A+ update
The Computing Technology Industry Association (CompTIA) is overhauling its A+ certification to reflect the need for security and soft skills. "IT workers who understand how to use technology to meet business goals, and who can articulate this understanding, are golden in the eyes of employers," says Neill Hopkins, vice president of skills development for CompTIA A+ Training.
CompTIA MCITP Certification updated A+ certification will feature two exams - one covers core competencies on technology, and the other focuses on how to apply the skills in specific job environments. For more information on when the current exam will be phased out as well as launch of the new exams, go here.
I won't keep you in suspense. I'll go ahead and name them right here, at the top of my post -- the six free security tools that all IT folks should know about and use. (But, you'll have to click through this nifty mult-page post to let me explain my choices.) And the winners are ... MetaSploit, Splunk, Google (don't laugh -- it's true!), KeePass, Helix and Netwox. Now read on to learn why ...
MetaSploitFree
It has a strange name, but MetaSploit is a very cool development platform that assists information security professionals in creating tools and exploits. Using the framework (its built-in tools), you can conduct penetration tests, verify patch installations and even perform regression testing. Written using Ruby, the current 3.1 version comes with over 450 modules, including 265 remote exploits that can be targeted against various releases of Windows, Linux, BSD, Unix, and the Mac OS. If that isn't enough built-in functionality for your tastes, you can also use MetaSploit to create your own modules or scour around for ones that have already been created.
Overall this is a great tool and in the hands of system administrations it can be put to good use testing your organization’s defenses. However, there are always two-sides to a shiny coin. MetaSploit is also an effective tool for conducting attacks.
Click to enlarge.
MetSploit
For more information see: www.metasploit.com
SplunkFree
I first talked about Splunk when I wrote about the 2008 RSA Conference. Yes, the Security Incident and Event Manager (SIEM) space is crowded. But Splunk is not a SIEM per se. Its approach is slightly different in that it is, like Google, primarily a search engine. As such its developers have focused much of their effort on making Splunk into a good information aggregator for IT-related information and events. So Splunk is different from other SIEMs in that it is able to provide a very good platform for correlation and analysis. From the get go, by some hidden method, Splunk takes in data and provides order where there was once chaos. In my opinion, being able to dynamically figure out different logging structures (provided you can feed Splunk data via a known basis – text primarily) is a very powerful feature which makes this tool a must-have.
Note: Splunk is not open source but you can download it for free under its developer's freeware license.
PasswordSafe - a simpler Open Source alternative to KeePass
By pwsafe-user (not verified) on Thu, 05/22/2008 - 9:06am.
PasswordSafe is another open source password management utility. It's originally from security expert Bruce Schneier's firm, but has since been made open source and actively maintained and improved upon. It's emphasis is on simplicity as well as rock-solid security, and worth a look for those who consider KeePass too daunting.
Password sharing between co-workers
By Joe Schmoe (not verified) on Thu, 05/22/2008 - 6:52pm.
How about a program to securely share passwords between co-workers? I can't tell you how many people use E-mail to communicate/share passwords to just about every system under the sun.
Ideally, the secure password share software should allow a corporation's security officer to see who's sharing what passwords with whom.
Anybody know of a tool like this, free or otherwise?
Thanks,
Joe
Password protecting/sharing
By StaticFlux (not verified) on Tue, 05/27/2008 - 10:59am.
We use: Network Password Manager
check it out at: www.sowsoft.com
Regards,
-Static-
Password Manager Pro
By asdfasdf (not verified) on Fri, 05/30/2008 - 10:31am.
We use Password Manager Pro. http://manageengine.adventnet.com/products/passwordmanagerpro/index.html
It ties into Active Directory and does a good job. It keeps an audit log of password access and allows us to share passwords out to groups of people quickly.
Looks good, but very
By Alexei (not verified) on Sun, 08/17/2008 - 3:14am.
Looks good, but very expensive :(
Password sharing
By Fabio (not verified) on Sun, 06/08/2008 - 2:54pm.
We use Secret Server.
Have a look at
http://www.thycotic.com/products_secretserver_overview.html
Fabio
re: PasswordSafe - a simpler Open Source alternative to KeePass
By CubsFan (not verified) on Wed, 05/28/2008 - 8:56pm.
One thing about KeePass that PasswordSafe can't do is run on Windows Mobile. Along with KeePass, my team keeps disaster recovery and business continuity docs on our phones. Should a disaster strike, each of us has everything needed to get the DR site up and running.
For Mac the best app is Info.xhead...
By Nazzdeq (not verified) on Fri, 05/30/2008 - 9:31pm.
Try info.xhead for Mac....
By Nazzdeq (not verified) on Fri, 05/30/2008 - 10:32pm.
Info.xhead It is not open source, but it is one of the best password/personal data storage for Macs.
Yes passwordsafe is easier i guess
By Security Procedure (not verified) on Sat, 05/31/2008 - 5:33pm.
Yes, i used passwordsafe for maintain my password, easy to used and strong security protection. Highly recommended
CompTIA A+ certification validates the latest skills needed by today's computer support professionals. It is an international, vendor-neutral certification recognized by major hardware and software vendors, distributors
No comments:
Post a Comment