Understanding that the existence of a risk requires a basic understanding of the ongoing process of monitoring and determining cyber security threats, updating the risk assessments, and implementing controls as necessary to address the newly identified threats.
This work never ends, it is a constant battle fighting against threats to businesses and business systems; meaning there has to be both a threat and a vulnerability for a risk to exist.
Nobody would propose spending millions of dollars to protect Las Vegas from the non-existent threat of a hurricane, yet millions are spent each year implementing controls against non-existent cyber-security threats, simply because a vast majority of the industry focuses on vulnerabilities rather than threats.
A building with no doors or windows can be very secure, and also useless. In the same sense, a computer system with no access points can also be very secure and quite useless. Security requires balance. The cyber-security threats are massive and we simply cannot afford to waste the time and money focusing on unnecessary work.
Performing a security risk assessment at the very beginning of the process, to first identify threats, and then determine risk, is a simple answer. Not only are you focusing on the threats that do exist, and securing accordingly, you are also identifying risk and costs associated with each risk. This analysis will determine the extent to which funds should be spent to implement controls to secure against specific types of cyber threats.
There are countless online tools to help you learn and practice ethical hacking techniques and processes. By analyzing and understanding threats, security policies and procedures can be created to protect against certain types of cyber attacks. Vulnerabilities refer to a security flaw that could lead to a successful attack. Testing for vulnerabilities allows for constant monitoring of weaknesses and gaps in a system and also helps identify what types of network vulnerabilities to test for in the future.
Below is a list of cyber security self assessment tools to help your better understand your network vulnerabilities. If you would like to know more about assessing your cyber security needs or would like to find out how the Tapestry Digital Services Security Team can complement or supplement your existing IT security portfolio, call us today and a member of our IT Security Team can walk you through your options and recommend a solution tailored just for your business needs so you can invest with confidence.
Virus Scanners:
- VirusTotal file and URL scanner with more engine: https://www.virustotal.com
- Metadefender file and URL scanner with more engine: https://www.metadefender.com
- HowToRemove.Guide file scanner with 3 engine: https://howtoremove.guide/online-virus-scanner
- PayloadSecurity file and URL scanner in sandbox: https://www.hybrid-analysis.com
- Check Point file scanner in sandbox (registration required): https://threatemulation.checkpoint.com/teb
- File ransomware scanner: https://id-ransomware.malwarehunterteam.com
- JOESandbox file and URL scanner in sandbox (registration required): https://www.joesandbox.com
Antivirus testers:
- Eicar virus sample: http://www.eicar.org/85-0-Download.html
General scanners:
- MxToolbox DNS, port scanner, blacklist, traceroute tools: https://mxtoolbox.com/SuperTool.aspx
- Ping.eu DNS, port scanner, traceroute, IP calculator tools: http://ping.eu
- ViewDNS.info DNS, reverse MX, port scanner, blacklist, traceroute tools: http://viewdns.info
- W3dt DNS, port scanner, blacklist, traceroute tools: https://w3dt.net
- OnlineDomainTools DNS, port scanner, blacklist, traceroute tools: http://online-domain-tools.com
- T1 Shopper DNS, port scanner, traceroute tools: http://www.t1shopper.com/tools
- IPVOID DNS, blacklist, traceroute tools: http://www.ipvoid.com
Vulnerability scanners:
- Security Audit Systems host and web server vulnerability scanner (registration required): http://pentest-tools.security-audit.com
- Pentest-Tools portscanner, host and web server vulnerability scanner (registration required): https://pentest-tools.com/home
- Qualys host and web server vulnerability scanner (registration required): https://freescan.qualys.com/freescan-front
- suIP.biz portscanner and web server vulnerability scanner: https://suip.biz
- Hacker Target portscanner, host, service and web server vulnerability scanner (registration required): https://hackertarget.com
DNS testers:
- ICANN WHOIS general DNS information: https://whois.icann.org/en
- Google MX, DKIM, DMARC tester: https://toolbox.googleapps.com/apps/checkmx
- Geektools dig: http://www.geektools.com/digtool.php
- DigWebInterface dig: http://digwebinterface.com
- DNSdumpster DNS mapper: https://dnsdumpster.com
- Openresolver.com open resolver tester: http://openresolver.com
- DNS expertise open resolver tester: http://dns.measurement-factory.com/cgi-bin/openresolvercheck.pl
IP calculators:
- Jodies IP calculator: http://jodies.de/ipcalc
Regex testers:
- Regexpal regex tester: http://www.regexpal.com
- Weblap testers:
- Netcraft web lap tester: http://toolbar.netcraft.com/site_report
Hash calculators:
- SORBS blacklist and open relay tester: http://www.sorbs.net
- MailRadar open relay tester: http://www.mailradar.com/openrelay
- Antispam-UFRJ open relay tester: http://www.aupads.org
- DNSBL.info blacklist tester: http://www.dnsbl.info/dnsbl-database-check.php
E-mail verifiers:
- Free Email Verifier e-mail verifier: https://verify-email.org
- MailTester.com e-mail verifier: http://mailtester.com/testmail.php
E-mail TLS testers:
- TLS e-mail TLS tester: https://www.checktls.com
Searchers:
- Shodan banner and metadata searcher: https://www.shodan.io
IP analyzers:
- IP Tracker IP analyzer: http://www.ip-tracker.org
- WhatIsMyIPAddress owner IP and blacklist analyzer: http://whatismyipaddress.com
- WhatIsMyIP owner IP analyzer: https://www.whatismyip.com
- DNS leak test owner IP analyzer with DNS leak tester: https://www.dnsleaktest.com
IP reputation testers:
- Cyren IP reputation tester: http://www.cyren.com/security-center/ip-reputation-check
IP range databases:
- Reverse.report IP range database: https://reverse.report
Vulnerability databases:
- Security Space OpenVAS compatible vulnerability database: http://www.securityspace.com/smysecure/catid.html
- NIST NVD vulnerability database: https://nvd.nist.gov/vuln/search
D abuse databases:
- Pwned e-mail and username abuse database: https://haveibeenpwned.com
MAC-address databases:
- MAC-address manufacturer database: https://www.macvendorlookup.com
Threat databases:
- OTX threat database (registration required): https://otx.alienvault.com