Best FREE Network Vulnerability Scanners: Top 6 Tools That Don’t Cost Money

You wouldn’t want your network to become the target of malicious users trying to steal your data or cause damage to your organization. But how can you ascertain that there are as little ways as possible for them to enter? By making sure each and every vulnerability on your network is known, addressed, and fixed or that some measure is in place to mitigate it. And the first step in accomplishing that is to scan your network for those vulnerabilities. This is the job of a specific type of software tool and today, we’re glad to bring you our top 6 best free network vulnerability scanners.

We’ll be starting today’s discussion by talking about network vulnerability–or perhaps vulnerabilities–trying to explain what they are. We’ll next discuss vulnerability scanners in general. We’ll see who needs them and why. Since a vulnerability scanner only works as part of a vulnerability management process, this is what we’ll discuss next. Then, we’ll study how vulnerability scanners typically work. They are all different but at their core, there are usually more similarities than differences. And before we reveal what the best free vulnerability scanners are, we’ll tell you what to look for in them.

Vulnerability 101

Computer systems and networks are more complex than ever. It’s not uncommon for a typical server to be running hundreds of processes. Each of these processes is a program, some of them are big programs containing thousands of lines of code. And within this code, there could be all sorts of unexpected things. A programmer may, at one point, have added some backdoor feature to facilitate debugging and this feature might have mistakenly made it to the final version. There could be some errors in input validation that will cause an unexpected–and undesirable–results under some specific circumstance.

Each of these is a hole and there are numerous people out there who have nothing better to do than to find these holes and use them to attack your systems. Vulnerabilities are what we call these holes. And if left unattended, they can be used by malicious users to gain access to your systems and data–or even worse, your client’s data–or to otherwise cause some damage such as rendering your systems unusable.

Vulnerabilities can be everywhere on your network. They are often found on software running on your servers or their operating systems but they are also common in networking equipment such as switches, routers and even security appliances such as firewalls.

Network Vulnerability Scanners — What They Are And How They Work

Vulnerability scanners or vulnerability assessment tools as they are often called are software tools whose sole purpose is to identify vulnerabilities in your systems, devices, equipment, and software. We call them scanners because they will usually scan your equipment to look for specific vulnerabilities.

But how do they find these vulnerabilities? After all, they are usually not there in plain sight or the developer would have addressed them. Somewhat like virus protection software which use virus definitions databases to recognize computer viruses most vulnerability scanners rely on vulnerability databases and scan systems for specific vulnerabilities. These vulnerability databases can either be sourced from well-known security testing labs which are dedicated to finding vulnerabilities in software and hardware or they can be proprietary databases. The level of detection you get is as good as the vulnerability database that your tool uses.

Network Vulnerability Scanners — Who Needs Them?

The quick and easy answer to this question is simple: You do! No really, everyone needs them. Just like no one in his right mind would think of running a computer without some virus protection, no network administrator should be without at least some vulnerability detection scheme.

Of course, this is possibly something that could be theoretically done manually but practically, this is an impossible job. It would require a tremendous amount of time and human resources. Some organizations are dedicated to finding vulnerabilities and they often employ hundreds of people if not thousands.

The fact is that if you are managing a number of computer systems or devices, you probably need a vulnerability scanner. Complying with regulatory standards such as SOX or PCI-DSS will often mandate that you do. And even if they don’t require it, compliance will be easier to demonstrate if you can show that you are scanning your network for vulnerabilities.

A Word About Vulnerability Management

It’s one thing to detect vulnerabilities using some sort of software tool but it is kind of useless unless it is part of a holistic vulnerability management process. Just like Intrusion Detection systems are not Intrusion Prevention Systems Network vulnerability scanners–or at least the vast majority of them–will only detect vulnerabilities and point them to you.

It is up to you to have some process in place to react to these detected vulnerabilities. The first thing that should be done is to assess them. The idea here is to make sure detected vulnerabilities are real. Makers of vulnerability scanners often prefer to err on the side of caution and many of their tools will report a certain number of false positives.

The next step in the vulnerability management process is to decide how you want to address–and fix–real vulnerabilities. If they were found in a piece of software your organization barely uses–or doesn’t use at all–your best course of action might be to remove and replace it with another software offering similar functionality. In many instances, fixing vulnerabilities is as easy as applying some patch from the software publisher or upgrading to the latest version. At times, they can also be fixed by modifying some configuration setting(s).

What To Look For In Network Vulnerability Scanners

Let’s have a look at some of the most important things to consider when evaluating network vulnerability scanners. First and foremost is the range of devices the tool can scan. This has to match your environment as closely as possible. If, for example, your environment has many Linux servers, you should pick a tool that will scan these. Your scanner should also be as accurate as possible in your environment so as to not drown you in useless notifications and false positives.

Another important factor to consider it the tool’s vulnerability database. Is it updated regularly? Is it stored locally or in the cloud? Do you have to pay additional fees to get the vulnerability database updated? These are all things you’ll want to know before you pick your tool.

Not all scanners are created equal, some will use a more intrusive scanning method than others and will potentially affect system performance. This is not a bad thing as the most intrusive are often the best scanners but if they affect system performance, you’ll want to know about is and schedule the scans accordingly. And talking about scheduling, this is another important aspect of network vulnerability scanners. Does the tool you’re considering even have scheduled scans? Some tools need to be launched manually.

