UNIX SECURITY --- May 17, 2001
Published by ITworld.com -- changing the way you view IT
http://www.itworld.com/newsletters
__________________________________________________________________________
______
HIGHLIGHTS
* Tools of the security trade.
__________________________________________________________________________
____
A Few "Must Have" Security Tools
By Rick Johnson
With literally thousands of open source security related tools out
there, how do you know which ones you need? Well, only you can answer
that; I can only list a few of the ones in my arsenal. While those I
trust have recommended some, most were found through rigorous testing
and plain old dumb luck.
* Nmap (http://www.insecure.org/nmap) - Nmap is a utility for port
scanning large networks or a single host. This should be at the
core of every Security Engineers toolkit. A few of the supported
features of nmap include TCP SYN scanning, stealth scanning, ftp
bounce attack, SYN/FIN scanning using IP fragments, ping-sweep,
Direct RPC scanning, and even Remote OS Identification by TCP/IP
Fingerprinting.
* Nessus (http://www.nessus.org) - Nessus is another remote
scanner. It currently performs around 400 remote security checks.
Nessus also has incredible reporting capabilities with text and
graphed HTML output. Not only will it point out problems, but it
also suggests a solution for each of them.
One interesting feature is that it will not consider that a given
service is running on a fixed port -- that is, if you run your
Web server on port 1234, Nessus will detect it and test its
security. It will not make its security tests regarding the
version number of the remote services, but will really attempt to
exploit the vulnerability.
* Linux Security Quick Reference Card
(http://www.linuxsecurity.com/docs) - This card, written by Dave
Wreski, gives you one easy-to-use reference point for the basics
of securing your system. Contained within are references to
security resources around the net, tips on securing your Linux
box, and general security information. I highly recommend keeping
it on your desk.
* StackGuard (www.immunix.org) - StackGuard is a compiler that
makes programs much less vulnerable to buffer overflow attacks.
Using the compiler requires no source code changes at all.
StackGuard does integrity checks on the stack so that it cannot
be corrupted by buffer overflows without being detected. When a
buffer overflow does happen, StackGuard notices and halts the
program before the attacker can take control and do damage. They
have even gone so far as to rebuild RedHat 6.2 using this marvel
of compiling innovation and the result is the Immunix OS 6.2,
which is available from the same site.
These are only a few of the fine tools available to help keep your
servers safe from evil. I know there are plenty that are worthy of
mention here and if you are the developer of a product that is unique
and worthy of mention, please drop me a line. I am always in the market
for a new way to protect myself.
About the author(s)
-------------------
Rick Johnson is currently involved in a number of projects, none of
which he can discuss at this time. Aren't non-disclosure agreements
wonderful? When not involved with those, he heads the development team
for PMFirewall, an Ipchains Firewall and Masquerading Configuration
Utility for Linux. Rick can be contacted via email at rick@pointman.org
or on the web at http://www.pointman.org.
__________________________________________________________________________
______
ADDITIONAL RESOURCES
A solution to e-mail virus propagation?
http://www.itworld.com/jump/unxsec_nl/www.itworld.com/Sec/2052/IWD010507op
swatch/
When do you inform customers of a hacker break-in?
http://www.itworld.com/jump/unxsec_nl/www.itworld.com/Man/2693/IWD010507op
foster/
Worm hits thousands of Solaris and IIS servers
http://www.itworld.com/jump/unxsec_nl/www.itworld.com/Sec/3832/IDG010511wo
rm/
Building blocks to security: Passwords -- the first line of defense
People are still making the same basic mistakes that they were making
10 years ago
http://www.itworld.com/jump/unxsec_nl/www.itworld.com/AppDev/1313/UIR01050
9buildingblocks/
__________________________________________________________________________
______
<<attachment: winmail.dat>>