Security Tools News & Tips » IDS/IPS

FortiClient standard edition

Niranjan — Wed, 16 Sep 2009 19:14:02 +0000

FortiClient™ standard edition offers one of the most comprehensive security suites for your PC available – including a full range of Fortinet threat protections for PCs and laptops, even when used on insecure public networks. This free download provides SSL and IPSec VPN, a personal firewall, antivirus/antispyware scanning, Intrusion Prevention and web filtering. FortiGate™ users complete their network security framework with Endpoint Control, Application Detection and WAN Optimization. Automatic updates from the FortiGuard™ subscription service ensure protection against the latest threats.

FortiClient standard edition Homepage

Check Point Power-1 Appliances

Niranjan — Tue, 08 Sep 2009 20:24:26 +0000

Check Point Power-1 appliances enable organizations to maximize security in high-performance environments such as large campuses or data centers. They combine Check Point firewall, IPsec VPN, and intrusion prevention Software Blades with advanced acceleration and networking technologies that deliver a high-performance security platform for multi-Gbps environments.

Key Benefits

- Ensures availability of business-critical applications with up to 25 Gbps of firewall throughput and total system performance (Firewall + IPS) of up to 15 Gbps

- Field upgradeable for maximum performance flexibility (Power-1 11000 Series)

-Provides a comprehensive set of security Software Blades that is extensible on demand to include Web security, antivirus, anti-spyware, and anti-spam

- Simplifies administration with a single management console for all sites

- Protects against emerging threats with Software Blade update services

Check Point Power-1 Appliances Homepage

Cisco ASA 5500 Series Firewall

Niranjan — Fri, 04 Sep 2009 20:56:26 +0000

The Cisco ASA 5500 Series Adaptive Security Appliance is a modular platform that provides the next generation of security and VPN services for small and medium-sized business and enterprise applications. The comprehensive portfolio of services within the Cisco ASA 5500 Series enables customization for location-specific needs through its four tailored package product editions: the Firewall, VPN, IPS, and Content Security Editions.

These packages enable superior protection by providing the right services for the right location. At the same time, they enable standardization on the Cisco ASA 5500 Series platform to reduce costs in management, training, and sparing. Finally, each Edition simplifies design and deployment by providing pre-packaged location-specific security solutions.

Cisco ASA 5500 Series Firewall Homepage

Juniper Networks IDP Series

Niranjan — Fri, 28 Aug 2009 16:00:51 +0000

Juniper Networks IDP Series Intrusion Detection and Prevention Appliances offer the latest capabilities in network intrusion prevention to protect the network from a wide range of attacks. Using industry-recognized stateful detection and prevention techniques, the IDP Series provides zero-day protection against worms, trojans, spyware, keyloggers, and other malware.

Juniper Networks IDP Series Homepage

Wireshark

Niranjan — Thu, 20 Aug 2009 22:33:52 +0000

Wireshark is the world’s foremost network protocol analyzer, and is the de facto (and often de jure) standard across many industries and educational institutions. Wireshark development thrives thanks to the contributions of networking experts across the globe. It is the continuation of a project that started in 1998. It started as Ethereal but was later re-branded as Wireshark due to trademark issues.

Wireshark Homepage

RSBAC

Niranjan — Thu, 26 Jul 2007 02:36:26 +0000

Linux systems, as many others in the Unix family, have a well-known lack of access control. There is a small granularity of discretionary access rights, only dividing between read, write and execute rights for file owner, and file group members. The RSBAC (Rule Set Based Access Control) framework solves this access control deficiency by giving detailed access control information, and you can implement almost any access control model in it, e.g. as a runtime registered kernel module. Also, there is a powerful logging system which makes intrusion attempts easily detectable.

RSBAC Homepage

FTester

Niranjan — Fri, 20 Jul 2007 08:07:43 +0000

The Firewall Tester (FTester) is a tool designed for testing firewalls filtering policies and Intrusion Detection System (IDS) capabilities. The tool consists of two perl scripts, a packet injector (ftest) and the listening sniffer (ftestd). The first script injects custom packets, defined in ftest.conf, with a signature in the data part while the sniffer listens for such marked packets. The scripts both write a log file which is in the same form for both scripts. A diff of the two produced files (ftest.log and ftestd.log) shows the packets that were unable to reach the sniffer due to filtering rules if these two scripts are ran on hosts placed on two different sides of a firewall. Stateful inspection firewalls are handled with the ‘connection spoofing’ option. A script called freport is also available for automatically parse the log files.

FTester Homepage

BlockSSHD

Niranjan — Mon, 09 Jul 2007 07:47:22 +0000

BlockSSHD is a Perl script based on BruteForceBlocker v1.2.3 that dynamically adds IPTables rules for Linux and pf firewall rules for BSD that block SSH brute force attacks. It can also detect ProFTPd login failures. BlockSSHD checks a log file you specify, for example /var/log/secure on a Red Hat, for SSH login failure messages. If it detects a failure message it records the source IP address and starts a counter. If messages continue to be detected from the same source IP address the counter is incremented for each message. When the counter reaches a user-specified threshold then the script will add a firewall rule blocking SSH connections from that source IP address. A user-specified time-out is also defined to trigger a reset of the counter. If the counter is incremented but has not yet reached the blocking threshold and a new login failure message arrives then BlockSSHD checks the time-out. If the last increment of the counter occurred earlier than the current time minus the time-out period then the counter is reset rather than incremented. The time-out defaults to 600 seconds (10 minutes).

BlockSSHD Homepage

PHPIDS

Niranjan — Mon, 11 Jun 2007 05:41:25 +0000

PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to. Based on a set of approved and heavily tested filter rules any attack is given a numerical impact rating which makes it easy to decide what kind of action should follow the hacking attempt. This could range from simple logging to sending out an emergency mail to the development team, displaying a warning message for the attacker or even ending the user’s session. PHPIDS enables you to see who’s attacking your site and how and all without the tedious trawling of logfiles or searching hacker forums for your domain.

PHPIDS Homepage

Network Security Toolkit

Niranjan — Mon, 04 Jun 2007 09:22:55 +0000

Network Security Toolkit (NST) is a bootable ISO live CD based on Fedora Core 6. The toolkit was designed to provide easy access to best-of-breed Open Source Network Security Applications and should run on most x86 platforms. The main intent of developing this toolkit was to provide the network security administrator with a comprehensive set of Open Source Network Security Tools.

NST Homepage

Screenshots