The last important aspect of network vulnerability scanners is their alerting and reporting. What happens when they detect a vulnerability? Is the notification clear and easy to understand? Does the tool provide some insight on how to fix found vulnerabilities? Some tools even have automated remediation of some vulnerabilities. Other integrate with patch management software. As for reporting, this is often a matter of personal preference but you have to ensure that the information you expect to find in the reports is actually there. Some tools only have predefined reports, some will let you modify them, and some will let you create new ones from scratch.

Our Top 6 The Best Network Vulnerability Scanners

Now that we know what to look for in vulnerability scanners, let’s have a look at some of the best or most interesting packages we could find. All but one of them are free and the paid one has a free trial available.

1. SolarWinds Network Configuration Manager (FREE TRIAL)

Our first entry in an interesting piece of software from SolarWinds called the Network Configuration Manager. However, this is neither a free tool nor is it a network vulnerability scanner. So you may be wondering what it is doing in this list. There is one primary reason for its inclusion: the tool addresses a specific type of vulnerability that not many other tools do and that it the misconfiguration of networking equipment.

SolarWinds Network Configuration Manager - Summary Dashboard

FREE TRIAL: SolarWinds Network Configuration Manager

This tool’s primary purpose as a vulnerability scanner is validating network equipment for configurations errors and omissions. It will also periodically check device configurations for changes. This can be useful as some attacks are started by modifying some device configuration in a way that can facilitate access to other systems. The Network Configuration Manager can also help you with network compliance with its automated network configuration tools that can deploy standardized configs, detect out-of-process changes, audit configurations, and even correct violations.

The software integrates with the National Vulnerability Database and has access to the most current CVE’s to identify vulnerabilities in your Cisco devices. It will work with any Cisco device running ASA, IOS, or Nexus OS. In fact, two useful tools, Network Insights for ASA and Network Insights for Nexus are built right into the product.

Pricing for the SolarWinds Network Configuration Manager starts at $2 895 and varies according to the number of nodes. If you’d like to give this tool a try, a free 30-day trial version can be downloaded from SolarWinds.

2. Microsoft Baseline Security Analyzer (MBSA)

Our second entry is an older tool from Microsoft called the Baseline Security Analyser, or MBSA. This tool is a less-than-ideal option for larger organizations but it could be OK for small businesses with only a few servers. Given its Microsoft origin, don’t expect this tool to look at anything but Microsoft products, though. It will scan the base Windows operating system as well as some services such as the Windows Firewall, SQL server, IIS and Microsoft Office applications.

The tool doesn’t scan for specific vulnerabilities like true vulnerability scanners do but it will look for missing patches, service packs and security updates as well as scan systems for administrative issue. The MBSA’s reporting engine will let you get a list of missing updates and misconfigurations

MBSA Report Detail Screenshot

MBSA is an old tool from Microsoft. So old that it is not totally compatible with Windows 10. Version 2.3 will work with the latest version of Windows but will require some tweaking to clean up false positives and to fix checks that can’t be completed. For example, MBSA will falsely report that Windows Update is not enabled on the latest Windows version. Another drawback is that MBSA won’t detect non-Microsoft vulnerabilities or complex vulnerabilities. Still, this tool is simple to use and does its job well and it could be the perfect tool for a smaller organization with only Windows computers.

3. Open Vulnerability Assessment System (OpenVAS)

The Open Vulnerability Assessment System, or OpenVAS, is a framework of many services and tools which combine to offer a comprehensive and powerful vulnerability scanning and management system. The framework behind OpenVAS is part of Greenbone Networks’ vulnerability management solution from which developments have been contributed to the community for about ten years. The system is entirely free and most of its component are open-source although some are proprietary. The OpenVAS scanner comes with over fifty thousand Network Vulnerability Tests which are updated on a regular basis.

OpenVAS 7 Software Architecture

OpenVAS has two main components, the OpenVAS scanner, which is responsible for the actual scanning of target computers and the OpenVAS manager, which controls the scanner, consolidates results, and stores them in a central SQL database along with the system’s configuration. Other components include browser-based and command-line user interfaces. An additional component of the system is the Network Vulnerability Tests database. This database is updated from either the fee Greenborne Community Feed or the Greenborne Security Feed. The latter is a paid subscription server while the community feed is free.

4. Retina Network Community

Thre Retina Network Community is the free version of the Retina Network Security Scanner from AboveTrust, one of the best-known vulnerability scanner. It is a comprehensive vulnerability scanner with many features. The tool can perform a free vulnerability assessment of missing patches, zero-day vulnerabilities, and non-secure configurations. User profiles aligned with job functions simplify the operation of the system. Its metro styled intuitive user interface allows for a streamlined operation of the system.

Retina Network Community Screenshot

Retina Network Community uses the Retina scanner’s database, an extensive database of network vulnerabilities, configuration issues, and missing patches. It is automatically updated and covers a wide range of operating systems, devices, applications, and virtual environments. Talking about virtual environments, the product fully supports VMware environments and includes online and offline virtual image scanning, virtual application scanning, and integration with vCenter.

