Security Tools News & Tips

Linux systems, as many others in the Unix family, have a well-known lack of access control. There is a small granularity of discretionary access rights, only dividing between read, write and execute rights for file owner, and file group members. The RSBAC (Rule Set Based Access Control) framework solves this access control deficiency by giving detailed access control information, and you can implement almost any access control model in it, e.g. as a runtime registered kernel module. Also, there is a powerful logging system which makes intrusion attempts easily detectable.

• More information or Write a review...(0)

The Firewall Tester (FTester) is a tool designed for testing firewalls filtering policies and Intrusion Detection System (IDS) capabilities. The tool consists of two perl scripts, a packet injector (ftest) and the listening sniffer (ftestd). The first script injects custom packets, defined in ftest.conf, with a signature in the data part while the sniffer listens for such marked packets. The scripts both write a log file which is in the same form for both scripts. A diff of the two produced files (ftest.log and ftestd.log) shows the packets that were unable to reach the sniffer due to filtering rules if these two scripts are ran on hosts placed on two different sides of a firewall. Stateful inspection firewalls are handled with the ‘connection spoofing’ option. A script called freport is also available for automatically parse the log files.

• More information or Write a review...(0)

BlockSSHD is a Perl script based on BruteForceBlocker v1.2.3 that dynamically adds IPTables rules for Linux and pf firewall rules for BSD that block SSH brute force attacks. It can also detect ProFTPd login failures. BlockSSHD checks a log file you specify, for example /var/log/secure on a Red Hat, for SSH login failure messages. If it detects a failure message it records the source IP address and starts a counter. If messages continue to be detected from the same source IP address the counter is incremented for each message. When the counter reaches a user-specified threshold then the script will add a firewall rule blocking SSH connections from that source IP address. A user-specified time-out is also defined to trigger a reset of the counter. If the counter is incremented but has not yet reached the blocking threshold and a new login failure message arrives then BlockSSHD checks the time-out. If the last increment of the counter occurred earlier than the current time minus the time-out period then the counter is reset rather than incremented. The time-out defaults to 600 seconds (10 minutes).

• More information or Write a review...(0)

PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to. Based on a set of approved and heavily tested filter rules any attack is given a numerical impact rating which makes it easy to decide what kind of action should follow the hacking attempt. This could range from simple logging to sending out an emergency mail to the development team, displaying a warning message for the attacker or even ending the user’s session. PHPIDS enables you to see who’s attacking your site and how and all without the tedious trawling of logfiles or searching hacker forums for your domain.

• More information or Write a review...

Network Security Toolkit (NST) is a bootable ISO live CD based on Fedora Core 6. The toolkit was designed to provide easy access to best-of-breed Open Source Network Security Applications and should run on most x86 platforms. The main intent of developing this toolkit was to provide the network security administrator with a comprehensive set of Open Source Network Security Tools.

• More information or Write a review...(0)

HLBR is an IPS (Intrusion Prevention System) that can filter packets directly in the layer 2 of the OSI model (so the machine doesn’t need even an IP address). Detection of malicious/anomalous traffic is done by rules based in signatures, and the user can add more rules. It is an efficient and versatile IPS, and it can even be used as bridge to honeypots and honeynets. Since it doesn’t make use of the operating system’s TCP/IP stack, it can be “invisible” to network access and attackers.

• More information or Write a review...(0)

Splunk is the search engine for IT data. It’s software that indexes and securely manages all your logs and IT data. It’s easy to download, install and use and it’s very powerful. System administrators, developers and even business users can search, navigate, alert and report on logs and IT data from any application, server or network device in real time.

• More information or Write a review...(0)

OSSEC HIDS is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting and active response. It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows. In addition to being an HIDS, it is commonly used as a SEM/SIM solution. Because of its powerful log analysis engine, ISPs, universities and data centers are running OSSEC HIDS to monitor and analyze their firewalls, IDSs, web servers and authentication logs.

• More information or Write a review...

SolarWinds, a leading provider of Windows-based network monitoring tools and network discovery and network management software, enables network engineers to reduce network downtime, monitor network performance, manage compliancy requirements, perform bulk configuration changes and improve staff efficiency. Security-related tools include many network discovery scanners, an SNMP brute-force cracker, router password decryption, a TCP connection reset program, one of the fastest and easiest router config download/upload applications available and more.

• More information or Write a review...(0)

AirTight Networks enables enterprises and service providers to maintain network and mobile client integrity from wireless security vulnerabilities whether or not they deploy a wireless network. AirTight Networks offers the industry’s first wireless IPS (WIPS) that delivers around-the-clock wireless monitoring and automatic intrusion prevention as well as manages wireless network performance for maximum capacity and uptime.

• More information or Write a review...(0)