In Depth

The Cheapskate's Infosecurity Toolbox

Where to find free-to-download tools for information security

By Ken Pfeil

Apache SpamAssassin: Fight Spam at the Gateway Not really a secret to most people. With the right configuration this is difficult to beat no matter how much you spend on an antispam solution. spamassassin.apache.org/index.html

OpenSSH for Windows: Secure Shell for Windows Because FTP is so passe' (and insecure), use OpenSSH on the server side coupled with "PuTTY" and WinSCP on the client side for a cheap way to secure your file transfers. sshwindows.sourceforge.net , www.chiark.greenend.org.uk/sgtatham/putty and winscp.net

Cheops-ng: "The Network Swiss Army Knife" A tool for mapping and monitoring your network. This is an excellent free way to track down most of the systems on your network. cheops-ng.sourceforge.net/download.php

ACID (Analysis Console for Intrusion Databases): An analysis engine to search and process security events generated by various intrusion detection systems, firewalls and network monitoring tools. acidlab.sourceforge.net

Want more? Here are a bunch of other tools the cheapskate CSO should investigate:

strong>

• Nessus
• Nmap
• Paros
• Netcat
• Metasploit
• MBSA (Microsoft Baseline Security Analyzer)
• WSUS (Windows Server Update Services
• Ecora Auditor 4.x
• SpyBot Search and Destroy
• Ad-Aware SE
• HijackThis
• Windows XP Built-in Firewall
• RootKitRevealer
• Tor

Ken Pfeil, an information security industry veteran, founded in 1998 The NT Toolbox, a repository of free and unique tools for Windows NT users, which was acquired by GFI Software in 2002.