League of Professional System Administrators - Security

PBNJ

doug — Wed, 12 Sep 2007 10:58:59 -0700

Short Description:
compares two nmap scans and outputs the differences, does mapping, and does scanning

Home Page:
www.darknet.org.uk/2006/05/pbnj-114-released-diff-your-nmap-results/

Release Date:
Wed, 2006-05-24 10:00

Status:
Stable

Long Description:

PBNJ is a network tool that can be used to give an overview of an machine or multiple machines by identifying the details about the services running on them. PBNJ is different from other tools because it is based on using a scan from nmap parsed to amap. PBNJ parses the data from a scan and outputs to a CSV format file for each ip address scanned.

However, PBNJ is able to handle additional scans and parse the data while only looking for changes. For example, if a machine was updated with a newer version of OpenSSH than was running when the first scan was performed, the CSV file would contain the difference of the scan. Very useful for vulnerability assessment and penetration testing.

dsniff

doug — Sat, 25 Aug 2007 09:16:44 -0700

Short Description:
dsniff is a collection of tools for network auditing and penetration testing

Home Page:
monkey.org/~dugsong/dsniff/

Release Date:
Wed, 2000-08-16 21:00

Status:
Mature

Long Description:

dsniff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI.

SecureLinx Spider

doug — Wed, 18 Jul 2007 19:08:04 -0700

Short Description:
SecureLinx Spider provides secure KVM over IP (keyboard, video, mouse) management of servers over an IP network

Home Page:
www.lantronix.com/data-center-management/kvm-solutions/securelinx-spider.html

Release Date:
Wed, 2007-04-18 19:00

Status:
New

Long Description:

SecureLinx Spider™ provides secure KVM over IP (keyboard, video, mouse) management of servers over an IP network. Unlike traditional KVM switches on the market, Spider offers a flexible, scalable and affordable CAT5-based remote access KVM solution in a cable friendly, compact “zero-footprint” package.

The latest addition to the SecureLinx family of IT/data center management products, this KVM over IP solution eliminates server-to-switch CAT5 cable distance limitations, and gives system administrators non-intrusive and cost-effective 24/7 access to servers across a wide variety of IT/network environments: from mission critical servers in high-density data centers, to servers distributed over corporate campuses, multi-floor buildings, remote/branch office sites. Management access, from BIOS to applications, from any web browser anywhere, at any time… guaranteed.

OSSEC

doug — Wed, 18 Jul 2007 18:54:51 -0700

Short Description:
OSSEC is an Open Source Host-based Intrusion Detection System

Home Page:
www.ossec.net

Release Date:
Fri, 2003-06-20 18:00

Long Description:

OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, real-time alerting and active response.

It runs on most operating systems, including Linux, OpenBSD, FreeBSD, MacOS, Solaris and Windows.

If you have one system to monitor, you can install the OSSEC HIDS locally on that box and do everything from there. However, if you are administering a few systems, you can select one to be your OSSEC server and the others to be OSSEC agents, forwarding events to the server for analysis. One of the greatest benefits of the OSSEC HIDS is its scalability, allowing you to monitor multiple systems from a central point.

rootsh

nhruby — Tue, 29 May 2007 17:04:40 -0700

Short Description:
rootsh - a logging wrapper for shells

Home Page:
people.consol.de/~lausser/rootsh/rootsh.html

Release Date:
Thu, 2005-03-24 17:00

Status:
Mature

Long Description:

Start a shell with logging of input/output. Rootsh must be started via sudo if you want to become root. It does not raise your privileges on it's own. You can run rootsh as a standalone application if you only want to log your own user's session. If you call rootsh with additional commands, these will be passed to the shell.

netcat

doug — Sat, 28 Apr 2007 07:43:44 -0700

Short Description:
Netcat is a featured networking utility which reads and writes data across network connections, using the TCP/IP protocol

Home Page:
netcat.sourceforge.net

Release Date:
Sun, 2002-09-29 07:00

Status:
Mature

Long Description:

Netcat is a featured networking utility which reads and writes data across network connections, using the TCP/IP protocol. It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities.

It provides access to the following main features:

Outbound and inbound connections, TCP or UDP, to or from any ports.
Featured tunneling mode which allows also special tunneling such as UDP to TCP, with the possibility of specifying all network parameters (source port/interface, listening port/interface, and the remote host allowed to connect to the tunnel.
Built-in port-scanning capabilities, with randomizer.
Advanced usage options, such as buffered send-mode (one line every N seconds), and hexdump (to stderr or to a specified file) of trasmitted and received data.
Optional RFC854 telnet codes parser and responder.

The GNU Netcat is distributed freely under the GNU General Public License (GPL).

SandboxIE

doug — Wed, 14 Mar 2007 05:37:49 -0700

Short Description:
SandboxIE is a virtual environment that prevents malware from directly accessing your hard drive

Home Page:
www.sandboxie.com

Release Date:
Wed, 2004-07-07 05:00

Status:
Stable

Long Description:

...from www.sandboxie.com...
When you run a program on your computer, data flows from the hard disk to the program via read operations. The data is then processed and displayed, and finally flows back from the progam to the hard disk via write operations.

For example, if you run the Freecell program to play a game, it starts by reading the previously recorded statistics, displaying and altering them as you play the game, and finally writing them back to disk for future reference.

