Windows shops can now use a USB stick loaded with up-to-date anti-hacking and analytical software to turn the tables...
on hackers and thieves.
Keith Parsons, the managing director for the Institute for Network Professionals, provider of IT computer training and products based in Orem, Utah, has put together a tool inspired by hackers that IT managers can learn to use to thwart system attacks.
Parsons loads the "The Ultimate USB" stick with about 50 or so software tools, including network analyst, security and attack and recovery programs. Parsons also provides two days' worth of hands-on training so IT professionals can learn the ins and outs of all the programs. He provides the training sessions in a variety of cities and at major conferences.
A hacker might use a similar type of stick to grab passwords from desktops, but an IT manager could use the stick to troubleshoot a computer that's been broken into as well as to analyze where a network's weaknesses are and fix them to keep hackers away.
Parsons has developed a course for IT professionals that shows them how to use the USB stick. The programs loaded in the stick are used to look at a system as a hacker would see it, including what data can be easily found and then stolen. The stick is also loaded with anti-hacking tools so IT managers can see how they should secure their networks against them.
"We thought it was only fair that all their nefarious methods be turned around and used on them," Parsons said. The Ultimate USB stick uses a 2 GB Lexar Lightening USB, and then Parsons loads about 20 programs onto it, including ones for security, network analysis, attack and recovery.
The USB security stick costs $199 at conferences where training is part of the conference fee. Otherwise, users can purchase the stick with software, training and materials for $2,465. Additional USB sticks cost $130 each.
The security stick has proved popular with IT people, Parsons said. "They play with it for two or three days straight. I had one guy tell me it was my fault that he hadn't slept in two days," he said.
Johannes Ullrich, chief research officer for the SANS Institute in Bethesda, Md., said although the idea has been around for a while, it is now being used on a new sort of device. "These used to be on CD-ROMs. Now they're a little more convenient and can be booted from a USB," he said.
Susan Bradley, a Microsoft MVP and certified public accountant at Tamiyasu, Smith, Horn and Braun Accountancy Corp. in Fresno, Calif., said tools like this are used to boot a system from an alternative or "clean" operating system. It lets users boot cleanly underneath the infected drive and get a true view of the system, she said.
"Many rootkits will slither in and hide their tracks so the only way you can truly investigate is to get a clean OS underneath," she said. From there, you have antivirus scanning tools -- rootkit revealers -- basically a "clean up the drive" toolkit," said Bradley, adding she has used them on rare occasions but tries not to get into that situation in the first place.
John Pescatore, a security analyst with Gartner Inc. in Stamford, Conn., said that these types of tools are probably more useful for smaller companies. "Products like these are interesting, but for enterprise companies it would be very important to know if they have any vulnerabilities and will any of the programs need patching. And, if they do, how am I going to patch them?" he said.