By Seán Boran (sean at boran.com) for SecurityPortal
Weekly Security Tools Digest Archive
http://securityportal.com/research/research.wst.html
To receive this digest via Email:
http://securityportal.com/subscribe.html
This is a summary of changes to free security tools over the last week.
Updates to favourite free tools this week include: Yassp, NessusWX, NetSaint, Dante, Mindterm SSH, Online Vulnerability Scanners
Tools for Windows include Zebedee, Ethereal, BCWipe.
Firewalls for UNIX/Linux/BSD & Cross-platform: floppyfw, Smoothwall, Stunnel and 5 other tools.
Tools for Linux/Unix/Cross Platform: 14 items this week.
Yassp beta #15
Jean Chouanard
http://www.yassp.orgYassp (Yet Another Solaris Security Package) is a script for hardening Solaris and also includes many useful precompiled security tools.
Change: Much tweaking has gone into betas 12,13,14,15 released in the last few days. The final release should be available very soon (when beta has been well tested). If you are a Solaris sysdmin, please consider testing Yassp and providing input at this very important stage before the final release.Nessus
Renaud Deraison
http://www.nessus.orgVictor Kirhenshtein has written a new Win32 Nessus client - NessusWX v0.9.2. It has a radically different interface, you should try it out if you are a Win32 user.
http://www.opticom.lv/~nessus/
NetSaint Network Monitor
Ethan Galstad
http://www.netsaint.org/Jason Blakey has released version 4.2 of his NetSaint Easy Administration Tool (NEAT) and Sebastien Barbereau has made public a reporting tool that produces reports of equipment uptime by scanning the NetSaint logs for output from the check_ping plugin.
Dante Socks V1.1.6
http://www.inet.no/dante/Dante is a circuit-level firewall/proxy that can be used to provide convenient and secure network connectivity to a wide range of hosts while requiring only the server Dante runs on to have external network connectivity.
Changes: This release is a bugfix release intended to fix a problem where if someone sent a negative hostname length, the Dante server's internal checks would detect this and it would then abort with a "internal error detected" message.
Mindterm SSH v1.00 pre1
Mats Anderson
http://www.mindbright.se/mindterm/Comment: This tool along with putty are my favourite SSH clients for windows. Although a pre/release, it looks better that v115 or 1.2.
Changes: Integrated SSH2 code into Mindterm, only works with auth types publickey and password. Implements tunneling (also ftp). Doesn't currently support file transfer. NOTE: Not all features of the protocol is exposed in the current GUI nor is all old features relevant with the new protocol. Removed some control character processing in the terminal causing problems on some jdk's/locales (especially on some win32 implementations the ALT_GR key generates ctrl + alt for some obscure reason?!) Fixed bug when deleting tunnels with tunnels setup dialog. Fixed bug in terminal, couldn't select single character. Fixed bug (brain damage!) in terminal, slooow "select all".
Talisker's Online Vulnerability Scanners
http://website.lineone.net/~offthecuff/Onscan.htmTalisker has started listing online scanners. The free one listed are:
Hacker Whacker
http://www.hackerwhacker.com/
Comment: I never received and email to get this working.ISS
https://onlinescanner.iss.net/about.htmlPrivacy Analysis
http://privacy.net/analyze/analyzehow.aspShields Up
https://grc.com/x/ne.dll?bh0bkyd2
Comment: I'm not very convinced of this site. The are several general assertions that do not seem to have foundation and it tens to be 'sensationalist'.Sygate Scan
http://scan.sygatetech.com/Symantec Security Check
http://security1.norton.com/us/intro.asp?venid=sym&langid=us
Zebedee: Secure IP tunnel, Development v2.1.3
http://www.winton.org.uk/zebedee/
Zebedee is a simple program to establish an encrypted, compressed tunnel for TCP/IP or UDP data transfer between two systems. This allows traffic such as telnet, ftp and X to be protected from snooping as well as potentially gaining performance over low-bandwidth networks from compression.
Ethereal v0.8.14
http://www.ethereal.com/
An exploit for a buffer overrun in the AFS dissector was recently released on BugTraq. Ethereal 0.8.14 fixes this and other possibly-exploitable overruns. Also new in 0.8.14 are dissectors for WAP, SIP, AIM/OSCAR, 802.11, GIOP v1.2, and MGCP (plugin). Other dissectors were updated as well. Be sure to upgrade to 0.8.14 as soon as possible.
BCWipe
http://www.jetico.sci.fi/index.htmThe BCWipe utility is a shell extender for Windows 95/98/NT/2000, intended to securely delete your files.
floppyfw 1.9.2
http://www.zelow.no/floppyfw/
floppyfw is a static router with the firewall-capabilities in Linux.
Changes: Kernel 2.4-test10 with iptables 1.1.2 and Busybox 0.48pre. A 1.0.6 version of
floppyfw with PPPoE is also available.
SmoothWall 0.9.5LF
http://sourceforge.net/projects/smoothwall
SmoothWall is a cut-down Linux distro based on VA Linux-optimised Red Hat. It takes a redundant PC and turns it into a fully-auditable firewall and router, managed via any Web browser on any platform on an internal network. It features a DHCP server, firewall logging, SSH, FTP, and telnet and it also has a DNS proxy.
Edge router alpha 1.022
http://freshmeat.net/projects/edgerouter/A basic stand alone Internet firewall.
Securepoint Firewall Server SB v1.1
Lutz & Oliver Hausmann
http://freshmeat.net/projects/securepointfirewall/The Securepoint Firewall Server is a high-performance, commercial-grade application designed to offer full protection for network assets. The Securepoint is a complete software system with an operation system, based on a secure Linux. You can use the firewall on a standard PC with two or three network cards, and is easy to install and administer.
Stunnel Dev. version 3.8p4
http://freshmeat.net/projects/stunnel/The Stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. It will negotiate an SSL connection using the OpenSSL or SSLeay libraries. It calls the underlying crypto libraries, so Stunnel supports whatever cryptographic algorithms you compiled into your crypto package.
Iridium Firewall 1.48
http://freshmeat.net/projects/iridiumfirewall/Iridium Firewall is a script which uses the ipchains facility in Linux 2.2 to perform network packet filtering in an attempt to protect against network-based computer attacks. It's written so that users that know what they are doing can easily configure the script themselves, but it also offers a beginner many convenience flags to turn common features on and off.
Defcon4 v4.2f
Brad Welch
http://freshmeat.net/projects/defcon4/defcon4 is a good starting-point firewall script to use with ipchains, and tweaked to the user's needs.
ulogd v0.9
Harald Welte
http://freshmeat.net/projects/ulogd/The User-space Logging Daemon (ulogd) is a flexible framework for extensive logging of packets on a firewall machine. ulogd uses the ULOG target of iptables/netfilter, the packet filtering framework of Linux 2.4. It supports binary plugins for adding packet interpreters and output-targets (e.g., for logging into databases, user-defined filetypes, etc.).
Changes: Adds support for user-space firewall packet logging to netfilter
IP Accounting Daemon 1.0
Andrey Simonenko
http://www.simon.org.ua/ipaIP Accounting Daemon (ipa) is a configurable IP accounting daemon. It allows one to do IP accounting based on IP Firewall or IP Filter accounting rules. It has a flexible configuration file with many sections and options, including control over which time period to account over.
Paranoia dev. 3
http://paranoia.sourceforge.net
Paranoia allows groups of people to securely chat and exchange information (file
sharing). Because Paranoia is used between known, or at least, partially trusted users, it
isn't meant to be used in the same way as (for example) Gnutella. Paranoia is more like a
real-time Yahoo/Excite/whoever club than it is like Gnutella/scour/whatever. You can't
just boot Paranoia, get onto the net and start leeching files. However, what you can do is
share files amongst people you know. You can also extend this to people that they know,
but you don't.
The general goals are:
- To allow you to chat in relative security
- To allow you to send data over the net to friends with the same security, and provide
easy ways of testing and checking their identity.
- To allow you to share data based upon the identity of the connecting client. This will
mean you can set up ratio servers for people you don't know, and have no-ratio, or more
generous ratios for people that you know and like. You can also ban people on a per
identity basis, although they are free to generate another ID and come back again as a
"new" user. Banning on IP is a possibility.
ITS4 v1.1.1
http://www.cigital.com/services/its4ITS4 scans C and C++ source code, looking for function calls that have potential security vulnerabilities. For some calls, ITS4 tries to perform some code analysis to determine how risky the call is. In each case, ITS4 provides a problem report, including a short description of the potential problem and suggestions on how to fix the code.
LIDS 0.9.10-2.2.17
Xie Hua Gang
http://www.lids.orgThe Linux Intrusion Detection System is a patch which enhances the kernel's security. When it's in effect, many system administration operations can be made impossible even for root. You can turn the security protection on or off on the fly and you can hide sensitive processes and prevent anyone from using ptrace or any other capability on your system. LIDS can also provide raw device and I/O access protection. Changes: Fixed umount filesystem bug, fixed NFSd and FTPd capability usages, and sys_sysctl() bug fixed.
srm v1.2.2
Matthew Gauthier
http://srm.sourceforge.netsecure rm (srm) is a command-line compatible rm(1) which completely destroys file contents before unlinking. The goal is to provide drop in security for users who wish to prevent command line recovery of deleted information, even if the machine is compromised. Changes: Minor bug fixes, -f now really does ignore nonexistent files now.
star 0.1
Brian Wagener and Katrina Illari
http://freshmeat.net/projects/sectar/Secure Tar (star) creates encrypted tape archives (tar files) using the AES algorithm Rijndael. It can encrypt a single file only with 256 bit keys and blocks. The encryption is exported under exemption TSU 740.13.
Saint Jude 0.04
Tim Lawless
http://freshmeat.net/projects/stjude/Saint Jude LKM is a Linux kernel module that implements the Saint Jude model for improper privilege transitions. This will permit the discovery of local, and ultimately, remote root exploits during the exploit itself. Once discovered, Saint Jude will terminate the execution, preventing the root exploit from occurring. This is done without checking for attack signatures of known exploits, and thus should work for both known and unknown exploits.
IPTraf v2.3.1
Gerard Paul Java
http://freshmeat.net/projects/iptraf/IPTraf is an ncurses-based IP LAN monitor that generates various network statistics including TCP info, UDP counts, ICMP and OSPF information, Ethernet load info, node stats, IP checksum errors, and others.
Changes: This version is a maintenance release fixing some bugs in the IP traffic monitor sorting code, including a condition which can cause a segfault. IPTraf 2.3.0 users are encouraged to upgrade.
TINC 1.0pre3 (a free VPN for Linux )
Guus Sliepen, Ivo Timmermans
http://tinc.nl.linux.org/TINC is a Virtual Private Network (VPN) daemon that uses tunneling and encryption to create a secure private network between hosts on the Internet.
TWWWscan 0.6+
twenty sad soul
http://search.iland.co.kr/twwwCommand line CGI vulnerability scanner. Using anti-ids URL-encoding option -ids New in this version: supports passive mode scan, Includes windows NT 4, Windows 2000 Patch Information, (~30/05/2000) 186 bugs checked, changed scan interface. Bug fixed,add Internet Information.
New in this version: (~2000/11/16) 300 over www bugs checked delete internet information option -i added iissample.exe,nesscan.exe,trans.pl added some directory scan fixed against redhat 7 webserver detection
SDSC/GT Secure FTP v1.02
Gary Cohen and Brian Knight
http://www.glub.com/products/secureftp
Secure FTP is a client package that allows for a secure connection to be made to an FTP daemon. In this release, we support connecting via the Secure Sockets Layer, or SSL. Future releases may support other authentication mechanisms (e.g. Kerberos, OPIE).
This client is supported on Windows and any Unix platform where a Java 2 (or Swing) runtime environment is present. It was written in 100% Pure Java and can act as either an application or an applet. The applet version will only run under Windows at this time, but we are looking into other solutions.
Since crypto is present in this product, US export restrictions are in affect. If you reside in an embargoed country you will not be allowed to use this product.
Secure FTP is a joint production with the San Diego Supercomputer Center.
SILC (Secure Internet Live Conferencing): 20001120 Development Version
Pekka Riikonen
http://silc.pspt.fiSILC (Secure Internet Live Conferencing) is a protocol which provides secure conferencing services in the Internet over insecure channels. SILC superficially resembles IRC, although they are very different internally. The purpose of SILC is to provide secure conferencing services. Strong cryptographic methods are used to secure all traffic.
Geheimnis 1.15b
Chris Wiegand
http://geheimnis.sourceforge.netGeheimnis is a KDE application that "wraps" around GnuPG/PGP's irksome command-line interface and makes it easier for users to use these programs. It is made in the style of Win31's PGP Shells that were GUI-based wrappers around PGP2's command line interface.
Ebola 0.1.4
Paul L. Daniels
http://www.pldaniels.com/ebolaEbola is used as a bridge between AV engines (e.g., Sophos) and scanning scripts (e.g., Inflex and AMaViS) to provide much-improved performance by handling file scanning requests on behalf of the scripts while keeping a SINGLE session of the AV engine open, rather than restarting one each time.
Nutcracker 1.9
Ryan T. Rhea
http://www.northernlights.bizland.com/nutcracker.htmlNutcracker is a simple, fast, and effective password cracker for UNIX and Linux systems. Disabled accounts and accounts with no password are detected. Results are shown in a nicely-formatted table. A sample password file and dictionary file are included, although you can use any word list you wish (including the file '/usr/dict/words' included with most Linux distributions). Nutcracker will work with '/etc/passwd' or '/etc/shadow' files.
Note: tools announced on forums like SecurityFocus are not necessarily updates or new or free, it's just that someone posted an announcement. We try out best to only notify you of new or updated, free, tools.
Seán Boran is an IT security consultant based in Switzerland and the author of the online IT Security Cookbook.
© Copyright 2000, SecurityPortal Inc. & Seán .Boran, All Rights Reserved, Last Update: 22 November, 2000 |