12 Cyber Security Tools Every IT Pro Should Have by Brent Whitfield

When a security breach is suspected or revealed, the IT pro springs into action. Most experienced IT professionals will have already assembled a kit consisting of the basic tools of the trade and a few personal favorites. Whether you are a junior in the field or a seasoned network defender, this article runs through 12 cyber security tool that you should be familiar with and have access to.

As you know, diagnosis is the first step required and the first eight tools listed are diagnostic in nature. This is followed by three handy combination tools or suites combining two or more resources together in one place for quick and easy use. Last of all we stress the importance of having a 'go to' information source you can trust.

          1. Ping Utility

From Miami to Los Angeles, IT support professionals will be familiar with using this basic network connection test. Unless you are in the earliest stages of training to enter the field, be free to skip past this one (but check out 'Pathping' below if you have yet to come across that).

For anyone else (e.g. junior IT consulting personnel with limited technical knowledge) you should know that the ping utility is native to both Windows and Mac. Simply type ping into the command prompt/terminal, press the space bar and add a URL or IP address before hitting enter.

The ping command sends an echo packet from one PC to its source. It records the percentage of packets received and the time taken, in milliseconds, for the echo to return.

          2. Tracert Utility

Another staple of the IT security pro is the Tracert utility (Windows). This tool traces the entire route of a packet from destination to source, including all the intermediate paths it takes. This enables the source of a problem to be more accurately defined. It also helps to build up a picture of the client's network.

          3. ipconfig

ipconfig is another native Windows tool (ifconfig on Linux) which can quickly be used to determine a PC's IP address and to check and diagnose simple issues with IP/TCP configuration. By setting parameters, ipconfig can also be used solve certain issues. One example is the ipconfig/flushdns command which instructs the PC to send a fresh query to the DNS server rather than use cached responses. This can resolve issues after a DNS server has been changed.

          4. nslookup

The job of nslookup is to look more closely at the name servers a PC is connecting to and the IP addresses it is using. Like ipconfig, nslookup can be used with a set of parameters to glean further information. The User Guide in the 'On the Web' section of this article gives more in-depth information on this utility.

          5. Netstat

The Netstat command goes even deeper into network configurations, right down to port level and beyond. The status of a listening port including connected hosts and protocols used can be revealed with this tool. Information on certain specific services can be deduced from this information (which is why hackers love to have it in their toolboxes too!)

          6. PuTTy/Tera Term

PuTTY is used by IT support personnel for accessing computers remotely via the SSH or Telnet protocols. It is also an emulator, allowing the host's system to behave similarly to the guest's. Tera Term is another piece of free, open-source software that performs the same function. Choosing between the two is usually a matter of personal preference.

          7. IP Subnet Calculator

There are many different versions of IP subnet calculators available to choose from. They all enable an IP address to be divided into its components (subnet mask, broadcast address, host address range, etc.). They are of most value to junior IT support personnel since established professionals will know how to work out this information without a calculator.

          8. Route Command

The last of the standalone tools every IT pro should be familiar with is the route command and its parameters. Sometimes, connection issues are due to bad entries on a computer's routing table. The route command can be used to modify or delete these routes. New routes can be added via this command, for example when adding routers to a network.

The following three tools combine two or more tools into one handy place.

          9. Pathping/MTR Utilities

Pathping and MTR are commands which combine both the ping and traceroute functions, thus saving time by providing maximum connection information with minimum input. These tools also contain additional functions not present in either the ping or Tracert utilities. Unlike ping and MTR, pathping is specific to Microsoft. See the Tracert and MTR User Guide in the 'On the Web' section below.

          10. SysInternals Suite

The Windows SysInternals suite contains numerous specialist tools for further diagnosis and repair operations on Windows machines. These applications would require another article to go through in depth but include Accesschk, Autoruns, Bginfo, Contig, Disk2vhd, MoveFile, Process Explorer, PSFile, PsKill, PsList, PsLoggedOn, Sync, Zoomlt and more.

          11. Windows GodMode

GodMode is an organizational function that enables IT professionals to work smarter on Windows machines. It does this by combining all of the useful diagnostic and repair tools scattered throughout various locations into one logical place.

To access GodMode on Windows 10, simply create a new folder and label it as follows: GodMode.{ED7BA470-8E54-465E-825C-99712043E01C} 

          12. Informational Resources

Just as invaluable to an IT professional as a well-equipped toolkit is a reliable place they can visit to quickly access help and guidance when they need it most. For the latest and best security-related information we hope you have already bookmarked https://hakin9.org for fast access but it is worth building up an online link library of additional 'go to' resources.

To summarise: from the simple but ever-useful ping utility to IP subnet calculators there are many useful tools that every IT pro should have in their emergency repair kit. There are also several handy suites available which bundle different utilities together. Combine this with fast access to the latest security information and you have everything you need to perform your role to perfection.

About Brent:

Brent Whitfield is the CEO of DCG Technical Solutions Inc. DCG provides specialist advice and IT Consulting Los Angeles area businesses need to remain competitive and productive while being sensitive to limited IT budgets. Brent has been featured in Fast Company, CNBC, Network Computing, Reuters and Yahoo Business. https://www.dcgla.com was recognized among the Top 10 Fastest Growing MSPs in North America by MSP mentor. You can follow him on Twitter at @DCGCloud.

Around the Web

• nslookup User Guide: https://www.lifewire.com/what-is-nslookup-817516 Last accessed 9/15/2017
• Traceroute and MTR User Guide:https://www.digitalocean.com/community/tutorials/how-to-use-traceroute-and-mtr-to-diagnose-network-issues Last accessed 9/15/2017

References

• Plural Sight: https://www.pluralsight.com/blog/it-ops/network-troubleshooting-tools Last accessed 9/15/2017
• Search Enterprise: http://searchenterprisedesktop.techtarget.com/tip/Five-most-useful-Windows-Sysinternals-tools Last accessed 9/15/2017
• PC World: https://www.pcworld.com/article/220753/windows_7_god_mode_tips_tricks_tweaks.html Last accessed 9/15/2017

You will also like:

Incident Security Response - AccessEnum [FREE COURSE CONTENT!]