As a sysadmin, how often do you run into a need for a little tool, to solve a simple problem and bump up against these massively exhaustive solutions? They are certainly awesome if you need all the features, but sometimes you’re just looking for a little tool to get a basic/simple task done. I’m the type of person that likes to cut-to-the-chase, skip the fluff, and use the KISS approach. At WTG, in both our consulting and service delivery practices, there are a few tools we like to use. In this blog, I wanted to “pop the hood” and share some of my favorites that makes our lives (and hopefully yours) a bit easier. If you need any help sourcing or configuring these, we (of course) are happy to help and would appreciate your business! Here goes (in alphabetical order) –
CBT Nuggets: Let’s face it – technology training is really expensive. Nearly impossibly expensive if your employer doesn’t cover it somehow. CBT Nuggets is a great site that has a bunch of different content and courses to help you advance your career and pick up some knowledge. It’s a flexible learning platform that’s relaxed and easy to navigate. It could feel a bit on the pricey side at $59/month. When you consider 1 course from an OEM or 1 3-credit online course at a university costs thousands, having access to a library of excellent training for a fraction of that feels like a great deal to me. Could be a great option for those who have a solid sysadmin background and want to learn more about cybersecurity. (https://www.cbtnuggets.com/)
Duo: This is a favorite for MFA solutions. It’s pretty easy to use and deploy, flexible options, and free for up to 10 users. If you need to expand beyond 10 users, it’s $3/month for the MFA option. Great deal for a whole lot of security and deployment options like protecting Windows (including RDP) logon and using their RADIUS proxy for MFA protection of switch/management access and even VDI. (https://duo.com)
Kiwi Syslog Server and Kiwi CatTools: Have you ever need a simple tool to capture and centralize syslog data and even generate alerts based on capture events? Kiwi Syslog Server has been in my tool bag for a long time! It’s a fantastic little utility to capture all that syslog output and take intelligent action (reporting, alerting, archiving for compliance). Equally simple it’s a flat $329.00 fee for the product. Amazing deal, useful tool! What’s just as useful as Kiwi Syslog is Kiwi CatTools. If you’ve been around networking for a while, you’ll probably recognize the name. If you need a simple tool to backup and restore network (switch) configs and have a simple level of device management – CatTools is the app for you. You can make bulk configuration changes, backup/restore configs, roll-back config changes, and generate reports. It’s a tried-and-true tool. Similar to Syslog it’s a perpetual license – no subscription $869.00 for unlimited devices (both apps have an option to maintain support/maintenance). (https://www.solarwinds.com/kiwi-syslog-server)
Lansweeper: Lansweeper is a staple for those who go back a few years (or more than a few!). This tool has been modernized but keeps its roots as a great tool to inventory your network for assets (devices, software, etc.). Gone are the days of tedious spreadsheet management! You can track IPs, find vulnerable software, discover devices (*cough* shadow IT), and provide excellent reports. You can even push software with it! Fantastic product. You can try it for free and it’s always been free for up to 100 assets! The paid version is only about $1/asset/year. A bargain compared to the time it takes you to generate 1 basic report from any other tool. (https://www.lansweeper.com/)
Microsoft 365 Business Premium: Say whaaaaaaaaaat? A Microsoft subscription product on this list? Yep! This is a spectacular deal with a ton of great stuff packed in. You get the whole hosted Exchange, Teams, SharePoint/OneDrive experience that you expect and the installed Microsoft Office Apps. “But wait there’s more” – this great bundle includes Azure AD P1 (provides MFA with conditional acce ss, SSO/SAML, and more), an Intune license for great/modern endpoint device management, Microsoft Defender (“the good version”), and more. Check this package out – good for places that have 300 or less licensed employees. If you want to test this software in a lab environment, you can literally purchase 1 license and test it all out! When this blog was written the monthly, non-annual commitment, version of Business Premium is $26.40/month. (https://www.microsoft.com/en-us/microsoft-365/business/microsoft-365-business-premium)
Nessus Pro: This one might not be the “cheapest” on this list but it’s powerful and easy to use. If you want an industry staple for simple (and advanced) vulnerability scanning and reporting. It’s a great tool to scan for vulnerabilities and report on findings. Nessus has been around for a long time and is a great tool to even audit another vulnerability management tool you might have. List price is just over $3,000 for 1 year but could save your bacon if you have a massive vulnerability on your network (hello IoT). It’s definitely not a managed vulnerability service, but it’s great if you have a relatively small environment and need some good data to work with. (https://www.tenable.com/products/nessus)
OpenDNS (Cisco Umbrella): OpenDNS has been around for a long, long time. In fact, you can use their global DNS servers at no cost. Umbrella is a fantastic value because it has a ton of security intelligence and a brilliantly simple way to filter content and block malicious sites. DNS translates names to IPs, not caring about protocols or encryption or anything. If you use Umbrella to “proxy” or resolve your DNS requests, you’ve added a massive layer of protection to your environment. They process over 250 billion DNS requests each day! For most smaller shops the DNS Security Essentials package is all you need. It’s something like $2-$3/user/month. A ton of protection that you can deploy on your network or on endpoints (they have a client too). (https://umbrella.cisco.com/)
PRTG: A staple, a legend! PRTG is brilliantly simple, powerful, and effective. You can download a free trial and it will convert to the freeware version (limited to 100 sensors) or pay for more. It’s easy to use and has a bunch of really intelligent and interesting features for mapping, uptime tracking, monitoring, reporting, ticketing, and event notification intelligence. Pretty easy to use – brilliant tool. (https://www.paessler.com/prtg)
Quest Secure Copy: This is a fantastic little data migration tool that can tremendously help with Windows (so CIFS) file server/NAS migration and consolidation projects. If you’re swapping a NAS, upgrading to a newer version of Windows or whatever – check this tool out. You can do bandwidth throttling, multi-threading, reporting, analysis, and just does a bang up job. The MSRP is $632.00 per server with 1 year of support. It’s an incredible deal for how much time it can save! (https://www.quest.com/products/secure-copy/)
SSL Labs (): If you’ve ever been dinged in an external vulnerability assessment, you’ve probably had to tweak ciphers and algorithms. You might just be interested in making sure a public facing site is as secure as possible. You might want to know what devices/browsers might break if you make a change. SSL Labs is completely free and gives you a graded score and complete report on the SSL/TLS state of your website. It’s fantastically useful! If you don’t want your results publicly placed on the leaderboard, make sure you check “Do not show the results on the boards”. This free service provides a great deal of excellent information. (https://www.ssllabs.com)
“BONUS” Tool – hMailServer: If you’re looking for a relatively easy to use SMTP relay “engine”, check out hMailServer. It’s a great open-source project – been around for a long time. I’ve used this several times to help applications (like vCenter) have relay capabilities when SMTP AUTH is involved/required! Easy to setup, many flexible configuration options, and some great out of the box security options/features. (https://www.hmailserver.com/)