Security Tools and Assessments

Greetings EE'ers,

This is a bit of an open ended question, but what do you all use or recommend as tools or practices for performing IT security assessments?
James FryEnterprise Solutions ArchitectAsked:
Who is Participating?
Nmap, Nessus (already mentioned), OVAS... Kali Linux contains a lot of great tools as well
Dmitri FarafontovLinux Systems AdminCommented:
Nessus, MetaSploit come to mind.
MBSA is good for routing out issues such as open shares missing patches and general misconfigurations on ms OS and server apps like  Mssql and IIS
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

If you need an alternative to Nessus, there's Nexpose. There's also OpenVAS (which I should've better clarified in my last post, as that's what OVAS meant)
If you're looking for pen test tools, you could look at Metasploit.
Packet capture, Wireshark
Web applications, Burp Suite

There's a lot of aspects you can look at this from....
nociSoftware EngineerCommented:
how about testing humans...? with like rubber-ducky or other "usb-keys"...
there are a few DEFCON youtube presentation aout Social Engineering... and people claiming to be able to
talk themselves into any company....
And a lot more....

Interesting guy:
also did somthing like:
see more:
James FryEnterprise Solutions ArchitectAuthor Commented:
Thanks everyone.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.