Software\hardware to test network security?

[T.Atsiz]

Is there any free\cheap software or hardware that will test all vulnerabilities of the network etc?

 

For example:

Is Wifi safe?

Are all ports safely secured?

Are devices up to date?

Is the device ok\healthy?

etc etc,

 

I want to be able to use this for my home and for my family. But also small companies. 

 

There are companies that sell you software for thousands of dollars but i dont have that kind of money. Or spending 100$ a hour for a network engineer for a one time check.

 

 

[Oshino Shinobu]

All in one? No, not for free. It's something that will be marketed to businesses for a lot of money, or be provided as a service with experts doing pentesting to find vulnerabilities. 

 

You can somewhat check these things for free on your own:

 

1. This really depends on your PSK for your WiFi. If it's a good password and you're using WPA2-PSK AES or better, it's secure from most non-targeted attacks. Your network is more likely to be vulnerable to physical attacks than someone breaking WPA2 AES encryption or brute forcing a decent password. Managed switches with MAC port binding is a solution to someone trying to physically plug into the network. 

 

2. There's port scanner available that scan for open ports and if there's anything running on them. Most inbound ports are closed to unsolicited connections by default. A quick Google search will turn up a few to take a look at. 

 

3. This really depends on what devices you have. If you use devices that can all report into a central management platform, it's much easier to keep them up to date. If you use a mix of different devices, it's basically impossible for one tool to check them all, so you'd need to do it manually at regular intervals or set them all to auto update. I personally use Ubiquiti's UniFi network products that all report into a network controller that allows me to check their firmware levels and whether they need updating. For client systems, I manage all of my Windows systems through WSUS so I know what security updates are applied. 

 

4. Same as above really. You need devices that report into a management platform to really be able to tell this or report via SNMP.

[Lurick]

nmap, nessus, openvas come to mind as free tools you can use.

Qualys offers a free version that's cloud based more or less that can scan a couple IPs before you have to pay.

[Windows7ge]

This tool has become a bit of a joke to people but KALI Linux. It's a Linux distribution full of tools that revolve around penetration testing. I believe it's free.

 

If you're really looking to make sure your network doesn't have holes it's a legitimate option.

[T.Atsiz]

9 minutes ago, Windows7ge said:

This tool has become a bit of a joke to people but KALI Linux. It's a Linux distribution full of tools that revolve around penetration testing. I believe it's free.

 

If you're really looking to make sure your network doesn't have holes it's a legitimate option.

The question is...is it automated with GUI and all? I am ok with Windows but I  dont have super tech savy knowledge.

[Windows7ge]

4 minutes ago, T.Atsiz said:

The question is...is it automated with GUI and all? I am ok with Windows but I  dont have super tech savy knowledge.

On the Linux side of the fence most tools like this are CLI only. I haven't explored KALI much myself yet so I can't say it doesn't have any GUI tools. If you can take the time to learn them though it saves you a lot of money.

[eece_ret]

20 hours ago, T.Atsiz said:

 

Is Wifi safe?  No tool needed.  Manual config review.  WPA2 AES.  Or go nuts and rock 802.x Auth backed by an authentication server (I like Radius.  MS NPS/NAC, or FreeRadius have worked well for me.)

Are all ports safely secured?  NMAP the IP/Subnet.  Enumerate the ports observed and go from there.  Otherwise you can look at Nessus or OpenVAS

Are devices up to date?  No easy button here.  You can use LANSweeper in a managed environment.  Otherwise, its corporate stuff like BigFix and SCCM

Is the device ok\healthy?  Take a look at Observium