Kochar & Associates (CA), Mumbai

Details of the Information Security Audit Tools

Freeware Tools

1. Nmap - Network scanner that can check for vulnerabilities. Also has command-line interface.
2. Microsoft Baseline Security Analyzer (MBSA) - Detects common security misconfigurations and missing security updates on computer systems running on Windows Operating System
3. Brutus AES - Password cracking tools for web application login screens
4. Port Peeker - Check all open ports for vulnerability
5. Tcpdump - Monitors all network traffic passing on the local sensor segment, reacting to anomaly or signature based activity
6. HPing - A command-line oriented TCP/IP packet assembler/analyzer

Commercial Tools

1. Tenable Nessus - A vulnerability scanner featuring high-speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis
2. GFI LANguard - Network security scanning tool with the following capabilities :
   • Check for and deploy missing security patches and service packs in OS
   • TCP & UDP port scanning & identification
   • Detect new security holes with scheduled scan results comparisons
   • Checks anti-virus and anti-spyware to ensure latest definitions are installed
   • Wireless node/link detection and USB device scanning

Proprietary Tools