Security Tools News & Tips

SME Server is an open-source Linux server distribution based on CentOS. It is a secure and out-of-the-box Server/Gateway solution. Installation and basic configuration of SME Server takes less than 20 minutes, and every configuration option can be set via a web-based interface. SME Server only includes what is necessary, which translates into the entire ISO being less than 450MB. Stability comes from using proven, supported rpm packages and from an update system that notifies you with available updates. SME Server already has everything necessary to provide the core services most people need to network Linux, Macintosh, and Windows systems. It includes preconfigured Email Server (with anti-virus and anti-spam), Web Server, DNS Server, File Server, Print Server and Internet Gateway (Proxy, Router and simple Firewall).

• More information or Write a review...(0)

WinDump is the Windows version of tcpdump, the command line network analyzer for UNIX. WinDump is fully compatible with tcpdump and can be used to watch, diagnose and save to disk network traffic according to various complex rules. It can run under Windows 95, 98, ME, NT, 2000, XP, 2003 and Vista. WinDump is free and is released under a BSD-style licence.

• More information or Write a review...(0)

AIDE (Advanced Intrusion Detection Environment) is a security and data integrity tool, it is similar to Tripwire. It creates a database from the regular expression rules that it finds from the config file. Once this database is initialized it can be used to verify the integrity of the files. It has several message digest algorithms (md5,sha1,rmd160,tiger,haval,etc.) that are used to check the integrity of the file. More algorithms can be added with relative ease. All of the usual file attributes can also be checked for inconsistencies. It can read databases from older or newer versions.

• More information or Write a review...(0)

The ike-scan tool scans IP addresses for VPN servers by sending a specially crafted IKE packet to each host within a network. Most hosts running IKE will respond, identifying their presence. The tool then remains silent and monitors retransmission packets. These retransmission responses are recorded, displayed and matched against a known set of VPN product fingerprints. It is available for Linux, Unix, MacOS and Windows under the GPL license.

• More information or Write a review...(0)

• Snort DCE/RPC Preprocessor Buffer Overflow. Sourcefire Snort is a widely-deployed, open-source network intrusion detection system (IDS). A stack buffer overflow vulnerability in the Snort DCE/RPC preprocessor could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the Snort process.
• Cisco has issued a Security Advisory, which mentions that certain versions of IOS 12.x suffer from two new vulnerabilities involving its IPS feature set. The first flaw is Denial of Service (DoS) and second one is fragmentation attack.
• Watchfire, discovered a vulnerability in Google Desktop, which could enable a malicious individual to achieve not only remote, persistent access to sensitive data, but in some conditions full system control. The security hole is now fixed by Google.
• Researchers have discovered a “highly critical” security flaw in newly released Office 2007, despite Microsoft’s efforts to deliver its most secure version yet of the productivity software.
• Mozilla has released Firefox 2.0.0.2 and Firefox 1.5.0.10 Security and Stability Update. Due to the security fixes, it is strongly recommend that all Firefox users upgrade to these latest releases.

• Leave a comment...(1)

Juniper Networks Secure Access leads the SSL VPN market with a complete range of remote access appliances. Juniper Networks SSL VPN products have a variety of form factors and features that can be combined to meet the needs of companies of all sizes, from SMBs that need access for remote/mobile employees to large global deployments that need to provide remote and/or extranet access, for employees, partners, and customers from a single platform. Juniper Networks SSL VPNs are based on the Instant Virtual Extranet (IVE) platform, which uses SSL, the security protocol found in all standard Web browsers. The use of SSL eliminates the need for client-software deployment, changes to internal servers, and costly ongoing maintenance and desktop support.

• More information or Write a review...(1)

Core Impact is the first automated, comprehensive penetration testing product for assessing specific information security threats to an organization. By safely exploiting vulnerabilities in your network infrastructure, the product identifies real, tangible risks to information assets while testing the effectiveness of your existing security investments. Core Impact isn’t free, but is considered to be the most powerful exploitation tool available.

• More information or Write a review...(0)

Text-based packet sniffer for Unix and Windows hosts. Based loosely on the original Sun ’snoop’ tool, TCPDump uses libpcap and filtering rules to capture network traffic. TCPDump is a command line utility and doesn’t have GUI like ethereal, but it does the job well and usually have fewer bugs and security holes.

• More information or Read user reviews...(1)

Chinese government is not only controlling/filtering the Internet activity within China, but launching a well-orchestrated attacks on US targets. This has been going on for several years now. An official with the Naval Network Warfare Command told Federal Computer Week (FCW) on condition of anonymity.

They will exploit anything and everything

According to him, the biggest threats defense agencies face right now are coming out of China. For several years now hackers from China have garnered attention from military officials with their well-orchestrated attacks. In 2003, the Department of Defense (DOD) confirmed that it was parrying coordinated attacks from China’s Guangdong Province. At the time DOD codenamed the systematic Chinese cyberassault “Titan Rain,” but has since changed the codename and classified that information.

• Leave a comment...(1)

httprint is a web server fingerprinting tool. It relies on web server characteristics to accurately identify web servers, despite the fact that they may have been obfuscated by changing the server banner strings, or by plug-ins such as mod_security or servermask. httprint can also be used to detect web enabled devices which do not have a server banner string, such as wireless access points, routers, switches, cable modems, etc. httprint uses text signature strings and it is very easy to add signatures to the signature database. It’s available for Linux, Mac OS X, FreeBSD (command line only) and Win32 (command line and GUI).

• More information or Write a review...(0)