LINUX SECURITY --- August 01, 2000
Published by ITworld.com, the IT problem-solving network
http://www.itworld.com/newsletters
*********************************************************************
HIGHLIGHTS
* Tools of the security trade
*********************************************************************
A Few "Must Have" Linux Security Tools
by Rick Johnson
With literally thousands of Linux Security related tools out there, how
do you know which ones you need? Well, only you can answer that; I can
only list a few of the ones in my arsenal. While those I trust have
recommended some, most were found through rigorous testing and plain old
dumb luck.
* Nmap (http://www.insecure.org/nmap) - Nmap is a utility for port
scanning large networks or a single host. This should be at the
core of every Security Engineers toolkit. A few of the supported
features of nmap include TCP SYN scanning, stealth scanning, ftp
bounce attack, SYN/FIN scanning using IP fragments, ping-sweep,
Direct RPC scanning, and even Remote OS Identification by TCP/IP
Fingerprinting.
* Nessus (http://www.nessus.org) - Nessus is another remote scanner.
It currently performs around 400 remote security checks. Nessus
also has incredible reporting capabilities with text and graphed
HTML output. Not only will it point out problems, but it also
suggests a solution for each of them.
One interesting feature is that it will not consider that a given
service is running on a fixed port -- that is, if you run your Web
server on port 1234, Nessus will detect it and test its security.
It will not make its security tests regarding the version number
of the remote services, but will really attempt to exploit the
vulnerability.
* Linux Security Quick Reference Card
(http://www.linuxsecurity.com/docs) - This card, written by Dave
Wreski, gives you one easy-to-use reference point for the basics
of securing your system. Contained within are references to
security resources around the net, tips on securing your Linux
box, and general security information. I highly recommend keeping
it on your desk.
* StackGuard (www.immunix.org) - StackGuard is a compiler that makes
programs much less vulnerable to buffer overflow attacks. Using
the compiler requires no source code changes at all. StackGuard
does integrity checks on the stack so that it cannot be corrupted
by buffer overflows without being detected. When a buffer
overflow does happen, StackGuard notices and halts the program
before the attacker can take control and do damage. They have even
gone so far as to rebuild RedHat 6.2 using this marvel of
compiling innovation and the result is the Immunix OS 6.2, which
is available from the same site.
These are only a few of the fine tools available to help keep your
servers safe from evil. I know there are plenty that are worthy of
mention here and if you are the developer of a product that is unique
and worthy of mention, please drop me a line. I am always in the market
for a new way to protect myself.
Resources
Forensics
Getting to the bottom of a security breach.
http://www.sunworld.com/sunworldonline/swol-07-2000/swol-0721-security.htm
l
The security consultant's toolbox
Commercial products have their place, but nothing beats some of the
better freeware tools.
http://www2.itworld.com/cma/ett_article_frame/0,2848,1_1624,00.html
An arsenal of attack tools
http://www2.itworld.com/cma/ett_article_frame/0,2848,1_1642,00.html
************************************************************************
About the author
----------------
Rick Johnson is currently the Manager of Security Services for an
emerging Managed Service Provider. When not writing, he heads the
development team for PMFirewall, an Ipchains Firewall and Masquerading
Configuration Utility for Linux. Rick can be contacted via email at
rick@pointman.org or on the web at http://www.pointman.org.
*********************************************************************
<<attachment: winmail.dat>>