IT Security: Risking the Corporation
| As I've mentioned throughout this book, there are a lot of software packages related to security. This section lists various free security products that anyone involved with security issues should be aware of. Free SoftwareCOPS
The Computer Oracle and Password System (COPS) is a security program that tries to identify security risks on a UNIX system. It checks for empty passwords in /etc/passwd, world-writable files, misconfigured ftp sites, and so on. To obtain a copy, go to the anonymous ftp site. ftp.cert.org Cgichk
A Web vulnerability tool that searches for a series of intersecting directories and files on a particular site. www.sourceforge.net/projects/cgichk Coroner's Toolkit
Computer forensics software that can be used after a break-in for a post-mortem analysis of a UNIX system. www.porcupine.org/forensics/ Crack
Use Crack, by Alec Muffett, to test for bad passwords. (However, don't run Crack on systems you are not responsible for supporting. Otherwise, you could find yourself out of a job!) Get your copy at the anonymous ftp site. info.cert.org/pub/tools/crack Dsniff
A collection of tools for network auditing and penetration testing. monkey.org/~dugsong/dsniff Firewalk
Firewalk analyzes IP packet responses to determine gateway ACL filters. www.es2.net/research/firewalk GNUPG
A complete replacement for PGP. It does not use the patented IDEA algorithm and it can be employed without any restriction. www.gnupg.org Hping2
This is a command-line-oriented TCP/IP packet assembler/analyzer. www.hping.org IP Filter
IP Filter is a TCP/IP packet filter. coombs.anu.edu.au/ipfilter Klaxon & Tocson
Intrusion-detection tools used to identify unusual activity (i.e., udp, tcp). Klaxon is extremely useful in detecting ISS and SATAN port scanner attacks. Tocson is useful in detecting TCP SYN probe attempts. www.eng.auburn.edu/users/doug/second.html L0phtCrack
L0phtCrack is a password auditing tool. The new release is faster and has better reporting. For example, it reports the number and percentage of cracked passwords. www.@stake.com/research/lc Lsof
Lsof displays all open files on a UNIX system. Get your copy at the anonymous ftp site. vic.cc.purdue.edu Nessus
Nessus project was started to provide the Internet community with free security auditing tools.This site has several projects and software programs available. www.nessus.org NPASSWD
This password changer proactively checks for bad passwords and refuses them. Get your copy at the anonymous ftp site. ftp.cc.utexas.edu/pub/npasswd OpenSSH
A free version of the SSH protocol. www.openssh.com/ OPIE
This is a free redistributable kit that drops into most UNIX systems, replacing the login and FTP daemon with versions that use the OTP for user authentication. www.inner.net/opie/ SATAN (System Administrator's Tool for Analyzing Networks)
SATAN, written by Wietse Venema and Dan Farmer, probes systems from the network in the same way an actual hacker would. You can use it to test the security of a single system or many systems on a network. Get your copy at the anonymous ftp site. www.porcupine.org/pub/security/index.html SNORT
Open Source Network Intrusion Detection System. www.snort.org Socks
This package allows various Internet services (such as gopher, ftp, and telnet) to be used through a firewall. To get your copy, connect to the anonymous ftp site. www.socks.nec.com/ Solaris Security Toolkit
Solaris Security Tookit. www.sun.com/security/jass Swatch
The Swatch package monitors and filters log files and executes a specified action based on a specified log pattern. Get your copy at the anonymous ftp site. oit.ucsb.edu/~eta/swatch/ TCP Wrapper
This package allows a UNIX system administrator to control access to various network services through the use of an access control list. It also provides logging information about wrapped network services and can be used to prevent or monitor network attacks. Get your copy at the anonymous ftp site. ftp://ftp.porcupine.org/pub/security/index.html TIS Firewall Toolkit
This software package can be used to build and maintain a system to protect a network from unwanted network activities. Look for it at the anonymous ftp site. www.fwtk.org Tiger
Tiger checks for known security vulnerabilities at UNIX workstations. It is similar to COPS, but more extensive. Get your copy at the anonymous ftp site. www.net.tamu.edu/ftp/security/TAMU Titan
Titan is a collection of programs which fix or tighten the security configurations at the time of installation on a UNIX system. www.fish.com/titan Tripwire
Tripwire monitors for changes in system binaries. It is available at the anonymous ftp site. www.tripwire.com/ TTY-Watcher
TTY-Watcher monitors, logs, and interacts with all system TTYs. To get a copy, go to the anonymous ftp site. ftp://ftp.cerias.purdue.edu/pub/tools/unix/sysutils/ttywatcher/ OPIE
Up-to-date downward-compatible S/Key. inner.net/opie/ |