Security Tools News & Tips

The Honeywall CDROM is a bootable CD that copies all the functionality of a Honeywall onto a hard drive. It comes with all the tools and functionality for you to implement data capture, data control, and data analysis. It creates an architecture that allows you to deploy both low-interaction and high-interaction honeypots within it. The purpose of the Honeywall CDROM is to make it easier to deploy, manage, and derive value from honeynet technologies. The CDROM supports several configuration methods, including an interactive menu and .iso customization scripts. The CDROM is an appliance, based on a minimized and secured Linux OS.

• More information or Write a review...(0)

Security Administrator’s Integrated Network Tool (SAINT) is a commercial vulnerability assessment tool. Before you can secure a network, you have to know how it’s threatened. SAINT uncovers areas of weakness and recommends fixes. With SAINT vulnerability assessment tool, you can detect and fix possible weaknesses in your network’s security before they can be exploited by intruders, anticipate and prevent common system vulnerabilities and demonstrate compliance with current government regulations. SAINT also features a graphical user interface that is intuitive and easy to use.

• More information or Write a review...(0)

Firewalk is an active reconnaissance network security tool that attempts to determine what layer 4 protocols a given IP forwarding device will pass. Firewalk works by sending out TCP or UDP packets with a TTL one greater than the targeted gateway. If the gateway allows the traffic, it will forward the packets to the next hop where they will expire and elicit an ICMP_TIME_EXCEEDED message. If the gateway host does not allow the traffic, it will likely drop the packets on the floor and we will see no response. To get the correct IP TTL that will result in expired packets one beyond the gateway we need to ramp up hop-counts. We do this in the same manner that traceroute works. Once we have the gateway hopcount (at that point the scan is said to be `bound`) we can begin our scan. It is significant to note the fact that the ultimate destination host does not have to be reached. It just needs to be somewhere downstream, on the other side of the gateway, from the scanning host.

• More information or Write a review...(0)

Cheops-ng (cheops next generation) is a Network management tool for mapping and monitoring your network. It has host/network discovery functionality as well as OS detection of hosts. Cheops-ng has the ability to probe hosts to see what services they are running. On some services, cheops-ng is actually able to see what program is running for a service and the version number of that program.

• More information or Write a review...(1)

Xprobe2 is an active operating system fingerprinting tool with a different approach to operating system fingerprinting. Xprobe2 rely on fuzzy signature matching, probabilistic guesses, multiple simultaneously matches, and a signature database. Xprobe is an alternative to some tools which are heavily dependent upon the usage of the TCP protocol for remote active operating system fingerprinting.

• More information or Write a review...(0)

Arudius is an information assurance (IA) Linux live CD with tools for penetration testing and vulnerability analysis. Information assurance has many other aspects besides network security. The CD consists of a Zenwalk Linux base on top of which a large collection of network security testing software (full list) has been installed – including tools listed on Insecure.org Top 75 list plus many other tools listed on Freshmeat, Sf.net and other information assurance sites around the world.

• More information or Write a review...(0)

BackTrack is the most Top rated linux live distribution focused on penetration testing. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes. It’s evolved from the merge of the two wide spread distributions Whax and Auditor Security Collection. BackTrack has a long history and was based on many different linux distribution until it is now based on a Slackware linux distribution and the corresponding live-CD scripts. Every packet, kernel configuration and scripts are optimized to be used by security penetration testers. Patches and automatism have been added, applied or developed to provide a neat and ready-to-go environment.

• More information or Write a review...(0)

Hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn’t only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features. A subset of the stuff you can do using hping: Firewall testing, Advanced port scanning, Network testing, using different protocols, TOS, fragmentation, Manual path MTU discovery, Advanced traceroute, under all the supported protocols, Remote OS fingerprinting, Remote uptime guessing and TCP/IP stacks auditing.

• More information or Write a review...(0)

Retina is a commercial vulnerability assessment scanner for Windows. Like Nessus, Retina scans all the hosts on a network and report on any vulnerabilities found. It was developed by eEye digital security, a company which is popular for it’s security research. You can download an evaluation of Retina Network Security Scanner and experience first hand the benefits of multiplatform security vulnerability risk assessment, scanning your network vulnerabilities.

• More information or Write a review...(0)

Nagios is an open source host, service and network monitoring program. It is designed to inform you of network problems before your clients, end-users or managers do. It runs under Linux/Unix. Some of its many features include monitoring of network services (SMTP, POP3, HTTP, NNTP, PING, etc.), monitoring of host resources (processor load, disk and memory usage, running processes, log files, etc.), monitoring of environmental factors such as temperature and when problems are encountered, or resolved it can send notifications out to administrative contacts in a variety of different ways (email, instant message, SMS, etc.). I’ve been using Nagios for a long time, for me it’s a must have tool because it gives me a bird’s eye view of all the networks and servers health, this critical insight allows me to respond to network and security problems in timely manner.

• More information or Write a review...(0)