Security Toolkits / Handbooks

Hi there,

Does anyone of some examples of Security Toolkits / Handbooks for small to medium businesses? I am looking for toolkits that focus on strength and depth. It is for some benchmarking of the various ones that are available on the market.

Any help is more than welcome.

Hey, im glad to see this post up, well there is a linux based LIVE CD called whax that has benchmarking tools and pennitration testing tools on it. This cd is very powerfull. everything from wirehacks to exploits , port scanners, it carrys the large frameworks and such. I use it at the company i work at now and it is a small med. company AND THE BEST PART ABOUT Whax is that it is FREE!!!! this is good for network security proffs. and such but we in the network security field are tired of script kiddies abusing it, if you are are a script kiddie which u dont sound like it then please dont use any software till you learn what is actually hapening and learn how to write your own exploits and learn what a payload is.

i know this is kind of a long answer for WHAX but i have to stress that script kiddies arent welcome because u still must know how to use the exploits so happy hunting and good luck !

I just wanted to mention that Whax has merged with Auditor (for a while now), and its called Backtrack now, its downloadable at remote-exploit.org in case you're wondering.

But what kind of toolkit/handbook are you looking for? There are many different ones out there, most geared at some specific niche....

yes back track is in beta. its great i actually have it on a dual boot now, but anyway since it is beta there are some drivers that they are working on, so i would recomend sticking with wax or auditor till its out of beta unless you know what your doing ... and please again NO SCRIPT KIDDIES ALOUD!

Cheers for that guys !!



I am doing a project on security and i want to basically enable a company (small to medium, not much resources) to carry out a security and information audit and setup a security policy for heir needs. I want to be able to provide a handbook that will allow them to do that, and clear up any problems they may have while doing it.

I'm going review the toolkits / handbooks available and basically have a look at what is good and bad (bad, areas not covered enough) ..... in a nutshell, i suppose i want people to know that sticking in a firewall and anti-virus software is not enough (small business) and there are other measures to take.

Strength and Depth

Now i know this is extensive, but i want to look at as many toolkits as possible, i want to give them as much info as possible ... where something is covered very well, then i'll direct them there,.

Anyway .... thats the bones of what i am at.

well, for one implement physical security, such as " is there server room locked" and they should only have VERY FEW people only the Network admins in the server room, is there a LAB for testing, Only give access to people who need it ,, lock every one else out, theres guides online, and such about all theise general rules, As for Auditing ,,,, it matters what you wnat to audit and how much u want to spend,
some great aim auditing program/solution's are facetime, akonix but agian these cost $$$ , as for auditing exchange , emails and such there are programas out there ,, i cnat think of any of the top of my head, but we use one where i work, Another policy as for physical that i put in our security policy is employees are not aloud to touch the firewall settings on there computers, every onece in a while some guy will disable it, you also want to make sure that you add in Tape Back up systems, what if a hacker was to pennitrate your system and you lost everything, you NEED to back it up , via tape back up system or a remote back up offsite place , and also making your users use at least 8 character passwords with at least 1 cappital 1 lower case and a character and number. As much as it kills people to try and remember them it needs to be done, and your network admins could get blammed for a users ignorance of putting there dogs name as there password. if you have OutLook web access, implement https,

also lock computer for 15 min , after 4 or so false attempts of password logins, auto lock after 5 min of not using your pc.

you get the picture well i wish i could give u more but i actually have to run so sorry i couldnt go more in depth, i will maby later on
Hope this helps a little,

-- drRAVALOT

real quick before i go ,,, if a employee is going to get laid off, suggestr that the network admin knows about it right before the employee is told there getting laid off, this allows the network admin to lock the user out of there computer so they cant create any back doors or steal data and such, and make sure the employee is escorted by some one out the building ,,, that part is almost 100 percent commen now a days.