Tools for Better Defense

So as I was doing some searching through the internet I came upon a security news site that had an article that talked about some great tools that can be useful to a security researcher or administrator. These tools could be used to further research for future attacks and over protect any network from attack. The first of these tools that could possibly be the most important is Wireshark. Wireshark is by far the ultimate network protocol analyzer and can be an amazing asset to you.  Wireshark can show you all the information passing through your network and has data on over 100 different network protocols. Also if you intend to create your own protocol this would be a great way to test it.

Another tool that is also great for testing things is a sandbox environment. No one wants to crash their personal machine, but they do want to play with the copy of stuxnet that they received. An invaluable tool for playing with these viruses and perhaps ultimately learning ways to break them down and defend against them better would be VMWare. VMWare is virtualization software for desktops servers and other platforms that can be used to run a virtual machine within the program that will provide you with that sandbox environment that you require for your virus testing.

And the final tool that I’ll be covering is a debugger and decompiler. These two tools will allow you to look “under the hood” of  programs to find out what is wrong with them and in the case of a malware program, these could potentially allow you to break it down and find out what exactly it’s doing. One example given in the original article that I like had to do with a text copying malware.  This malware would intercept your messages and copy them to a dropbox so that owner of the malware could obtain data from you. However with these tools you find out what this malware is doing, how it is doing it, and then get the code of it with the decompiler.

These tools can definitely be a great help to anyone interested in information security and I’m gonna post the original article so that you all can read about the other tools that the author talked about.

http://www.securityweek.com/essential-weapons-security-researchers-arsenal-part-1

http://www.securityweek.com/essential-weapons-security-researchers-arsenal-part-2

Advertisements

5 thoughts on “Tools for Better Defense

  1. I believe that if you decompile a program, it comes up in assembly and not the original language, so it may be difficult to read.

    • This is true, however i must assume that a trained security researcher will be able to make sense out of the assembly code so that they can find out what the malware is doing.

  2. Even with a sandbox environment your data is not safe, so what about the idea of using another machine without any important data on it to play with the virus and not be afraid to crash your machine? This way you don’t have to walk on eggshells with the virus you can play baseball and really learn about the capabilities and limitations possessed by stuxnet.

    • Actually I’m fairly sure that your data will be safe since it uses a virtual hard drive. The only thing that the virtual machine and the physical machine share is the computing power. However if I can be proved wrong please show me where it says that the data in your physical machine has a chance of becoming corrupted via the virus you are playing with in the sandbox environment.

      • This is only theoretical: If some vulnerability was found in the specific virtualization software you were using (like VMWare or VirtualBox) that allows a VM to access the host machine in some way, you would be in big trouble. That’s why using a separate box is recommended, even if the chances of being compromised are slim with a VM, it’s still a bigger risk.

Comments are closed.