Securing a network can seem overwhelming. Network security tools assist in securing your monitoring IT environment.

New security threats seemingly appear daily. The progressive nature of these attacks requires dynamic multi-point security solutions. It is critical administrators quickly identify vulnerabilities to protect data security.

We have collected the best security tools to combat network threats. These applications should make for a strong starting point for anyone working in Information Security. Don’t miss the expert contributors!

a padlock representing network security

Network Security Monitoring Tools

Argus

One of the best free and open source tools available for network traffic analysis. Argus stands for Audit Record Generation and Utilization System. The program does just what the acronym says. Efficient, in-depth analysis of network data, sifting through big chunks of traffic with fast, comprehensive reporting. Whether or not it’s the only traffic monitoring tool users need, it provides a solid foundation.

P0f

P0f remains popular in spite of a lack of updates. The program has scarcely changed in over a decade because it was just about perfect on release. Streamlined and efficient, P0f generates no additional traffic. It can be used to identify the operating system of any host with which it interacts. Many tools in this category create probes, name lookups, assorted queries and so on. P0f is light, fast and clean-running. A must-have for advanced users, but not the easiest to learn for the rookies on the team.

Nagios

Nagios monitors hosts, systems, and networks, delivering alerts in real-time. Users can specify exactly what they want to be notified of. The program can monitor network services including HTTP, NNTP, ICMP, POP3, and SMTP among others. To many, Nagios is The name in traffic monitoring. A comprehensive, all-bases-covered approach to network management. One of the most powerful free tools for cybersecurity professionals and small businesses alike.

Splunk

Designed for both real-time analysis and historical data searches. Splunk is a fast and versatile network monitoring tool. One of the more user-friendly programs with a unified interface. Splunk’s strong search function makes application monitoring easy. Splunk is a paid app with free versions available. The free version is limited. This is an excellent tool to put on the list for those who have a budget to work with. Independent contractors tend to be careful about the premium tools they buy. Splunk is well worth the cost. Any information security professional with a strong enough client base should invest in Splunk.

InfoSec professionals honestly need a lot of tools to do their work. If only had to choose one; it would be a properly tuned Data Analytics Aggregator or SIEM; e.g., Splunk

There's too much data to try to parse and correlate between devices and hosts on your own. You need to be collecting decrypted packets and logs and then enriching it with threat intelligence.

At least for our group, our backbone is Splunk-the features that set it apart from most SIEMs is that it handles unstructured data quite well and can scale easy. Most shops only utilize logs, and maybe NetFlow.

With Splunk, we can utilize every use case our engineers can create use cases and content for. Splunk while not a SIEM by itself, can be made to do it and add the predictive analytics out of the box. It also Supports both push and pull models.

Dennis Chow CISO of SCIS Security

Encryption Tools

Tor

Tor gained a lot of press when people started talking about the “dark web” some years back. The dark web turned out not to be as scary as urban legends made it out to be. Tor is just a tool to ensure privacy on the Internet. The system routes requests to proxy web servers for privacy, making users harder to track. Although there are malicious exit nodes used to sniff traffic, this isn’t a significant concern with careful use. Tor’s applications in InfoSec are more plentiful than its applications in cybercrime.

KeePass

Used in identity and account management, KeePass is a necessity for many office settings. A simple password management system. KeePass allows users to access all of their accounts with one password. Combining convenience with security, KeePass lets users set unique passwords for different accounts with an auto-fill function when typing in the master password. Those who have dealt in InfoSec for more than a day know how important this can be. Sometimes a security issue just comes down to bad password management. KeePass helps network security officers manage the human element of the job.

TrueCrypt

TrueCrypt remains popular despite having gone years without updates. Abandoned by its developer in 2014, TrueCrypt is technically outdated, yet still a strong tool. A disk encryption system, TrueCrypt allows for layered content encryption with two tiers of access control. Free, powerful, open software. It’s easy to see why TrueCrypt remains popular despite not having been updated in four years. One of the best open source security programs available.

Kali Linux is a security system designed for digital forensics and penetration testing which now can run on both Linux distributions and Windows operating systems. It is compatible with a wide range of wireless devices. It is valued for more than 600 tools geared towards various information security tasks, such as Penetration Testing, Security Research, Computer Forensics, and Reverse Engineering.

