Question

what is The benefits of using the security administration tools?

Answer 1

Total, hundreds of millions of users depend on reliable access to computing and information services for business, educational, and personal activities. The growth of the Internet puts a world of information and services at our fingertips, yet also opens computers to attack from anywhere around the globe. The same networks that permit a tourist to read email from an airport in Singapore also permit a student in Romania to release a computer virus that disables computers and the businesses that depend on them. In addition, as the complexity of computer systems increases, new vulnerabilities are discovered each day. There is a worldwide community of people, usually referred to as hackers or crackers, who work to discover and exploit such vulnerabilities to attack and gain control of systems, sharing their techniques through various underground channels. Computers across the Internet have been subject to worms, denial-of-service attacks, password-sniffing, and other malicious activity, leading to significant inconvenience and loss of productivity for legitimate users. On the other side, vendors and computer system administrators race to discover vulnerabilities and to create, release, and apply patches before those vulnerabilities are exploited. On the front lines of this battle are security administrators, the people responsible for continually monitoring both their own systems using security administration tools.

Benefits of security administration tools:

global intusion detection tools :

These monitor network traffic to analyze and report suspicious patterns—for example, Bro Intrusion Detection System

Scanning tools :

These probe machines remotely for known vulnerabilities in their installed software— for example,Nessus Open Source Vulnerability Scanner Project

File/host integrity tools :

These run locally to check for compromised states; such tools include:

• Virus detection and repair tools—for example, Symantec AntiVirus.

• Change management tools that track and compare system configuration information, including file organization, and alerting administrators when unauthorized changes occur—for example, Tripwire Change Auditing Solutions

• Rootkit hunters (a rootkit is a prepackaged set of programs and/or files used to exploit a vulnerability and gain control of a machine), etc.

Communication tools :

These are used to coordinate work and share information between administrators, such as email, phone, instant messaging, and chat rooms.

Samples of code:

Such code exploits vulnerabilities and runs in a secure setting (e.g., VMWare) to better understand attacks.

Honeypots:

These are tools that emulate information system resources to attract attacks and capture attack data—for example, Sebek Open Source Honeypot.

Public information sources:

These contain data about vulnerabilities and attacks, including mailing lists and web sites such as FIRST (Forum of Incident Response and Security Teams), SecurityFocus.com, bugtraq,University Security Operations Group, unisog CERT (Computer Emergency Readiness Team), and SANS (SysAdmin, Audit, Network, Security).