malicious activity, it simply makes some benign requests and checks how the site responds. After the scan you are presented with a list of the found vulnerabilities and links to instructions on how to mitigate those vulnerabilities.
- Difficulty rating: Easy
- TripWires’ powerful enterprise vulnerability scanner is free for scanning up to 100 IP’s on your internal network; after performing a scan, you’re then guided through how to mitigate the vulnerabilities and remove the threats.
- Difficulty rating: Easy
- TripWires’ free configuration evaluator tests for common configuration errors and weaknesses in Microsoft Windows desktops and servers. The evaluator includes detailed remediation guidance on found vulnerabilities.
- Difficulty rating: Easy
OpenVAS free vulnerability scanner
- OpenVAS was forked from the previously open source Nessus code. OpenVAS offers many benefits including speed and flexibility.
- Difficulty rating: Medium. Requires basic shell command-line knowledge. Detailed configuration instructions are available on the OpenVAS site.
Microsoft Baseline Security Analyzer
- The free MBSA is an easy-to-use tool to determine the security state of Windows desktops and laptops in accordance with Microsoft security recommendations. It is a standalone security and vulnerability scanner designed to provide a streamlined method for identifying common security misconfigurations and missing security updates.
- Difficulty rating: Easy
Microsoft Malicious Software Removal Tool
- This Windows tool checks your computer for infection by specific, prevalent malicious software and helps to remove the infection if it is found. Microsoft releases an updated version of this tool on the second Tuesday of each month.
- Difficulty rating: Easy
- Wiresharkis a network protocol analyzer for Linux and Windows, used for network troubleshooting and analysis. For anyone familiar with the command line tool tcpdump, Wireshark is basically a front-end GUI with integrated sorting/filtering options.
- Difficulty rating: Medium – Hard. Knowledge of TCP/IP is required. There are many free self-study resources on the internet where you can learn how to dissect and understand network traffic.
- If you need to quickly parse through user/system activity on a Windows machine, this handy lightweight tool provides an easy to read summary of all of the events in the system logs, laid out in a simple timeline format.
- Difficulty rating: Easy
Duo Security RSAC 2015 – Register to win a free Quadcopter
About the Author: Brian M. Thomas (@InfoSec_Brian) is a passionate professional with 17 years’ experience providing Tier-4 data solutions in all disciplines of IT including Network/Server administration and Information Security. Proven experience in HIPAA, ISO 27001 and PCI compliance.
