Security tools abound on the Internet, and most are genuinely useful. But in a comparison of the two most common client platforms available, which provides the best support for security-related utilities?
Personally, I spend a lot of time working in Windows. I make a living writing about Windows administration and security, but I also find it the easiest operating system to use to meet my needs at this time. When I write about Windows security, I focus mainly on how to use tools built into Windows to harden and secure those machines.
However, I also run a Web-hosting business that is based entirely on Linux. The machines providing the service, the billing system, the support system ... everything works on the Linux operating system and associated technologies. Even though I run Windows XP and Windows Server 2003 on the machines in my office, I keep an SSH terminal window open to my Linux boxes at all times.
Perhaps the most significant responsibility of running a Web-hosting business is to keep those boxes secure. Linux was built with the adept administrator in mind, so it's no surprise that the amount of great security tools on Linux is large and growing.
Here's a sampling of wonderful Linux security tools:
- NetCat: Known affectionately as the "swiss army knife" of security tools, this flexible program can establish connections, listen remotely, create damaged, large, or other abnormal packets, masquerade as different applications and so much more.
- Nmap: This is the venerable port-scanning application that will knock on all the doors and windows of a machine, and report what answers back.
- Perl: Most Linux distributions include Perl by default. Perl is a marvelous scripting language that allows you to create custom-security configurations, scanning routines, honeypot setups and more.
It's a bit more difficult to find compelling security software on the Windows platform. That's not to say that there isn't any; that's just my personal opinion.
That said, here's a sampling of useful Windows security tools:
- EventcombMT: This tool offers a great way to scan the event logs of all of your Windows machines and search for specific event numbers to identify suspicious activity.
- PuList: A program like Top on Unix, this utility shows running processes and the users that initiated them. Sometimes the Windows Task Manager can't be coaxed into showing you everything, and this is a great way to remotely monitor processes on a machine.
Of course, most of the Linux tools I mention above can work on Windows if you're willing to do some fiddling. By installing Services for Unix or ActiveState's Perl interpreter, you can run Perl scripts, and you can find a version of NetCat and NMap that will run on Windows. However, for the sheer simplicity of running security audits and scans, I'd rather have a Linux box next to my Windows machine. It's easy to get Linux security tools up and running; updates are released faster for their native platforms; and Linux in itself is more extensible and flexible for this type of work.
In fact, even after installing ISA Server 2004 to serve my office network, I've run scans and penetration tests from my penguin-based boxes.
About the author
Jonathan Hassell is author of Hardening Windows, published by Apress. He is a systems administrator and IT consultant residing in Raleigh, NC, with extensive experience in networking technologies and Internet connectivity. He currently runs his own Web-hosting business, Enable Hosting, based out of both Raleigh and Charlotte, NC. Jonathan's previous published work includes RADIUS, published by O'Reilly and Associates, which serves as a detailed guide to the RADIUS authentication protocol and offers suggestions for implementing RADIUS and overall network security. You can e-mail Jonathan at [email protected].
If you're looking for information about XP Service Pack 2, Jonathan also offers an audio CD. Click for details..