The main limitation of the Retina Network Community is that it’s limited to scanning 256 IP addresses. While this is not much, it will be more than enough for several smaller organizations. If your environment is bigger than that, you can opt for the Retina Network Security Scanner, available in Standard and Unlimited editions. Both editions have an extended feature set compared to the Retina Network Community scanner.

5. Nexpose Community Edition

Nexpose from Rapid7 is another well-known vulnerability scanner although perhaps less than Retina. The Nexpose Community Edition is a limited version of Rapid7’s comprehensive vulnerability scanner. The limitations are important. First and foremost, you can only use the product to scan a maximum of 32 IP addresses. This makes it a good option only for the smallest of networks. Furthermore, the product can only be used for one year. Besides these limitations, this is an excellent product.

Nexppose Community Edition Screenshot

Nexpose can run on physical machines running either Windows or Linux. It is also available as a VM appliance. The product’s extensive scanning capabilities will handle networks, operating systems, web applications, databases, and virtual environments. Nexpose uses what it calls Adaptive Security which can automatically detect and assess new devices and new vulnerabilities the moment they access your network. This combines with dynamic connections to VMware and AWS and integration with the Sonar research project to provide true live monitoring. Nexpose provides integrated policy scanning to assist in complying to popular standards like CIS and NIST. The tool’s Intuitive remediation reports give step-by-step instructions on remediation actions to quickly improve compliance.

6. SecureCheq

Our last entry is a product from Tripwire, another household name in IT security. Its SecureCheq software is advertised as a free Microsoft Windows configuration security checker for desktops and servers. The tool performs local scans on Windows computers and identifies insecure Windows advanced settings as defined by CIS, ISO or COBIT standards. It will seek about two dozen common configuration errors related to security.

Tripwire SecureCheq Screenshot

This is a simple tool that is easy to use. You simply run it on the local machine and it will list al the checked settings with a pass or fail status. Clicking on any of the listed settings reveals a summary of the vulnerability with references on how to fix it. The report can be printed or saved as an OVAL XML file.

Although SecureCheq scans for some advanced configuration settings, it misses many of the more general vulnerabilities and threats. Your best bet is to use it in combination with a more basic tool such as the Microsoft Baseline Security Analyzer reviewed above.

Read Best FREE Network Vulnerability Scanners: Top 6 Tools That Don’t Cost Money by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter

How To Disable The Root Account On Linux

Disabling the root account on a Linux system might seem crazy, but that’s where you’re wrong. As it turns out, the disabling of the root user is a solid security measure.  In fact, many Linux operating system developers agree on the root user subject, and it’s increasingly common disable the root account on these systems.

A system without a direct line to the root user isn’t immune to attack, though chances are are greatly reduced that an attacker can get in to the system and totally mess it up. This is mainly because even with access to sudo, certain areas of the system are not modifiable if you disable the root account on Linux.

Pre-requisites

Before going on to disable the root account on the system, a few things need taking care of. The first step in this process is to make sure that all users with the ability to run commands as sudo have a secure password. Having a weak user password will negate securing the root account, and that’s bad news.

The quickest way to secure a user account is to simply change the password. To do this, open up a new terminal and run the passwd command, along with your username. Doing this will force the system to reset to a new password that the user enters.

sudo passwd username

In the “enter new UNIX password” prompt, enter a system password that is memorable and not a dictionary word. Additionally, try not to reuse old passwords.

Having a hard time finding a good password to secure your user account? Try out Secure Password Generator. It specializes in making smart, secure passwords for free!

Now that usernames with access to sudo have secure passwords, it’s time to review the sudoers file. Check out our guide here and learn how to disable sudo access for any accounts you believe unworthy to run root-level commands.

Disable The Root Account

Disabling the root account requires some form of superuser access. Luckily, disabling and scrambling the password doesn’t specifically require logging in as the root user. Instead, any user on the system with access to sudo will work. To gain a root terminal shell without logging in as the root system user, do the following in a terminal window:

sudo -s

Running sudo -s allows any user with the correct privileges to access root and execute system-level commands, much like a root user can.

In the terminal, use the passwd command and disable the account so that no users on the system have the ability to log in to it.

passwd -l root

Locking the account is a solid way to secure the root account. However, it is not the only way to secure it. If you feel like locking won’t be effective enough, scrambling and giving the account an unusable password is the way to go. To scramble the root account, enter the following command in a terminal:

usermod -p '!' root

Scrambling the password is instant. As soon as the usermod command finishes, the root password is inaccessible.

Done locking the root account up? Exit the superuser shell with the exit command to finish up the process.

Re-enabling Root

Having the root account disabled is good security practice. Still, having access to it has its perks. Mainly, the ability to modify your Linux system to its full potential. If you’ve decided to turn the root account on your Linux PC back on, the process is easy to reverse.

In the terminal, run sudo -s, like last time. Doing this gives the terminal superuser access. From here, it’ll be possible to de-scramble the password.

Using the passwd command, unlock the Root account.

passwd root

Running the passwd root command forces a password reset. Be sure to set the new root password to something secure. When the password is done re-setting, log out of the terminal with the exit command.

