Security Tool

Definition

Security Tool

a software or hardware tool that directly supports the performance of security engineering tasks

Classification

As illustrated in the preceding figure, Security Tool is part of the following inheritance hierarchy:

• Type: Concrete
• Superclass: Tool
• Subclasses:
  • Authentication and Authorization (Access Control) Systems
  • Biometric Devices
  • Content Filtering Systems
  • Cryptography Systems
  • Firewalls
  • Hardware Keys
  • Intrusion Detection/Prevention Systems (IDS/IPS)
  • Security Auditing (Audit Trail Management) Tools
  • Security Event Logging Tools
  • Security Patch Monitoring Tools
  • Security Reporting Tools
  • Virus Detection/Prevention/Elimination
  • Vulnerability Assessment Tools
  • Security Testing Tools:
    • Network Vulnurability Analysis Tools
    • Penetration Testing Tools
    • Security Test And Analysis Tools
• Example Instances:
  • Authentication and Authorization (Access Control) Systems:
    • Entrust GetAccess
    • Funk Software Steel-Belted RADIUS
    • Netegrity SiteMinder
    • Oblix NetPoint
    • PassGO Defender
    • RSA ClearTrust and RSA SecurID
  • Biometric Devices:
    • Face Recognition
    • Fingerprint
    • Handwriting Analysis
    • Palm Print
    • Retina Scanner
  • Content Filtering Systems:
    • SurfControl SuperScout
    • Websense
  • Cryptography Systems:
    • Certicom Security Builder
    • Entrust Authority CA
    • RSA BSAFE and RSA Keon
  • Firewalls:
    • CheckPoint
    • NetScreen
  • Intrusion Detection/Prevention Systems (IDS/IPS):
    • Server (IDS/IPS) (e.g., Enterasys Dragon Squire, ISS RealSecure Server Sensor, and Sanctum AppShield)
    • Network (IDS/IPS) (e.g., Cisco NetRanger, Enterasys Dragon Sensor, Intrusion.com SecureNet, ISS RealSecure Network Sensor, and Snort)
  • Security Testing Tools:
    • Network Vulnurability Analysis Tools
    • Penetration Testing Tools
    • Security Test And Analysis Tools
  • Virus Detection/Prevention/Elimination Systems such as:
    • McAfee WebShield, GroupShield, and VirusScan
    • Symantec AntiVirus, Antivirus for Groupware, and Antivirus for Gateways
    • TrendMicro InterScan, ScanMail, andServerProtect
  • Vulnerability Assessment Tools
    • ISS Internet Scanner and Host Scanner
    • McAfee CyberCop
    • Nessus

Responsibilities

The typical responsibilities of a security tool are to:

• Support the performance of the following tasks:
  • Security Risk Assessment
  • Security Policy Production
  • Security Threat Prevention
  • Security Threat Deterrence
  • Security Threat Detection And Analysis
  • Security Administration
  • Security Auditing
• Support the implementation of security requirements

Guidelines

• Security tools and systems are rapidly evolving.
• Security tools and systems should be evaluated prior to acquisition.
• The time between evaluation and acquisition should be short.
• Security systems typically need to be properly configured and administered.