Hackers Tools Fight Hacks

Sph3r3 chief says use open source.

A well-known security consultant last week urged cash-strapped businesses to consider using freely available open-source security tools and applications to help cope with the rising number of malicious hacker attacks.

In what was a recurring theme last week at the InfoSec World Conference & Expo here, Matt Luallen, president and principal consultant at Chicago-based Sph3r3 LLC, said enterprises must embrace the same hacking tools used by the bad guys to find potential faults and vulnerabilities within critical information infrastructures.

"You can use open-source applications alongside commercial applications [to cut down on costs]," Luallen said during a presentation with dozens of tool sets for such things as fault identification, spam detection and incident response. "There are some open-source utilities that blow away commercial products, and you should take advantage of them."

During his presentation, Luallen touched on the concept of Google hacking, wherein attackers use cunning search queries to uncover security flaws in a business network.

Searching for certain keywords or document extensions can put sensitive corporate data in the hands of the wrong person, and Luallen said businesses should start using the same techniques to pinpoint problem areas.

Luallen recommended SiteDigger 2.0, a free Windows utility from McAfee Inc.s Foundstone Inc. unit that automates Google security queries to the Google Web service API. SiteDigger can be used to search Googles cache to look for vulnerabilities, errors, configuration issues, proprietary information and interesting security nuggets on Web sites.

Luallen also recommended the use of NetFlow, a traffic profile monitoring technology that has been adopted by companies such as Cisco Systems Inc., Foundry Networks Inc. and Juniper Networks Inc. NetFlow describes the method for a router to export statistics about the connections it has routed.

Open-source implementations of the technology can be used to isolate traffic to a single malicious IP address and produce traffic results to a compromised host.

NetFlow results can also be inverted to see a list of hosts contacted by an attacker.

Ryan Naraine is a senior writer at eWEEK.com.