Root – Best Practices

Disabling root (or at least securing the password) is a good start, but not enough in terms of security. If you want to truly protect your Linux system, try following these basic steps:

  1. Ensure that your root password is no shorter than 14 characters long. Having a long password makes it harder to guess.
  2. Never use the same password for a user account and the root account.
  3. Change passwords every month or so, on every account, including root.
  4. Always use numbers, as well as upper/lower case letters and symbols in passwords.
  5. Create special administrator accounts with sudoer privileges for users that need to run superuser commands, rather than giving out the system password.
  6. Keep your SSH keys secret and only allow trustworthy users to log in as root over SSH.
  7. Enable two-factor authentication during login to prevent your system from being tampered with.
  8. Make full use of the Linux firewall on your system.

Read How To Disable The Root Account On Linux by Derrik Diener on AddictiveTips – Tech tips to make you smarter

10 Best Web Application Firewalls (WAFs) Reviewed in 2018

Web Application Firewalls–or WAFs–are a relatively new kind of firewall. They don’t just block or allow traffic based on IP addresses and ports. They go a step further to analyze traffic and make decisions based on a set of predefined business rules. As their name implies, their main purpose is to secure web-based applications. Choosing a Web Application Firewall can be a daunting task. They exist either as a cloud-based service or as an appliance, each with its advantages and shortcomings. That’s why we’ve compiled this list of the 10 best Web Application Firewalls. It will help you evaluate product features from different vendors.

In this article, we’ll start off with a discussion on Web Applications Firewalls, what they are and what purpose they serve. We’ll then compare cloud-based and appliance-based systems and list the pros and cons of each. As you’ll see, it’s more than just a philosophical choice. After we’re done explaining the basics of WAFs, we’ll dive into the core of our subject and present not one but two lists. First, we’ll review the best five cloud-based WAFs and next we’ll have a look at the best five WAF appliances.

WAFs In A Nutshell

As we stated in our introduction a Web Application Firewall is a special kind of device. It can be used to secure web-based applications far better than what’s possible with standard firewalls. A typical WAF will protect a website against several types of attacks such as cross-site scripting, cookie poisoning, web scraping, parameter tampering, buffer overflow and many more types of vulnerabilities.

Contrary to traditional firewalls which base their decision to allow or block traffic on simple parameters such as IP address or port number, WAFs mostly base their decision on an in-depth analysis of the HTML data. They examine requests trying to recognize malicious behavior patterns. They will also decrypt HTTPS traffic to ensure no malicious code is inserted in encrypted packets. Web Application Firewalls will be on the lookout for known malware signatures but they will also intercept any malformed or non-standard requests for the best possible protection.

By itself, a Web Application Firewall will offer a good degree of protection but it is when you bundle it with other protection systems such as standard firewalls or virus protection software that you’ll get the best coverage against the greatest number of threats. More than ever, network administrators need to adopt a holistic approach to malware prevention.

Cloud-Based Or Appliance?

There are essentially two types of Web Application Firewalls. WAFs can be either cloud-based or run as an appliance. Cloud-based WAFs are hosted by the vendor. All requests to your website are redirected–through the magic of DNS–to your WAF instance where it is verified before being forwarded to your actual site.

Appliance WAFs are hardware devices. They are specialized computers, typically with no user interface such as a screen and keyboard that run a custom operating system and the Web Application Firewall software. They are typically installed within your data center and are located between your traditional firewall and your web servers where they intercept requests going to them.

Cloud-Based WAFs Pros And Cons

On the plus side, a cloud-based solution requires no maintenance as it is handled by the vendor. These solutions typically have built-in redundancy or high availability features. The vendor also typically handles system backups. Another advantage is that the WAF service can often be paired with other services from the same vendor. You could, for example, combine the content distribution and WAF features of a single provider for a seamlessly integrated solution.

But cloud-based WAFs also have a few drawbacks. One of the most important is that they could lock you with a single provider for many services. Since all traffic to your website has to be redirected to the cloud provider, you almost have no other option but to use their other security services such as a traditional firewall.

WAF Appliances Pros And Cons

The main advantage of WAF appliances is that you keep everything in-house. It gives you complete control over every detail of your infrastructure. It also means that you’re free to choose different components from different vendors.

On the downside, using an appliance means that you have to maintain it. And you’ll have to upgrade it as your traffic increases. Using a hardware solution also means a much higher upfront cost as all the equipment must be acquired from the start. Ultimately, the choice is up to you but you should possibly let your specific needs guide you rather than first picking one type of installation.

Our Top 5 Best Cloud-Based WAFs

We’ve compiled a list of the five best could-based Web Application Firewalls. They’re all from reputable suppliers and offer great value for your money. We can’t really recommend one over the others as they’re all excellent products.

1. Cloudflare WAF

Cloudflare WAF Screenshot

 

Cloudflare has gained an excellent reputation for protecting web servers against DDoS attacks. Its service offering also features a Web Application Firewall. The service already has a huge customer base and its servers currently handle close to three million requests per second. And if you visit Cloudflare’s website, you’ll see that over 400 million WAF rules were triggered on the last day.

One of the primary benefits of using a cloud service with such a broad customer base is that you can benefit from intelligence acquired from other clients. For instance, if an attack attempt is detected at another client, a new signature will be created and applied to all clients. Another benefit of Cloudflare’s solution is that they also offer content delivery and DDoS protection.

