Comments on: Open IT Forum: What are your favorite network security tools?

By: melanieyarbrough

melanieyarbrough — Wed, 08 Dec 2010 21:34:08 +0000

Thanks everyone for your responses! I’ll be adding points to each of you, since you gave such in-depth and detailed answers.

Seriously, you guys and gals rock.

Thanks,
Melanie

By: carlosdl

carlosdl — Thu, 02 Dec 2010 23:53:41 +0000

For antivirus we are currently using McAfee. We moved from Symantec a couple years ago because of budget restrictions, but during the first week with McAfee a virus infected one client machine and it propagated to the whole network quickly, to the point of taking our main database server and a couple of other servers down.

Further investigations revealed that the EPO server wasn’t configured properly by the vendor representative when he installed it. Once corrected, we haven’t had other similar incident til now.

For our permiter security we use a Fortigate firewall. It has all the features we need and perform well enough for our requirements. We have many VoIP servers running Asterisk on Linux, and all of them are secured with the built-in iptables firewall.

We decided to start using iptables some years ago when we incidentally noticed thousands of connection attempts (a brute-force attack) to one of our Linux servers that was running an ftp server.

I work in the software development area, but I have always been concerned about our infrastructure security (probably more than the people in charge of security) so I asked for permission to perform vulnerability scans on some of our servers and did it many times during a couple years. One of the first times I did it I ran a heavy scan on a production server that was running a VoIP application and it degraded the server’s performance to the point that it was almost going down, so the scan had to be stopped immediately. And that’s why I always advise to be very careful when performing this kind of scan against production machines.

I have used many vulnerability scanners in the past, but I liked Nessus very much. I think it is not free now, and I don’t use it anymore.

By: rechil

rechil — Thu, 02 Dec 2010 10:05:42 +0000

Security is in our hand ! If I am aware for new threads and new viruses and updated with new security trends then I can easily short out the security related problems and use my weapons as it is necessary.
Here it depends on OS. What kind of OS is used and what kind of applications are installed on the OS ! In the market if u pay u may get a better tool or anti-virus scanner. And remember, no one anti-virus can give u 100% surety about the systems. But I am preferring always free tools or in-built tools that can fulfill my purpose. I am going to discuss two OS which may use maximum people.
For Windows: I prefer MWAV (not escan). it is a very good tool for security threats. It is an emergency based tool and works almost fine. Other is Nmap (Network Mapper) is a free and open source utility for network exploration or security auditing. In-built Firewall system is also okay but u should know to properly configure it.
For Linux: In this system, security related threats are comparably less than windows system. Linux itself has such kind of security that most of the system not necessary to install any scanner. Linus also have very good in-built systems that helps fine. There are two types of firewalls in Linux: 1. Iptables Firewall and 2. Ip chains firewall
If they r well configured then it is possible to reduce huge amounts of threats. Also there are in-built tools are: SSH; LSOF; NETSTAT; NMAP; CALMV, Email Scanner.
Wireshark – full network protocol sniffer/analyzer
DSniff – network tools for auditing and penetration testing
and so on…..
In linux I am using in-built security tools to keep safe my linux server.

Thanks

By: jinteik

jinteik — Thu, 02 Dec 2010 03:48:42 +0000

one of the products that gave me problems is Panda…this is from their IPS and also their antivirus….their antivirus cause many of our servers to crash and their ips needs to be restarted quite often as the login web gui will always have sort of displaying problems.

their technical support is not that strong and not helpful too.

By: technochic

technochic — Wed, 01 Dec 2010 21:26:53 +0000

We recently moved from Symantec AntiVirus to Symantec Endpoint Protection to give us greater control over server and client security. We also swapped Websense for BlueCoat security for browsing control. We like the fact that we can now pinpoint not just what computer accessed what site, but also what user on that computer. The more details, the better!