5 great free security tools: Tested and reviewed

Despite its critical importance, cybersecurity often faces budget constraints. However, there are excellent free tools available to bolster your cybersecurity defenses and protect your network.

Free and open-source software may sound too good to be true, but in this case, you can trust it. Open-source software development provides transparency to users by allowing them access to the source code, ensuring there are no malicious activities. Users can also modify the code if they are programmers, fixing bugs or adding features, which benefits both the community and developers. The collaborative nature of open-source development ensures thorough code review, enhancing security.

Though open source isn’t foolproof

While open-source software isn't immune to bugs, the key advantage is that these bugs are typically identified and addressed quickly. When bugs are discovered, fixes are promptly characterized and made available as patches. If you urgently need a fix, you can access the source code, integrate the bug fixes, and compile a version with the patch, bypassing the need to wait for an official release.

All the tools discussed in this article are open source, with some being widely recognized standards in their respective fields. This underscores the commitment of the communities, maintainers, and project leaders behind these applications. Numerous other open-source tools are available to enhance your cybersecurity and network management practices, but the ones highlighted here are among the most reliable and frequently used.

Nmap: A tool for mapping networks

Understanding your network's connected devices is crucial for planning patching and upgrades, identifying assets for protection, and recognizing potential risks.

Nmap, the network mapping tool, is a robust scanning and reporting utility. It identifies connected devices and scans them for details like operating system, open ports, IP address, and more. It can even detect and report devices connected via Wi-Fi. Nmap is available across various platforms, including Linux, Windows, and Mac, and is simple to install.

Once installed, use the -h (help) command line option or man nmap to access the manual. The options used here are -T4 for thorough scanning, -A for OS and version detection, script scanning, and traceroute information, and -v for verbose output. Redirect the output to a file for easier review. 

This command scans an entire network using CIDR notation. The "/24" represents the subnet mask, where 24 signifies 3 sets of 8 bits (255.255.255.0).

If a port's purpose can be determined, nmap provides that information. Otherwise, it suggests a possible use. Any unexplained or suspicious findings should be investigated further.

For a more thorough scan on a single IP address, you might consider using the -T5 (most thorough) option. However, note that more thorough scans take longer, and -T5 is referred to as the "insane mode" in nmap documentation, indicating a significantly longer wait time.

Wireshark: Packet capture and analysis

Wireshark, a packet capture and analysis tool, complements nmap by capturing and analyzing network traffic between devices on your network. Available for Windows, Linux, and Mac, Wireshark provides insights into network activities.

You will be prompted to decide whether normal, non-root users should have the ability to capture packets. If you set it up to require root privileges to run Wireshark, the program will run with elevated permissions. Allowing non-root users to run Wireshark could lead to the capture of network traffic that should remain private. I typically install Wireshark to require root access for capturing network traffic.

When you encounter the screen, use the "Tab" key to select the button and press the space bar to make your choice.

Wireshark starts capturing network traffic on the chosen interface, displaying three panes. The top pane shows the traffic.

To view a packet's details, select it in the top pane. The middle and bottom panes display low-level packet information. The middle pane features a collapsible tree view with human-readable values, while the bottom pane shows the packet's raw data in hexadecimal and ASCII.

Although it may appear crowded in a screenshot, this layout becomes clear and informative when stretched across an entire monitor.

Osquery: Uncover the status of computers and servers

Osquery allows you to inquire about the status of your computers and servers using basic SQL queries. It is compatible with Windows, Linux, and Mac operating systems.

To install Osquery on Ubuntu, visit the Osquery download page and download the ".deb" package file. Navigate to the directory containing the downloaded file and install Osquery using the following commands, replacing the example file name with your downloaded file's name.

The osquery interactive shell opens, allowing you to input SQL commands at the "osquery" prompt. Commands should end with a semicolon (;), and pressing "Enter" executes them.

Dot commands, such as "quit," which are commands intended for the shell and not SQL, are preceded by a period ".". To exit the shell, use the command ".quit" followed by "Enter." Note that while SQL commands require a final semicolon, dot commands do not.

To view the list of tables, use the ".tables" command. To see the fields in a table, use the ".schema" command.

For instance, the suid_bin table contains information about applications with either or both the SUID and GUID bits set, which enable regular users to execute applications with elevated privileges.

Malicious actors may exploit these permissions to escalate malware privileges and conceal backdoors. Monitoring binaries with SUID and GUID settings is a recommended security practice.

Nikto: Scanner for vulnerabilities in websites

Let's also consider corporate websites and portals. Nikto can scan these for various vulnerabilities. According to the authors, it can:

• Detect 6700 potentially harmful files or programs.
• Identify outdated versions of more than 1250 servers.
• Identify version-specific issues on over 270 servers.

We will execute Nikto against a test website intentionally designed with vulnerabilities for practice. It's important to note that a Nikto scan can be time-consuming, often taking 40 minutes or more due to its thoroughness.

To specify the web server for Nikto to scan, we use the -h (host) option. Additionally, we'll utilize the -o (output) option to designate a filename for the report. Nikto determines the report format based on the filename extension. Accepted formats include CSV, HTML, TXT, and XML.

Kali Linux: A comprehensive toolkit

For an extensive array of security testing tools, consider using Kali Linux. This Linux distribution is specifically crafted for penetration testing, offering a plethora of tools that allow you to scrutinize your defenses in the same manner as malicious actors.

Despite their dual-use nature, where they can be leveraged for both ethical and unethical purposes, these tools are invaluable for identifying and rectifying vulnerabilities in your network and website. One of the simplest ways to utilize Kali Linux is by downloading its ISO and installing it as a virtual machine using a hypervisor such as VirtualBox.

Kali Linux comes pre-loaded with Wireshark, Nikto, nmap, and a plethora of other reconnaissance, attack, and exploit tools. This saves you the trouble of selecting and installing tools individually, streamlining your security testing process.

Among the noteworthy tools and frameworks included in Kali Linux are:

• The metasploit framework: An exploit development and vulnerability validation tool featuring a database of over 140,000 common vulnerabilities and 3,000 exploits.
• Burp suite: A tool designed for web application security testing and general website security.
• The social engineering toolkit: A collection of tools for executing social engineering attacks like phishing and spear-phishing, primarily intended for testing employee susceptibility.

Kali Linux is built on Debian and uses the XFCE desktop environment by default. Even in a virtual environment, it offers a responsive and well-organized interface, with a main system menu providing access to a wide range of software and tools.