2. Akamai Kona Site Defender

Kona Site Defender

Akamai is the world leader in content delivery systems. Throughout the years, the company has added more functionalities to its offering. Kona Site Defender, as their WAF is called, is one of them. The Web Application Firewall integrates full DDoS protection. And of course, the WAF service can also easily be combined with other Akamai services such as the Content Delivery Network. Once your traffic is redirected to Akamai, you might as well take advantage of it and use as many services as you need.

Due to its size and client base, Akamai often discovers new exploits sooner than other vendors. As a Kona Site Defender user, you benefit from this competitive edge and effectively get a stronger protection with potentially better blockage of zero-day exploits.

3. F5 Silverline

F5 Silverline WAF Architecture

F5 is often better known for its BIG-IP appliances than its cloud services. In a nutshell, F5 Silverline is the online version of the company’s excellent BIG-IP ASM appliance reviewed below. It is available as a managed service or as what F5 refers to as an express self-service to protect web applications and data from ever-evolving threats. Subscriptions can have a one year or three-year duration. 24-hour live support is included with the service.

One major advantage of this cloud-based service is that it can protect a distributed or cloud-hosted infrastructure. The protection includes layer 7 DDoS shielding and will also block anonymized addresses like those which are part of the Tor network. The system also uses a live blacklist of known phishing practitioners and web scrapers. And since this blacklist is shared by all customers, you benefit from any intelligence gained with another client.

4. Amazon Web Services WAF

AWS WAF Diagram

Amazon Web Services–or AWS–is the universally-known online marketplace’s cloud-based hosting service. It capitalizes on Amazon’s huge distributed infrastructure to offer hosting services. If you’re a client of the Amazon Web Services, the AWS WAF might be for you. Amazon Web Service also offers load-balancing and content delivery service.

The pricing model of the Amazon Web Services WAF is different from other vendors. Instead of paying a predefined sum each month, you are invoiced for each security rule that you add to your service and for the number of web requests that are received each month. The best thing about this is that you don’t have to pay right away for some future growth. It is also very interesting to organizations with seasonal peaks.

5. Imperva Incapsula

Imperva Incapsula Screenshot

Imperva is another common name in the IT security field. The Incapsula cloud-based Web Application Firewall Imperva’s managed service for protecting from application layer attacks, including all Open Web Application Security Project top 10 attacks and zero-day threats. The service is PCI-certified and highly customizable. It is also highly effective and will block most threats with minimal false positives.

Incapsula is one of the cheapest cloud-based WAF solutions you can find. Plans start as low as $300 per month. One great feature of Incapsula is that in addition to a more “traditional” WAF, the system also surveys your servers and will send patches to address found issues providing a better protection for your web applications. You can, of course, schedule patches to be applied at whatever time you chose to reduce your operational impacts.

Our Top 5 Best WAF Appliances

Just like our top 5 cloud-based WAF solutions were all from well-known vendors, so is the case with our WAF appliances. They are from some of the most reputable security equipment vendors. And just like our previous list, this one has nothing but the best. Note that most vendors of WAF appliances also offer a cloud-based service.

1. Imperva SecureSphere

Imperva Securesphere

Imperva is one of the two vendors who made it into both of our lists. Its SecureSphere WAF targets smaller installations. The various units they propose vary in throughput from 100 Mbps to 10 Gbps with the smallest able to process 440 SSL transactions per second and the larger some 9000. A mid-tier unit, the X2020 has a throughput of 500 Mbps, will process 2000 SSL transactions per second and will set you back some $4200.

If you pick one of the top-tier models, you’ll be glad to learn that they are upgradable to the next bigger model. For example, the X821 can be upgraded to an X 10K, effectively doubling its capacity. And upgrading only requires purchasing proper software patch and license. No costly hardware upgrades are required.

2. Barracuda Web Application Firewall

Barracuda WAF

Barracuda is another well-respected name in the field of IT security. It proposes an excellent WAF solution which is perfectly suited for small and mid-sized organizations. The Barracuda appliances are somewhat more expensive than their competitor’s but they come with one year of free updates. And about updates, they take place frequently, whenever a new threat is identified.

The Barracuda WAF appliance also has a few extra features. For instance, it offers caching for faster content delivery. Load balancing between multiple servers is another available feature. You can even add full DDoS protection. Like most other WAF appliances, the Barracuda WAAF is available in several sizes. An average device like the Model 360 will cost you about $6350 and give you 25 Mbps of throughput and 2000 SSL transactions per second.

3. Citrix Netscaler Application Firewall

Citrix Netscaler MPX 7500

The Citrix Netscaler is an immensely popular load balancing appliance. If you’re already using them, you’ll be glad to know that you can also use some of them as a Web Application Firewall. The functionality is only available in the top NetSclaer MPX appliances or the NetScaler Cloud Service. And furthermore, you’ll need to purchase the top-tier Platinum license to get it for free although it is also available as an option with the Enterprise license.

The biggest advantage of the NetScaler WAF is that you get state of the art load balancing and security in one box. This is a premium system and it comes at a premium price. You can expect to pay around $4000 for the smallest model, the MPX 5550 with a throughput of 500 Mbps and up to 1500 SSL transactions per second.

