Linux Security -- Tool Cleanup

Subject: Linux Security -- Tool Cleanup
From: <Linux_Security@itw.itworld.com>
Date: Wed, 7 Feb 2001 02:28:28 -0700
LINUX SECURITY --- February 06, 2001
Published by ITworld.com -- changing the way you view IT
http://www.itworld.com/newsletters
__________________________________________________________________________
______
HIGHLIGHTS

* Cleaning up some missed, but handy, security tools 
    
__________________________________________________________________________
______

Notable Tools:  Left Out but not Forgotten
By Rick Johnson

Over the past year, we examined quite a few useful security tools; 
however, we've only touched on a few selections from each of the weekly 
topics, leaving out some truly outstanding tools. Luckily, informed 
readers have pointed out a couple of their omitted favorites.  

* Trustix (http://www.trustix.net) - A distribution specifically   
  designed for servers, Trustix Secure Linux uses carefully selected   
  components from well-known reliable sources  and software created 
  specifically for TSL. Trustix's lack of an X server stands out, but 
  makes sense if you think about it.  Typically administered remotely, 
  a server has no need for a GUI and saves substantial disk space and 
  memory without one.

  Another welcome feature, the default installation is actually 
  designed for security. The system's default configuration does not 
  run any services at all.  Even when detecting a vulnerability in a 
  distributed package, updates are released with lightning speed.  If 
  you are in the market for a secure distribution with a small 
  footprint, look no further.

* SAINT (http://www.wwdsi.com/demo/saint/saint.html) - In short, SAINT 
  is a network/server vulnerability-scanning tool, although such a 
  simplistic description hardly does it justice. Here is the site's 
  official description:

      SAINT is the Security Administrator's Integrated Network Tool.  
      In its simplest mode, it gathers as much information about 
      remote hosts and networks as possible by examining such network 
      services as finger, NFS, NIS, ftp and tftp, rexd, statd, and 
      other services.  The information gathered includes the presence 
      of various network information services as well as potential 
      security flaws -- usually in the form of incorrectly setup or 
      configured network services, well-known bugs in system or 
      network utilities, or poor or ignorant policy decisions.  It can 
      then either report on this data or use a simple rule-based 
      system to investigate any potential security problems. Users can 
      then examine, query and analyze the output with an HTML browser, 
      such as Mosaic, Netscape or Lynx.  While the program is 
      primarily geared towards analyzing the security implications of 
      the results, a great deal of general network information can be 
      gained when using the tool - network topology, network services 
      running, types of hardware and software being used on the 
      network, etc....

      However, the real power of SAINT comes into play when used in 
      exploratory mode.  Based on the initial data collection and a 
      user configurable rule set, it will examine the avenues of trust 
      and dependency and iterate further data collection runs over 
      secondary hosts.  This not only allows the user to analyze her 
      or his own network or hosts, but also to examine the real 
      implications inherent in network trust and services and help 
      them make reasonably educated decisions about the security level 
      of the systems involved.

  After playing with SAINT all afternoon, I did not want to stop.  This 
  tool provides more information than you will know how to use. If you 
  have never seen it, take a look.

I know these two are only a small sample of the vast world of security 
tools out there, so if you have a recommendation (that hasn't been 
covered) drop me a line.

About the author(s)
----------------
Rick Johnson is currently the Manager of Security Services for 
FusionStorm, a remote managed services company. When not writing, he 
heads the development team for PMFirewall, an Ipchains Firewall and 
Masquerading Configuration Utility for Linux. Rick can be contacted via 
email at rick@pointman.org or on the web at http://www.pointman.org.
__________________________________________________________________________
______
ADDITIONAL RESOURCES

Network server management made simple 
GUI environment maps servers and networks into secure zones 
http://www.linuxworld.com/jlw/linsec_nl/lw-2000-06/lw-06-trustix.html

The best-kept security secrets
http://www.itworld.com/jump/linsec_nl/www.itworld.com/AppDev/1310/ITW3402/

Kevin Mitnick: The hacker extraordinaire speaks out on security in 
today's Internet age
http://www.itworld.com/jump/linsec_nl/www.itworld.com/Sec/2052/IW001201hnm
itnick/

Stopping the Ramen worm 
Linux and Unix administrators need to be more vigilant in their 
security measures 
http://www.unixinsider.com/jsw/linsec_nl/swol-02-2001/swol-0202-unixsecuri
ty-dv.html

Internet Security Trends 2000 
Moving from Cost-Based Security to eBusiness-Enabled Trust
http://www.itworld.com/jump/linsec_nl/events.network24.com/A395/sessions/A
1023/pages/preview/page$.asp?
__________________________________________________________________________
______
<<attachment: winmail.dat>>
Prev by Date: Linux Security -- Network Service Monitoring, Part 2
Next by Date: Linux Security -- The Ramen Worm
Index(es):
- Date