13 Free Security Tools and Resources

With the annual security extravaganza known as theRSA Conference startingthis week, I felt it would be appropriate to highlight someof the best free security tools and services that my fellow editors andexternal security experts have found invaluable to help them do theirjobs. The result is this baker's dozen-sized list of free securitytools, utilities, and resources that every system administrator shouldfind useful. (A big Twitter hat tip goes out to @The_Ajan,@jjx,@xcoppin, @MrsYisWhy, and@ironfog for offering up their security resource suggestions andfavorites.)

1. DataBreach Investigations Report / Verizon RISK Team
Some of the best security resources aren't tools or software, butquality information and analysis. This annual Data BreachInvestigations Report (DBIR) -- compiled by the Verizon RISK Team, withhelp from the U.S. Secret Service and the Dutch High Tech Crime Unit --provides an expansive overview of data breaches and other securityincidents. It's fascinating reading, and provides an inside look at thehow, the why, and the when of data breaches.

2. ESETSysInspector
Getting a glimpse at all of the processes, startupsequences,networkconnections, system details, and registry data of a Windows PC can be adifficult task without the right tools. That's when a system utilitylike ESET's SysInspectorcan come in handy. SysInspector features a slick userinterface, acolor-coded approach to highlighting potential vulnerabilities, and anactive community of users that can help you get the most out of usingit.

3. EtterCap 
One of the more popular utilities for analyzing networkprotocols,EtterCap is a tool that allows you to analyze computers on a networkand determine what information they're sending to each other. Like manysecurity tools (and the Force),EtterCap can be used both for good(finding security vulnerabilities) or for evil (executing "man in themiddle" attacks).

4. Fyodor'sList 
There are dozens of security tools and resources available to IT prosand security practitioners, and one of the best places for getting agood summary of all of them is Gordon Lyon's Fyodor'sList. This expansive onlineresource provides information on 125 networking utilities, making itan invaluable ally in helping you find the right software tool for yourspecific security needs and requirements.

5. KeePass
Keeping track of the plethora ofonline passwords we all use to access everything from bankinginformation to our Facebook accounts can be a time-consuming chore atbest, and a severe security vulnerability at worst. Aside fromfollowinga sound password selection strategy, having a utility like KeePassautomatically mind your online passwords for you can be a handysolution to your password problems.

6. MicrosoftSecurity Essentials
Years ago, many PC antivirus programs were resource-hogging parasitesthat seemed to slow a system to a crawl while they were tryingto protect it. One of the antivirus programs leading the charge forlighter, faster, and more efficient system protection is MicrosoftSecurity Essentials, a free, lightweight program that is ideal forpersonal use or for businesses with 10 PCs or less.

7. NetworkMapper (NMAP)
Oneof themore popular open-source applications for network exploration is theaccurately (and concisely) named Network Mapper, or NMAP. It also doesa fantastic job as a more general network analysis tool, helping youget information on all the services, hosts, OSes, firewalls, and otherdetails of an analyzed network. It's also available for Mac, Linux, andmost other major OSes.

8.NationalVulnerability Database (NVD)
Goodinformation is sometimes the best tool of all, and the informationcontained in the National Vulnerability Database (or NVD) can be agreat resource to help you narrow your focus to the most importantthreats, or help you avoid purchasing or deploying a vendorapplication that is rife with security holes and vulnerabilities.

9.QualysBrowsercheck
Havingan insecure, out-of-date, or critically vulnerable web browser orbrowser plug-in can be a big security risk. That's why the freeBrowsercheck web service from Qualys is a such a great resource. Simplyhead to the Browsercheck website and it let it do an analysis ofyour current browser and affiliated plug-ins. Qualys also offers abusiness edition that allows admins to get a comprehensive view of allthe browsers, plug-ins, and associated vulnerabilities on aspecific network.

10.SecuniaPersonal Software Inspector (PSI)
 MostPCs are stuffed with dozens of programs and applications, andkeeping all of those potential security vulnerabilities patched andupdated can seem like an impossible task. That's where Secunia PSIcomesin: It does a thorough search of your system, then alerts you to anyprograms that have available patches and need to be updated. There'salso an online version of the app that offers somewhat reducedfunctionality, but lets you sample what the product can do without adownload.

11.Splunk
TheSplunk marketing team uses the slogan "Finding your faults, justlike Mom" to advertise Splunk, and it's an apt description. Splunkhelps you comb through the mountains of computer-generated informationthat a modern IT infrastructure produces, and helps you examine what ishappening where by what files. It's a valuable tool for any securityprofessional's toolbox.

12.TrueCrypt
Keepingvital data secure on the motley menagerie of storage devices thatmany IT organizations have to support can be an arduous taskunder the best circumstances. Free open-source software disk encryptionsoftware like TrueCrypt can help: It supports on-the-fly encryption(OFTE), can be used to encrypt an entire volume (or partition), and caneven create mountable virtual encrypted disks within files. TrueCrypthelps make it far more difficult for unwanted eavesdroppers to snoop onthose highlyconfidential documents about the revolutionary new product yourcompany is developing. (Or what you're buying your daughter for herbirthday.)

13.Wireshark
Wiresharkis a network protocol analyzer that you can use to examineand analyze all of the traffic flowing through a computer network. It'savailable for many different platforms, supports hundreds of networkingprotocols and file formats, and has been in continuous developmentsince 1998.
 
Have any favorite security tools you can't live without? Share thewealth by adding a comment to this blog post or contribute to adiscussion about free security tools on Twitter.