4. Fortinet FortiWeb

FortiNet FortiWeb 100d

The FortiWeb appliance from Fortinet is better suited for smaller to mid-size organizations. The appliance integrates WAF, load balancing, and an SSL offloading functionality. One of the best–and newest– features of the FortiWeb appliance is the two-step AI-based machine learning which improves attack detection accuracy. it nearly creates a “Set and Forget” Web Application Firewall

The FortiWeb appliance will protect your infrastructure from the latest application vulnerabilities, bots, and suspicious URLs. And its dual machine learning detection engines keep your applications safe from all sorts of threats like SQL injection, cross-site scripting, buffer overflows, cookie poisoning, malicious sources, and DDoS attacks. There are eight different FortiWeb models to choose from, each with increasing capacity. They range from the entry-level 100D at 25 Mbps to the top model 4000E with 20Gbps of throughput.

5. F5 BIG-IP Application Security Manager (ASM)

F5 BIG-IP ASM 4200V

Last but not least is the F5 BIG-IP ASM appliance. You might know F5 as one of Citrix’s primary competitors. They’re well-known for their top-notch load balancers.  This is an appliance which targets larger businesses.

The F5 BIG-IP ASM threat protection uses deep threat analysis and dynamic learning, you barely have any configuration to do and yet you can be assured that your infrastructure is adequately protected. Another interesting feature of the F5 BIG-IP ASM is SSL offloading. The device will handle the SSL encryption and decryption on the fly, allowing your web servers to concentrate on what they do best, serve web pages.

In Conclusion

With so many products and services to choose from, picking the right WAF solution can turn out to be a handful. They are expensive systems and they often require considerable efforts–and training–to set up and configure correctly. This is probably not something you’ll want to do twice just to try many different products. Make sure you precisely identify your needs and your growth projection and chances are you’ll be in a better position to choose the WAF that suits you best.

Read 10 Best Web Application Firewalls (WAFs) Reviewed in 2018 by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter

How To Turn Off Unlock For USB Accessories On iOS 12

iOS 11.4 added a new feature whereby if you haven’t connected a USB accessory to your unlocked device for a few days, it will prevent the accessory from connecting with a locked phone. To enable the connection, you have to unlock your device and then connect the accessory. This is a security feature and in iOS 12 the duration for connecting a USB accessory to a locked device has been limited to one hour. What this means is that if you haven’t unlocked your phone in over an hour, you will have to unlock it to use USB accessories. Here’s how to turn off unlock for USB accessories.

Note: iOS 12 is currently in beta and unless you’re part of the Apple public beta program, you will not be able to use this unstable version of iOS. The stable release is set for fall, this year.

Unlock For USB Accessories

To turn off unlock for USB accessories, open the Settings app and go to Touch ID and Passcode. Enter your passcode, and then scroll down to the ‘Allow access when locked’ section. Here, look for a switch labelled USB Accessories and turn it On.

This will allow USB accessories, including your PC or Mac, to connect with and charge your phone even if it hasn’t been unlocked in over an hour. This option may not appear for everyone on the iOS 12 beta just yet and that’s probably a bug. Wait for the next build and it may eventually appear.

The real question is, should you turn this option On, or leave it Off? With newer iPhone models, everything connects via a USB connection. The headphone jack is gone and unless you have a pair of Airpods, you will need a USB connector to connect headphones. With respect to that, it can get annoying having to unlock your device when you connect an accessory. That said, you can unlock with Touch ID or Face ID so it’s not like you have to enter a long passcode.

If you’re the sort to forget about a feature like this, you might want to turn it off. Imagine connecting your iPhone to your Mac or PC to charge, and coming back a few hours later to find that the phone didn’t charge because USB accessory access was blocked.

For the most part, this is a good security feature but some users may find it more of a nuisance than something useful. If your phone is ever stolen or lost, you will find that this will deter anyone from attempting to erase and resell it.

Read How To Turn Off Unlock For USB Accessories On iOS 12 by Fatima Wahab on AddictiveTips – Tech tips to make you smarter

6 Best Security Information and Event Management (SIEM) Tools Worth Checking Out in 2018

It’s a jungle out there! Ill-intentioned individuals are everywhere and they’re after you. Well, probably not you personally but rather your data. It’s no longer just viruses that we have to protect against but all sorts of attacks that can leave your network–and your organization–in a dire situation. Due to the proliferation of various protection systems such as antiviruses, firewalls, and intrusion detection systems, network administrators are now flooded with information that they have to correlate, trying to make sense of it. This is where Security Information and Event Management (SIEM) systems come in handy. They handle most of the gruesome work of dealing with too much information. To make your job of selecting a SIEM easier, we’re presenting you the best Security Information and Event Management (SIEM) tools.

Today, we begin our analysis by discussing the modern threat scene. As we said, it’s no longer just viruses anymore. Then, we’ll try to better explain what SIEM is exactly and talk about the different components that make a SIEM system. Some of them might be more important than other but their relative importance might be different for different people. And finally, we’ll present our pick of the six best Security Information and Event Management  (SIEM) tools and briefly review each one.

