There's an old saying that goes something like this: "When he makes a mistake, the wise carpenter blames himself, but the unwise carpenter blames his tools." All issues of blame aside, it's impossible for any craftsperson to practice a craft without the right tools. To that end, I want to highlight some great collections of security tools here, and ask readers to submit their own favorites for further coverage and consideration as I update this compendium over time.
The table provides a list of several well-known and highly-regarded collections of information security tools. Some are profoundly Windows-oriented, others less so; all are worth at least an occasional visit to see what's new and interesting in their various and widely varied collections.
|Anti-Hacker Toolkit||Points to current versions of all tools mentioned in Mike Shema & Bradley Johnson's Osborne/McGraw-Hill eponymous book|
|CERIAS Hotlist||Tools show up under "system security" and "network security" headings at Purdue's Center for Education and Research in Information Assurance and Security|
|CERT Coordination Center||Hundreds of tools across numerous categories from the Computer Emergency Response Team at CMU|
|Hacking Exposed Tools||The authors of this great series of books maintain pointers to all current versions of tools mentioned in their various publications|
|Insecure.org Top 75||Top security tools recommended at another leading portal (but not all are Windows-based)|
|Microsoft Security Tools||Lots of Microsoft's own security tools|
|Security Focus Tools Archive||13 pages of pointers to useful tools at a leading security portal site|
|Security Wizards Security Tools||A choice list of security tools from a great infosec resource on many fronts|
|SourceForge Security Projects||Over 1,000 open source security projects/programs/products are documented here, including many gems|
|WindowsSecurity tools||Click the Software link in the left-hand menu at this great portal site to find pointers to security tools in 16 categories.|
Though there are hundreds more such sites out there, I decided to draw the line at 10, and ask for feedback and more input. Please e-mail me at firstname.lastname@example.org with your nominations, suggestions, questions, or comments.
Tom Lancaster, CCIE# 8829 CNX# 1105, is a consultant with 15 years experience in the networking industry, and co-author of several books on networking, most recently, CCSPTM: Secure PIX and Secure VPN Study Guide published by Sybex.
This was first published in March 2004