Determining What Tools to Use
Now that you’ve seen a few of the tools that can be used, it’s time to start thinking about which ones you’re going to use. A large part of this will be determined by what type of assessment you’ll be performing. You will probably find that system-level scanners will be one of the most useful tools to use regularly. You’ll also want to consider the disruption factor. For example, the analyst must determine what processes, both human and computer, must be put on hold during a VA scan. Certain scanning tools run intrusive scans that can disrupt network or computer systems as part of their operation. Many tools, however, can be automated. They can scan machines and networks and report their progress or generate a report when done, or both. With these tools, it is possible to perform scans in off hours, reducing or eliminating downtime. What degree of disruption, if any, the user can tolerate, is a big factor to be considered.
What’s the Best Platform to Install Your Tools On
Not all the tools you’ll collect will run on Linux and Windows. This raises the issue as to what the perfect test platform is. Setting up a laptop to use for assessment activities is a really good idea. It’s portable and gives you the capability to take it where you need it. No matter if you’re running a port scanner or wardriving for rouge access points, you’ll be ready for action. There are several ways you can go about setting up the laptop to get maximum mileage.
Set the machine up as dual boot. Load Windows and your favorite flavor of Linux on the machine; you can switch between OSs as needed.
Use a virtual machine. VMWare and VirtualPC both offer you the capability to run both OSs at the same time. This is the preferred method of choice because you can quickly move between each OS.
Additional Items for the Toolkit
After reviewing this chapter, you should have some idea of what’s needed to put together your own toolkit; however, there will be a few other items you’ll want to add to round out your toolkit. Items such as Excel spreadsheets, documentation forms, and so on will also help you not only collect, verify, and validate your findings, but also ease the burden of implementing change. Having implemented some type of patch management system will also help. Clearly, if you’re conducting a vulnerability assessment, the capability to capture, organize, review, and assess data and information in a tabular, checklist manner is critical. This allows you to examine your data and information and make recommendations based on your IT security goals and objectives.