The Modern Threat Scene

Computer security used to be just about virus protection. But in recent years, several different kinds of attacks have been uncovered. They can take the form of denial of service (DoS) attacks, data theft, and many more. And they no longer just come from the outside. Many attacks originate from within a network. So, for the ultimate protection, various types of protection systems have been invented. In addition to the traditional antivirus and firewall, we now have Intrusion Detection and Data Loss Prevention systems (IDS and DLP), for example.

Of course, the more you add systems, the more work you have managing them. Each system monitors some specific parameters for abnormalities and will log them and/or trigger alerts when they are discovered. Wouldn’t it be nice if the monitoring of all these systems could be automated? Furthermore, some types of attacks could be detected by several systems as they go through different stages. Wouldn’t it be far better if you could then respond to all related events as one? Well, this is exactly what SIEM is all about.

What Is SIEM, Exactly?

The name says it all. Security Information and Event Management is the process of managing security information and events. Concretely, a SIEM system does not provide any protection. Its primary purpose is to make the life of network and security administrators easier. What a typical SIEM  system really do is collect information from various protection and detection systems, correlate all this information assembling related events, and reacts to meaningful events in various ways. Often, SIEM systems will also include some form of reporting and dashboards.

The Essential Components Of A SIEM System

We’re about to explore in deeper details each major component of a SIEM system. Not all SIEM system include all these components and, even when they do, they could have different functionalities. However, they are the most basic components that one would typically find, in one form or another, in any SIEM system.

Log Collection And Management

Log collection and management is the main component of all SIEM systems. Without it, there is no SIEM. The SIEM system has to acquire log data from a variety of different sources. It can either pull it or different detection and protection systems can push it to the SIEM. Since each system has its own way of categorizing and recording data, it is up to the SIEM to normalize data and make it uniform, no matter what its source is.

After normalization, logged data will often be compared against known attack patterns in an attempt to recognize malicious behavior as early as possible. Data will also often be compared to previously collected data to help build a baseline that will further enhance abnormal activity detection.

Event Response

Once an event is detected, something must be done about it. This is what the event response module fo the SIEM system is all about. The event response can take different forms. In its most basic implementation, an alert message will be generated on the system’s console. Often email or SMS alerts can also be generated.

But the best SIEM systems go a step further and will often initiate some remedial process. Again, this is something that can take many forms. The best systems have a complete incident response workflow system that can be customized to provide exactly the response you want. And as one would expect, incident response does not have to be uniform and different events can trigger different processes. The best systems will give you complete control over the incident response workflow.

Reporting

Once you have the log collection and management and the response systems in place, the next building block you need is reporting. You might not know it just yet but you will need reports. The upper management will need them to see for themselves that their investment in a SIEM system is paying off. You might also need reports for conformity purposes. Complying with standards such as PCI DSS, HIPAA, or SOX can be eased when your SIEM system can generate conformity reports.

Reports may not be at the core of a SIEM system but still, it is one essential component. And often, reporting will be a major differentiating factor between competing systems. Reports are like candies, you can never have too many. And of course, the best systems will let you create custom reports.

Dashboard(s)

Last but not least, the dashboard will be your window into the status of your SIEM system. And there could even be multiple dashboards. Because different people have different priorities and interests, the perfect dashboard for a network administrator will be different from that of a security administrator. And an executive will need a completely different one as well.

While we can’t evaluate a SIEM system by the number of dashboards it has, you need to pick one that has all the dashboard(s) you need. This is definitely something you’ll want to keep in mind as you evaluate vendors. And just like with reports, the best systems will let you build customized dashboards to your liking.

Our top 6 SIEM Tools

There are lots of SIEM systems out there. Far too many, actually, to be able to review them all here. So, we’ve searched the market, compared systems, and build a list of what we found to be the six best security information and management (SIEM) tools. We’re listing them in order of preference and we’ll briefly review each one. But despite their order, all six are excellent systems that we can only recommend you try for yourself.

Here’s what our top 6 SIEM tools are

  1. SolarWinds Log & Event Manager
  2. Splunk Enterprise Security
  3. RSA NetWitness
  4. ArcSight Enterprise Security Manager
  5. McAfee Enterprise Security Manager
  6. IBM QRadar SIEM

1. SolarWinds Log & Event Manager (FREE 30-DAY TRIAL)

SolarWinds is a common name in the network monitoring world. Their flagship product, the Network Performance Monitor is one of the best SNMP monitoring tool available. The company is also known for its numerous free tools such as their Subnet Calculator or their SFTP server.

SolarWinds’ SIEM tool, the Log and Event Manager (LEM) is best described as an entry-level SIEM system. But it’s possibly one of the most competitive entry-level systems on the market. The SolarWinds LEM has everything you can expect from a SIEM system. It has excellent long management and correlation features and an impressive reporting engine.

SolarWinds LEM Dashboard

As for the tool’s event response features, they leave nothing to be desired. The detailed real-time response system will actively react to every threat. And since it’s based on behavior rather than signature, you’re protected against unknown or future threats.

But the tool’s dashboard is possibly its best asset. With a simple design, you’ll have no trouble quickly identifying anomalies. Starting at around $4 500,  the tool is more than affordable. And if you want to try it first, a free fully functional 30-day trial version is available for download.

