Sergey Nivens - Fotolia

Manage

The price is right for these Windows security tools

Even with a limited or non-existent budget, Windows Server administrators don't have to skip security testing in their environment.

Kevin Beaver, Principle Logic, LLC

Published: 04 Nov 2015

Tight budgets and strict regulations often translate to uneasy times for those responsible for managing Windows Server environments. It seems there is more pressure to perform security assessments of corporate networks, leaving many administrators and IT managers wondering what to do.

The choice is often between doing it in-house with various Windows security tools or hiring an outside company. In many situations, there is no budget set aside for this testing. There's often no wrong answer to which way to go; however, certain regulations require that independent third parties are used to perform the work.

Having worked as an independent consultant for more than a decade -- often consulting with businesses in these specific situations -- I have found a reasonable compromise that shows due care is taking place, and reasonable security evaluations are ongoing and consistent. The first step in any good information security program is to acknowledge any weaknesses. There are many great open source and free tools, combined with low-cost commercial alternatives, available to perform reasonable security vulnerability assessments to help point out and correct issues.

The following list of Linux and Windows security tools can help ferret out weaknesses on servers and related network systems.

Kali Linux

Kali Linux is a live Linux DVD and virtual machine that offers vulnerability scanning, penetration testing and forensics tools to uncover niche vulnerabilities and research network events. This is a free, open-source utility. Some commercial alternatives include GFI LanGuard and Nexpose Community Edition.

NetScantools Basic

NetScantools Basic is a toolkit with various rudimentary network and security-related functions. The Pro version seeks vulnerabilities from open ports, to DNS weaknesses, to email security issues and just about everything in between.

TamoSoft Essential NetTools

TamoSoft Essential NetTools is a toolkit similar to NetScanTools Pro that checks for issues with network configuration and security. It is available free of charge.

Wireshark

Wireshark is a free, open-source network analyzer that captures packets to and from Windows servers. CommView and CommView for WiFi are commercial, yet low cost, network analyzers that do just as much on wired and wireless networks, often in a simpler manner.

Burp Proxy

Burp Proxy is a low-cost tool for evaluating IIS-based website and Web application vulnerabilities.

Microsoft Baseline Security Analyzer

The Microsoft Baseline Security Analyzer is a free tool that is installed on Windows servers to seek out weak passwords, missing patches and other security misconfigurations.

Metasploit Framework

Metasploit Framework is a free, open-source security tool that exploits specific vulnerabilities found on Windows systems to determine the severity of the vulnerability, such as obtaining a remote command prompt on a system without having to login.

Building your case

If you test your own systems, then follow widely accepted standards such as the National Institute of Standards and Technology Special Publication 800-115, the Payment Card Industry Penetration Testing Guidelines and the Open Source Security Testing Methodology Manual (OSSTMM) for security testing.

Using these guides will demonstrate to management, auditors and regulators that best industry practices have been followed using well-known Windows security tools and solid methodologies. If you're not comfortable performing this work, then you can learn more about it through various books on performing security assessments, or you can hire someone to do the work for you.

Set up a schedule

Whether or not there is a budget allotted for testing should not be a factor in performing this work. These types of security assessments are often required by law or they may be needed to fulfill contracts or specific business partner or client demands. The important thing is to get started on this work and do it periodically and consistently year after year, such as once per quarter or every six months. One of the biggest mistakes people make is running some basic vulnerability scans and not digging in deeply enough. This can lead to the belief that everything is in check, because nothing serious was uncovered during the initial assessment.

Administrators must be proactive when it comes to security. Efforts must be taken to build improved penetration testing methods to close any gaps. The potential intruders are working to improve their skills, and Windows administrators must do the same, lest your data center become yet another victim.

Kevin Beaver is an information security consultant, expert witness and professional speaker with Atlanta-based Principle Logic LLC.

Next Steps

Impediments to fortifying Windows Server 2012
Security breach gives tough lesson
How much do you know about Windows security?

Dig Deeper on Microsoft identity and access management

5 steps to follow in a network security audit checklist Planning, execution, analysis, reporting and follow-up are the basic elements of a network security audit checklist. But coordination among IT teams is also important.

How to detect and defend against a TCP port 445 exploit and attacks The WannaCry TCP port 445 exploit returned the spotlight to Microsoft's long-abused networking port. Network security expert Kevin Beaver explains how to detect and defend against such attacks.

Best practices to overcome an IoT security challenge The internet of things poses numerous security challenges, but with the proper preparation and tools, your enterprise can mitigate the threats.

Windows 10 security tools to have handy Cyberthreats lurk around every corner, so it's always a good time to fortify Windows 10 defenses. These top security tools can help make that happen.

Information security resources for Exchange admins There are a myriad of free and trial resources available that can help Exchange administrators increase their information security knowledge to better secure systems.

Three steps to prevent and mitigate router security issues Numerous router security threats have made the news, threatening the integrity of enterprise data. Expert Kevin Beaver offers three steps for maintaining router safety.

Kevin Beaver asks:

What Windows security tools do you use to secure your Windows environment?

Join the Discussion

Join the conversation

2 comments

Send me notifications when other members comment.

Oldest

[-]

Kevin Beaver - 4 Nov 2015 4:00 AM

What Windows security tools do you use to secure your Windows environment?

ToddN2000 - 10 Nov 2015 9:55 AM

Thanks for the info Kevin. For many trying to justify every cent in the budget, these are some good packages to consider.

The price is right for these Windows security tools