MacSecure.com
A Mac Security Blog

Top Mac Security Tools, Part 1

Every blog has a ‘Top 10′ list of something — and I’m fairly sure that someone has probably even done a “Top xx Mac Security Tools” list, but I figured I’d go with the list of the tools that I use the most, and then as time permits, go through and write up something about using each tool in more detail.

The List:

WireShark

Wireshark is the the new (circa 2006) name for Ethereal, probably the single most popular graphical network protocol analyzer ever.  Open-source, Wireshark is available on multiple platforms and is available in binary and source forms in most cases.  Commonly called a ‘network sniffer’, Wireshark is protocol aware, so it can intelligently follow streams of different traffic to be analyzed.   The functionality of Wireshark is similar to the command-line utility ‘tcpdump’ (Which is included with OS X) but in most cases people find working with Wireshark easier.  Wireshark uses an extensible (and extensive) plug-in format for decoding new protocols — these decoders have been subject to vulnerabilities over the years, so keeping Wireshark up to date is important.

Mac GPG

Mac GPG is the Mac port of GPG, the Gnu Privacy Guard, which in turn is a free (and open source) implementation of OpenPGP.   This project is available in source code or binary forms, and the MacGPG site has directions for compiling it yourself.   As a start it’s useful to download or build the main GPG package, the GPG Keychain Access, and the GPG File Tool.

Nmap

Volumes have been written about nmap, the platforms it runs on, and the ways it can be used.   The Mac port of nmap can be installed using DarwinPorts or FinkInstaller, the most current stable version is 4.20.   Nmap’s usefulness for exploring networks and systems is immeasureable.

Netcat

Often called the “Swiss-Army knife of networking” - netcat is another GNU free (and open source) tool for doing all kinds of network and host-based testing.   In my day job I use netcat regularly for testing TCP and UDP connections through firewalls.   Ever needed to test UDP connectivity but wished you had a way to do a ‘udp telnet’ ?  Netcat can be run as a client or a server piece, and can be used for a multitude of things, including ’shoveling’ shell access through firewalls, as well as port scanning and a number of settings to make netcat use harder to detect.  Note: Netcat is considered a ‘hacking tool’ in some places.  This is mostly a concern with Windows A/V programs.

End of Part 1.

Bookmark this page at: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • StumbleUpon
  • Technorati

One Response to “Top Mac Security Tools, Part 1”

  1. […] two (part one is here) of an expanding series where I’m providing an overview of some of the InfoSec tools that I […]

    MacSecure.com » Top Mac Security Tools, Part 2 - November 19th, 2007 at 8:31 pm

Leave a Reply

You must be logged in to post a comment.