Firekeeper

doug — Wed, 07 Mar 2007 13:09:09 -0800

Short Description:
Firekeeper is an Intrusion Detection and Prevention System for Firefox

Home Page:
firekeeper.mozdev.org

Release Date:
Tue, 2006-03-07 14:00

Status:
Active

Long Description:

Firekeeper is an Intrusion Detection and Prevention System for Firefox. It is able to detect, block and warn the user about malicious sites. Firekeeper uses flexible rules similar to Snort ones to describe browser based attack attempts. Rules can also be used to effectively filter different kinds of unwanted content. Other features of Firekeeper include:

Ability to scan incoming Firefox traffic - HTTP(S) response headers, body and URL and to cancel processing of suspicious responses.
HTTPS and compressed responses are scanned after decryption/decompression.
Very fast pattern matching algorithm (taken directly from Snort).

OpenVPN

doug — Mon, 12 Feb 2007 19:21:30 -0800

Short Description:
OpenVPN is a full-featured SSL VPN solution which can accomodate a wide range of configurations

Home Page:
openvpn.net

Release Date:
Sun, 2002-04-14 20:00

Status:
Mature

Long Description:

OpenVPN is a full-featured SSL VPN solution which can accomodate a wide range of configurations, including remote access, site-to-site VPNs, WiFi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls.

OpenVPN implements OSI layer 2 or 3 secure network extension using the industry standard SSL/TLS protocol, supports flexible client authentication methods based on certificates, smart cards, and/or 2-factor authentication, and allows user or group-specific access control policies using firewall rules applied to the VPN virtual interface. OpenVPN is not a web application proxy and does not operate through a web browser.

sudosh

doug — Wed, 15 Nov 2006 21:15:38 -0800

Short Description:
Sudosh records all keystrokes and output and can play back the session as just like a VCR.

Home Page:
sourceforge.net/projects/sudosh/

Release Date:
Mon, 2004-09-20 19:12

Status:
Stable

Long Description:

sudosh is used with sudo(8) to exec the user's shell specified in /etc/passwd as root. sudosh makes use of the built-in script(5) command to log session data to syslog.

Companies that have a team of system administrators and a large number of servers face a difficult problem: root access.

The most common solution is to distribute the root password to the system administrators and contain them in a wheel group. With the recent requirements of Sarbanes and Oxley this becomes quickly impossible because the root password must be changed every 3 months.

The other option is to use sudo. Sudo works great. It's actually too good. This is why I created sudosh. Sudo doesn't allow you to do shell type things that system administrators are used to. The following example is a real command that is used during an AIX data migration:

FastSum

AHand — Sat, 21 Oct 2006 00:18:34 -0700

Short Description:
MD5 file integrity control checksum tool

Home Page:
www.fastsum.com/?start

Release Date:
Tue, 2002-12-31 10:00

Long Description:

FastSum is an extremely fast MD5 hash utility for your file integrity control. The high accuracy and speed attains through the use of a well-known and time-proven cryptographic MD5 algorithm. As a matter of fact, FastSum is a Windows MD5 hash checker. You do not have to be afraid of these unintelligible words, all you have to know is - how to run FastSum.

phpLogCon

doug — Sun, 27 Aug 2006 20:54:20 -0700

Short Description:
phpLogCon is a web interface to syslog and other network event data.

Home Page:
www.phplogcon.com

Release Date:
Wed, 2005-08-10 20:00

Status:
Active

Long Description:

phpLogCon is a web interface to syslog and other network event data. It provides easy browsing and some basic analysis of realtime network events. Depending on the applications feeding the database, it can process Windows event log entries and even SNMP trap data - just to name a few.

phpLogCon is part of Adiscon's MonitorWare line of monitoring applications. It runs both under Windows and Unix/Linux. The database can be populated by MonitorWare Agent, WinSyslog or EventReporter on the Windows side and by rsyslog on the Unix/Linux side. phpLogCon itself is free, GPLed software (as are some other memebers of the product line).

rsyslog

doug — Sun, 27 Aug 2006 20:47:42 -0700

Short Description:
Rsyslog is an enhanced multi-threaded syslogd supporting, among others, MySQL, syslog/tcp, RFC 3195, permitted sender lists, fil

Home Page:
www.rsyslog.com

Release Date:
Fri, 2005-09-23 20:00

Status:
Active

Long Description:

Rsyslog is an enhanced multi-threaded syslogd supporting, among others, MySQL, syslog/tcp, RFC 3195, permitted sender lists, filtering on any message part, and fine grain output format control. It is quite compatible to stock sysklogd and can be used as a drop-in replacement. Its advanced features make it suitable for enterprise-class, encryption protected syslog relay chains while at the same time being very easy to setup for the novice user. An optional web interface - phpLogCon - can be used to visualize all data online.

Top 100 security tools grouped by category

doug — Sun, 27 Aug 2006 20:44:09 -0700

Short Description:
A large index of security tools of all kinds

Home Page:
sectools.org

Release Date:
Sat, 2005-08-27 20:00

Status:
Active

Long Description:

After the tremendously successful 2000 and 2003 security tools surveys, Insecure.Org is delighted to release this 2006 survey. I (Fyodor) asked users from the nmap-hackers mailing list to share their favorite tools, and 3,243 people responded. This allowed me to expand the list to 100 tools, and even subdivide them into categories. Anyone in the security field would be well advised to go over the list and investigate tools they are unfamiliar with. I discovered several powerful new tools this way. I also point newbies to this site whenever they write me saying “I don't know where to start”.

Kee Pass

doug — Sun, 27 Aug 2006 20:29:14 -0700

Short Description:
open-source, light-weight and easy-to-use password manager

Home Page:
keepass.sourceforge.net

Release Date:
Wed, 2003-08-27 20:00

Status:
Active

Long Description:

KeePass is a free/open-source password manager or safe which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key-disk. So you only have to remember one single master password or insert the key-disk to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).