QRadar SIEM, IBM's Security Intelligence Platform that provides real-time visibility of the entire IT infrastructure. The system boasts an extensive set of modules (Log Management, Security Intelligence, Network Activity Monitoring, Risk management, Vulnerability Management, and Network Forensics) that are available through a single web-based console. QRadar is a commercial tool, but you can use its free version with 50 Events per Second (EPS) limit known as Community Edition.

Dmitry Nikolaenya, SIEM department coordinator at ScienceSoft

woman holding a sign that says penetration testing

Web Vulnerability Scanning Tools

Snort

An enterprise-grade open-source IDS is compatible with any OS and hardware. The system performs protocol analysis, content searching/matching, and detection of various network security attacks (buffer overflow, stealth port scanner, CGI attacks, OS fingerprinting attempts to name a few). Snort’s ease of configuration, rules’ flexibility and raw packet analysis make it a powerful intrusion detection and prevention system.

Burp Suite

A powerful tool for network protection. Burp Suite is a real-time network security scanner designed to identify critical weaknesses. Burp Suite will determine how cyber security threats might invade a network, via a simulated attack. The suite is available in three versions: Community, Professional, and Enterprise. Professional and Enterprise are paid application testing tools including the web vulnerability scanner. The Community version is free but severely limited. Community includes only the essential manual tools. Burp Suite is a potent tool for businesses, but perhaps pricey for smaller organizations. Still, a critical application security testing tool.

Nikto

One of the best open source vulnerability scanner management tools. Nikto will scan web servers and networks for matches with a database of over 6400 threats. Although the network protection software itself has not been updated in some time, it is still up to date. This is because the threat database is regularly updated. There are also countless plugins being released and continuously updated. For many security professionals, Nikto is a cornerstone of the vulnerability scanning routine.

Paros Proxy

Java-based web proxy. Paros Proxy includes a number of useful tools for running security tests. These include a web spider, traffic recorder and vulnerability scanner. Excellent for detecting network intrusion openings to some of the most common threats. These include SQL injection and cross-site scripting. Very easy to edit with even rudimentary Java or HTTP/HTTPS knowledge. Anyone who can write a web application can edit Paros Proxy. An excellent network protection software testing tool for identifying a security risk before it becomes a security breach.

Kali Linux comes with a number of tools that hackers like to use for scanning networks for penetration testing and wireless scanning.

It is recommended that security professionals use it as it is a comprehensive toolset that will allow infosec professionals to conduct reconnaissance, scanning, and penetration all on one network security platform, it's also a free tool.

Sanjay Deo, President 24 By 7 Security


I would say every IT and Cybersecurity Networking Professional should be using Kali Linux. Some say this is a hacking only tool. I beg to differ.

Kali Linux (historically called Backtrack) is a freely available collection of tools that offers everyone, (network, applications security, information security) something. There are about 100 or more tools in there, and there is a tool for every capability and intention.

You can download the ISO image, burn it on to a CD or put it in a USB flash drive and boot almost any computer into Kali Linux. The image is also bootable into a VM and works from a MAC.

Amar Singh, Founder,  Cyber Management Alliance Ltc

applications secure from network threats

Network Defense Wireless Tools

Aircrack

A suite of WEP and WPA cracking tools. Aircrack features ideal internet security solutions for mobile devices. Aircrack is vital for cracking algorithms. The suite’s tools include airdecap for WEP/WPA capture file decryption and airplay for packet injection. Several other tools are included as well, creating a robust set of apps for InfoSec use. For many wireless security tasks, Aircrack is an all-in-one solution. The series of tools available within the suite allows for pros to handle an entire job at once. Some tasks may demand more than AirCrack has to offer. Many tasks can be accomplished only with AirCrack tools.

Netstumbler

Free security software for Windows users. A necessary tool for wardriving, finding open access points in a wireless network. The software is Windows only, and no source code is provided. This can make for a hard sell to some. Being able to edit open source code can be critical for security. NetStumbler’s active WAP-seeking approach makes it very popular nonetheless. NetStumbler is known for detecting vulnerabilities that other security scanner tools miss.

KisMAC

Free software for Mac with an attractive It is accessible even for less experienced users. The Mac OS X port of Kismet, with a very different codebase. KisMAC excels at mapping and penetration testing with deauthentication attacks.

