Archive for 'IDS/IPS' Category

RSBAC

RsbacLinux systems, as many others in the Unix family, have a well-known lack of access control. There is a small granularity of discretionary access rights, only dividing between read, write and execute rights for file owner, and file group members. The RSBAC (Rule Set Based Access Control) framework solves this access control deficiency by giving detailed access control information, and you can implement almost any access control model in it, e.g. as a runtime registered kernel module. Also, there is a powerful logging system which makes intrusion attempts easily detectable.

Posted by Niranjan on July 26th, 2007 in Freeware, Linux/Unix, Tools, IDS/IPS | Share This | Tags:
 Votes | Average: 0 out of 5 Votes | Average: 0 out of 5 Votes | Average: 0 out of 5 Votes | Average: 0 out of 5 Votes | Average: 0 out of 5 (No Ratings Yet)
Loading ... Loading ...

FTester

FtesterThe Firewall Tester (FTester) is a tool designed for testing firewalls filtering policies and Intrusion Detection System (IDS) capabilities. The tool consists of two perl scripts, a packet injector (ftest) and the listening sniffer (ftestd). The first script injects custom packets, defined in ftest.conf, with a signature in the data part while the sniffer listens for such marked packets. The scripts both write a log file which is in the same form for both scripts. A diff of the two produced files (ftest.log and ftestd.log) shows the packets that were unable to reach the sniffer due to filtering rules if these two scripts are ran on hosts placed on two different sides of a firewall. Stateful inspection firewalls are handled with the ‘connection spoofing’ option. A script called freport is also available for automatically parse the log files.

Posted by Niranjan on July 20th, 2007 in Linux/Unix, Tools, OSX, Network, Firewall, IDS/IPS, Packet Sniffer | Share This | Tags: , ,
 Votes | Average: 0 out of 5 Votes | Average: 0 out of 5 Votes | Average: 0 out of 5 Votes | Average: 0 out of 5 Votes | Average: 0 out of 5 (No Ratings Yet)
Loading ... Loading ...

BlockSSHD

BlocksshdBlockSSHD is a Perl script based on BruteForceBlocker v1.2.3 that dynamically adds IPTables rules for Linux and pf firewall rules for BSD that block SSH brute force attacks. It can also detect ProFTPd login failures. BlockSSHD checks a log file you specify, for example /var/log/secure on a Red Hat, for SSH login failure messages. If it detects a failure message it records the source IP address and starts a counter. If messages continue to be detected from the same source IP address the counter is incremented for each message. When the counter reaches a user-specified threshold then the script will add a firewall rule blocking SSH connections from that source IP address. A user-specified time-out is also defined to trigger a reset of the counter. If the counter is incremented but has not yet reached the blocking threshold and a new login failure message arrives then BlockSSHD checks the time-out. If the last increment of the counter occurred earlier than the current time minus the time-out period then the counter is reset rather than incremented. The time-out defaults to 600 seconds (10 minutes).

Posted by Niranjan on July 9th, 2007 in Freeware, Linux/Unix, Tools, Network, Firewall, IDS/IPS | Share This | Tags: , ,
 Votes | Average: 0 out of 5 Votes | Average: 0 out of 5 Votes | Average: 0 out of 5 Votes | Average: 0 out of 5 Votes | Average: 0 out of 5 (No Ratings Yet)
Loading ... Loading ...

PHPIDS

PhpidsPHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to. Based on a set of approved and heavily tested filter rules any attack is given a numerical impact rating which makes it easy to decide what kind of action should follow the hacking attempt. This could range from simple logging to sending out an emergency mail to the development team, displaying a warning message for the attacker or even ending the user’s session. PHPIDS enables you to see who’s attacking your site and how and all without the tedious trawling of logfiles or searching hacker forums for your domain.

Posted by Niranjan on June 11th, 2007 in Freeware, Linux/Unix, Tools, Windows, OSX, IDS/IPS | Share This | Tags: ,
 Votes | Average: 0 out of 5 Votes | Average: 0 out of 5 Votes | Average: 0 out of 5 Votes | Average: 0 out of 5 Votes | Average: 0 out of 5 (No Ratings Yet)
Loading ... Loading ...

