Back to Blog Home

To effectively protect network infrastructure, IT security technicians need to leverage both offensive and defensive tools

Any IT Security technician will benefit from knowing all the tools available, when it comes to fighting, preventing, or recovering from cyberattacks.

We have discussed a few of those tools in a previous entry–the benefits of studying an attacker’s mindset, as well as networking with other IT professionals, and attending IT Security conferences on a regular basis.

Now we would like to discuss what we call “offensive” tools and “defensive” tools.

As you can imagine, “offense” refers to the tools hackers would use to break into a system, and “defense” refers to the tools used to protect the system from such attacks.

Exploring offensive tools

Learning the tools that hackers use to break into systems is essential for any IT Security technician. Not only does this knowledge help you learn what an attacker can and cannot do, but you will better be able to guard against threats and have the proper defenses in place to combat any potential improvements of the tools they are using.

Penetration testing is a method by which IT Security professionals test their systems to see if there are any holes that can be infiltrated by an attacker.

Offensive tools consist of software packages such as Kali Linux, which performs penetration testing, and SamuraiWTF, built around web application testing. WTF stands for web testing framework, just in case you were wondering.

It would be well advised that IT Security technicians go through exercises called, “capture the flag” or CTF exercises, in which techs can attempt “goal-based attacks” in a safe environment. Capture the flag exercises are quite popular as a learning tool, and techs can also test their skills by participating in CTF competitions at security conferences.

Exploring defensive tools

Defensive tools used to protect networks, available to the average computer user, should be studied as well. These tools can be purchased, though there are free versions available as well.

Immunet is an endpoint security product designed for Windows operating systems. Modifying the configuration of its built-in antivirus product, Defender, is excellent practice.

Immunet also gathers “threat intelligence” from infections that have been caught by other clients of Immunet.

OpenDNS is a DNS/web security product that works well on home networks to filter malicious and adult traffic.

Nessus is a scanner that seeks out vulnerabilities in home networks. Up to 16 hosts can use it for free.

Splunk is a log management platform. It offers an add-on module (a “Splunk app”) called Security Essentials that enables users to learn how to build and run it for security monitoring, as well as for responding to incidents.

Understanding common IT applications

IT Security techs should study more than just the tools used in security. They need a thorough understanding of all aspects of IT, including common applications.

For example:

Active Directory and Group Policy. These applications are used in a Windows environment. Although they control essential tasks such as system configuration, authentication, role-based access, and service interoperability, some security techs have little understanding of how they work.

Powershell has been called Microsoft’s post-exploitation language. Security experts regard Powershell as a tool that is used to attack a target system with impunity. However, IT operations technicians use it as a powerful scripting platform to automate many functions. Gaining fluency in the language arms IT technicians with a powerful defense tool.

If you use Linux, the shell you use is probably bash. It’s important to learn common GNU command line tools such as grep, sed, and awk. We recommend the resource Command Line Kung-Fu.

Anyone who wishes to move into an IT security career would do well to study all of the topics listed above. The more you know, the more invaluable an asset you can be in protecting your organization.