Fognigma creates an encrypted security network by linking randomly leased virtual machines from multiple cloud providers, which then work as one network. Hidden inside this network are an organization's fileshare, chat server, video conferencing, and more - all protected by the same two layers of AES encryption as every connection inside a Fognigma network.

First, the software is entirely under the control of the organization using it - so there isn't any reliance on a third-party company for intervention or oversite (which is often where breaches occur).

Another feature is automation.

For example, if an organization uses their network only during business hours, they can schedule their network to only exist during that time (or whenever they want). It will rebuild itself using different virtual machines each time (with different IP addresses), so there's no way for external threats to conduct any long-term reconnaissance as the makeup of the network is different day-to-day. This can also save a ton of money and resources for 24/7 network monitoring.

Users can join the Fognigma network from any device using a variety of methods, including a mobile app. When they exit out of the network to the Internet, all their traffic appears to come from the location of the virtual machine used as an exit point. For example,  the user could be in Ohio, but if the exit point is in Madrid, then the user's IP address, date/time, DNS, and traffic appear to emanate from Madrid.

All these features protect against external threats, but Fognigma can protect from internal threats as well. Fognigma gives network admins granular user controls to make Identity and Access Management oh-so-much easier. For each component (be it a fileshare, exit/entry point, files, etc.), groups are created. Put a user in a group, and the user can access that component. A few mouse clicks and precise access to organization resources is completely under control.

Chris Mindel, Dexter Edward


Rapid fire tools helps us identify weaknesses within the network, potential issues, and be able to detect when and where problems will occur. It is more of a proactive than a reactive tool. But it is effective.

Auvik is an on-demand threat monitoring tool for potential network issues. It shows us traffic, connectivity, and networks that we may or may not have seen before. It allowed us to find in multiple companies hidden wireless routers, switches and more at even the client didn't know about.

We also use an image-based virtual addition of OpenVAS to penetrate test a network for when we get to a new client. It's open source, free, and easy to use. We drop off the computer at a location, let it cook for a week and then produce a report so we can then go back to the client and show them what we have found. Some are surprised, others are terrified.

Trave Harmon, Chief Executive Officer, Triton Computer Corporation

Packet Sniffers

Cain and Abel

Anyone working in network security will know that UNIX tends to lead the way in free security apps. Windows and Mac users get the ports late, if ever. However, Cain and Abel is a Windows-only password recovery tool that leads the pack. Capable of recording VoIP conversations; it can decode scrambled passwords and analyze routing protocols. It uncovers cached passwords, reveals password boxes, cracks encryption with brute force attacks and cryptanalysis and on and on. Essentially a must-have starting point for packet sniffing routines.

Tcpdump

A Mac, Windows and Linux app predating market leader Wireshark. Although Tcpdump is not the newest packet sniffer available,  it set the standard in the field. Tcpdump remains a favorite network sniffer with ongoing active development and clean approach. The tool uses fewer system resources than competing options and opens little security risk.

Wireshark

Someone who has an old laptop laying around might have a copy of “Ethereal.” Ethereal was the name that Wireshark debuted under. Modeled mainly after Tcpdump, the console-based tool is an excellent protocol analyzer. Wireshark offers real-time network analysis. It allows users to view reconstructed TCP session streams. Many prefer Tcpdump for security and system-resource reasons, but Wireshark remains the most popular packet sniffer. The software receives regular updates to outfit its strong packet sniffing capabilities. Wireshark is an essential tool, even if it’s not every security pro’s first choice.

Musubu, R2i's network intelligence service is my preferred tool. It includes open source threat detection engines such as Suricata or AlienVault. Musubu provides an enhanced set data points. The user experience provides an actual sense of the overall security posture of the network.

It focuses on the network of origin in context, as well as what threat is posed by the subnet, and the broader environment of origin. Musubu complements the open source threat detection engines by providing greater detailed business intelligence including a unique threat score, threat classification, detailed location information, and reduction of false positives.

Bradford Lee, Director of Operations, Release 2 Innovation

In Closing, Information Security Tools

The world of Security can be complicated. The importance of a secure network security system can’t be emphasized enough.

Although these tools will not cover every possible scenario, they provide a strong foundation.

The more tools an InfoSec professional has to work with, the better they will be able to address the task at hand. Having access to a wide range of computer network security software is only the start. Knowing how to put them to use, is the essence of network protection.