Exploring offensive tools
Learning the tools that hackers use to break into systems is essential for any IT Security technician. Not only does this knowledge help you learn what an attacker can and cannot do, but you will better be able to guard against threats and have the proper defenses in place to combat any potential improvements of the tools they are using.
Penetration testing is a method by which IT Security professionals test their systems to see if there are any holes that can be infiltrated by an attacker.
Offensive tools consist of software packages such as Kali Linux, which performs penetration testing, and SamuraiWTF, built around web application testing. WTF stands for web testing framework, just in case you were wondering.
It would be well advised that IT Security technicians go through exercises called, “capture the flag” or CTF exercises, in which techs can attempt “goal-based attacks” in a safe environment. Capture the flag exercises are quite popular as a learning tool, and techs can also test their skills by participating in CTF competitions at security conferences.
Exploring defensive tools
Defensive tools used to protect networks, available to the average computer user, should be studied as well. These tools can be purchased, though there are free versions available as well.
Immunet is an endpoint security product designed for Windows operating systems. Modifying the configuration of its built-in antivirus product, Defender, is excellent practice.
Immunet also gathers “threat intelligence” from infections that have been caught by other clients of Immunet.
OpenDNS is a DNS/web security product that works well on home networks to filter malicious and adult traffic.
Nessus is a scanner that seeks out vulnerabilities in home networks. Up to 16 hosts can use it for free.
Splunk is a log management platform. It offers an add-on module (a “Splunk app”) called Security Essentials that enables users to learn how to build and run it for security monitoring, as well as for responding to incidents.
Understanding common IT applications
IT Security techs should study more than just the tools used in security. They need a thorough understanding of all aspects of IT, including common applications.
Active Directory and Group Policy. These applications are used in a Windows environment. Although they control essential tasks such as system configuration, authentication, role-based access, and service interoperability, some security techs have little understanding of how they work.
Powershell has been called Microsoft’s post-exploitation language. Security experts regard Powershell as a tool that is used to attack a target system with impunity. However, IT operations technicians use it as a powerful scripting platform to automate many functions. Gaining fluency in the language arms IT technicians with a powerful defense tool.
If you use Linux, the shell you use is probably bash. It’s important to learn common GNU command line tools such as grep, sed, and awk. We recommend the resource Command Line Kung-Fu.