Network Security Toolkit

Nst-2Network Security Toolkit (NST) is a bootable ISO live CD based on Fedora Core 6. The toolkit was designed to provide easy access to best-of-breed Open Source Network Security Applications and should run on most x86 platforms. The main intent of developing this toolkit was to provide the network security administrator with a comprehensive set of Open Source Network Security Tools.

Posted by Niranjan on June 4th, 2007 in Freeware, Linux/Unix, Tools, IDS/IPS, Packet Sniffer, Port Scanner, Live CD | Share This | Tags: , ,
 Votes | Average: 0 out of 5 Votes | Average: 0 out of 5 Votes | Average: 0 out of 5 Votes | Average: 0 out of 5 Votes | Average: 0 out of 5 (No Ratings Yet)
Loading ... Loading ...

HLBR

HlbrHLBR is an IPS (Intrusion Prevention System) that can filter packets directly in the layer 2 of the OSI model (so the machine doesn’t need even an IP address). Detection of malicious/anomalous traffic is done by rules based in signatures, and the user can add more rules. It is an efficient and versatile IPS, and it can even be used as bridge to honeypots and honeynets. Since it doesn’t make use of the operating system’s TCP/IP stack, it can be “invisible” to network access and attackers.

Posted by Niranjan on June 1st, 2007 in Freeware, Linux/Unix, Tools, Network, IDS/IPS | Share This | Tags: , ,
 Votes | Average: 0 out of 5 Votes | Average: 0 out of 5 Votes | Average: 0 out of 5 Votes | Average: 0 out of 5 Votes | Average: 0 out of 5 (No Ratings Yet)
Loading ... Loading ...

Splunk

SplunkSplunk is the search engine for IT data. It’s software that indexes and securely manages all your logs and IT data. It’s easy to download, install and use and it’s very powerful. System administrators, developers and even business users can search, navigate, alert and report on logs and IT data from any application, server or network device in real time.

Posted by Niranjan on April 15th, 2007 in Freeware, Linux/Unix, Tools, Network, IDS/IPS | Share This | Tags: , , ,
1 Votes | Average: 5 out of 51 Votes | Average: 5 out of 51 Votes | Average: 5 out of 51 Votes | Average: 5 out of 51 Votes | Average: 5 out of 5 (1 votes, average: 5 out of 5)
Loading ... Loading ...

OSSEC HIDS

OssecOSSEC HIDS is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting and active response. It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows. In addition to being an HIDS, it is commonly used as a SEM/SIM solution. Because of its powerful log analysis engine, ISPs, universities and data centers are running OSSEC HIDS to monitor and analyze their firewalls, IDSs, web servers and authentication logs.

SolarWinds

SolarwindsSolarWinds, a leading provider of Windows-based network monitoring tools and network discovery and network management software, enables network engineers to reduce network downtime, monitor network performance, manage compliancy requirements, perform bulk configuration changes and improve staff efficiency. Security-related tools include many network discovery scanners, an SNMP brute-force cracker, router password decryption, a TCP connection reset program, one of the fastest and easiest router config download/upload applications available and more.

AirTight

AirtightAirTight Networks enables enterprises and service providers to maintain network and mobile client integrity from wireless security vulnerabilities whether or not they deploy a wireless network. AirTight Networks offers the industry’s first wireless IPS (WIPS) that delivers around-the-clock wireless monitoring and automatic intrusion prevention as well as manages wireless network performance for maximum capacity and uptime.

Posted by Niranjan on April 2nd, 2007 in Hardware, Tools, Wireless, Network, IDS/IPS | Share This | Tags: , , ,
 Votes | Average: 0 out of 5 Votes | Average: 0 out of 5 Votes | Average: 0 out of 5 Votes | Average: 0 out of 5 Votes | Average: 0 out of 5 (No Ratings Yet)
Loading ... Loading ...
Next Page »