2. Splunk Enterprise Security

Possibly one of the most popular SIEM system, Splunk Enterprise Security–or Splunk ES, as it is often called–is particularly famous for its analytics capabilities. Splunk ES monitors your system’s data in real time, looking for vulnerabilities and signs of abnormal activity.

Security response is another of Splunk ES’ strong suits. The system uses what Splunk calls the Adaptive Response Framework (ARF) which integrates with equipment from more than 55 security vendors. The ARF perform automated response, speeding up manual tasks. This will let you quickly gain the upper hand. Add to that a simple and uncluttered user interface and you have a winning solution. Other interesting features include the Notables function which shows user-customizable alerts and the Asset Investigator for flagging malicious activities and preventing further problems.

Splunk ES Risk Analysis

Splunk ES is truly an enterprise-grade product and it comes with an enterprise-sized price tag. You can’t even get pricing information from Splunk’s web site. You need to contact the sales department to get a price. Despite its price, this is a great product and you might want to contact Splunk and take advantage of a free trial.

3. RSA NetWitness

Since 20016, NetWitness has focused on products supporting “deep, real-time network situational awareness and agile network response”. After being acquired by EMC which then merged with Dell, the Newitness business is now part of the RSA branch of the corporation. And this is good news RSA is a famous name in security.

RSA NetWitness is ideal for organizations seeking a complete network analytics solution. The tool incorporates information about your business which helps prioritize alerts. According to RSA, the system “collects data across more capture points, computing platforms, and threat intelligence sources than other SIEM solutions”. There’s also advanced threat detection which combines behavioral analysis, data science techniques, and threat intelligence. And finally, the advanced response system boasts orchestration and automation capabilities to help get rid eradicate threats before they impact your business.

RSA NetWitness

One of the main drawbacks of RSA NetWitness is that it’s not the easiest to use and configure. However, there is comprehensive documentation available which can help you with setting up and using the product. This is another enterprise-grade product and you’ll need to contact sales to get pricing information.

4. ArcSight Enterprise Security Manager

ArcSight Enterprise Security Manager helps identify and prioritize security threats, organize and track incident response activities, and simplify audit and compliance activities. Formerly sold under the HP brand, it has now merged with Micro Focus, another HP subsidiary.

Having been around for more than fifteen years, ArcSight is another immensely popular SIEM tools. It compiles log data from various sources and performs extensive data analysis, looking for signs of malicious activity. To make it easy to identify threats quickly,  you can view the real0tme analysis results.

ArcSight Command Center

Here’s a rundown of the products main features. It has powerful distributed real-time data correlation, workflow automation, security orchestration, and community-driven security content. The Enterprise Security Manager also integrates with other ArcSight products such as the ArcSight Data Platform and Event Broker or ArcSight Investigate. This is another enterprise-grade product–like pretty much all quality SIEM tools–that will require that you contact ArcSight’s sales team to get pricing information.

5. McAfee Enterprise Security Manager

McAfee is certainly another household name in the security industry. However, it is better known for its virus protection products. The Enterprise security manager is not just software. It is actually an appliance. You can get it in virtual or physical form.

In terms of its analytics capabilities, the McAfee Enterprise Security Manager is considered one of the best SIEM tool by many. The system collects logs across a wide range of devices. As for its normalization capabilities, it is also top notch. The correlation engine easily compiles disparate data sources, making it easier to detect security events as they happen

McAfee Enterprise Security Manager

To be true, there’s more to the McAfee solution than just its Enterprise Security Manager. To get a complete SIEM solution you also need the Enterprise Log Manager and Event Receiver. Fortunately, all products can be packaged in a single appliance. For those of you who may want to try the product before you buy it, a free trial is available.

6. IBM QRadar

IBM, possibly the best-known name in the IT industry has managed to establish its SIEM solution, IBM QRadar is one of the best products on the market. The tool empowers security analysts to detect anomalies, uncover advanced threats and remove false positives in real-time.

IBM QRadar boasts a suite of log management, data collection, analytics, and intrusion detection features. Together, they help keep your network infrastructure up and running. There is also risk modeling analytics that can simulate potential attacks.IBM QRadar Dashboard

 

Some of QRadar’s key features include the ability to deploy the solution on-premises or in a cloud environment. It is a modular solution and one can quickly and inexpensively add more storage of processing power. The system uses intelligence expertise from IBM X-Force and integrates seamlessly with hundreds of IBM and non-IBM products.

IBM being IBM, you can expect to pay a premium price for their SIEM solution. But if you need one of the best SIEM tools on the market, QRadar might very well be worth the investment.

In Conclusion

The only problem you risk having when shopping for the best Security Information and Event Monitoring (SIEM) tool is the abundance of excellent options. We’ve just introduced the best six. All of them are excellent choices. The one you’ll choose will largely depend on your exact needs, your budget and the time you’re willing to put into setting it up. Alas, the initial configuration is always the hardest part and this is where things can go wrong for if a SIEM tool is not properly configured, it won’t be able to do its job properly.

Text 50 – 2300

Read 6 Best Security Information and Event Management (SIEM) Tools Worth Checking Out in 2018 by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter