Weekly Security Tools Digest
2000/12/30 to 2001/01/07

By Seán Boran (sean at boran.com) for SecurityPortal


Weekly Security Tools Digest Archive
http://securityportal.com/research/research.wst.html

To receive this digest via Email:
http://securityportal.com/subscribe.html

This is a summary of changes to free security tools over the last week.


The Rundown

Updates to General free tools this week include Mindterm SSH and Sendmail.

Auditing and Intrusion Monitoring tools include Snort, Saint and a very useful comparison of "Vulnerability Assessment Scanners".

Firewalls for UNIX/Linux/BSD & Cross-platform: 5 tools.

Tools for Linux/Unix/Cross Platform: 6 items.

Tools for Windows: WinSCP.


General Tools

SSH

Mindterm SSH
http://www.mindbright.se/mindterm

Update: The demos for Mindterm 1.99 pre 2 have expired, we will put up new demos when the licensing issue is resolved. In the meantime check out v1.2.1 (ssh1 only).

SSL

sendmail 8.11.2
http://www.sendmail.org
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.11.2.tar.gz

Sendmail 8.11 and later includes hooks to SSL cryptography, this release includes bug and security fixes.


Auditing and Intrusion Monitoring Tools

Snort
http://ww.snort.org

Ruleset update: 91 new rules added to the database this morning. The 'BETA' section has had heavy additions, as well as moving 'Overflows' into 'Exploits'. (The name seems more fitting) :) The previous set (12/04/2k) of BETA rules have also been moved into the database as full rules.

 

Saint 3.1.3 beta1
World Wide Digital Security, Inc.
http://www.wwdsi.com/saint 

Saint (Security Administrator's Integrated Network Tool) is a security scanning tool based on Satan.
• Changes: Check for vulnerabilities in: Oracle Internet Application Server, IMail mail server, BEA WebLogic server, bftpd, Sun Cluster Monitor service, MDaemon mail server. Modified to compile on PPC/Linux.

 

Network Computing Magazine: "Vulnerability Assessment Scanners"
http://www.nwc.com/1201/1201f1b1.html

We decided to entrust the security of our test network to Axent Technologies' NetRecon, BindView Corp.'s HackerShield, eEye Digital Security's Retina, Internet Security Systems' Internet Scanner, Network Associates' CyberCop Scanner, and two open-source products: Nessus Security Scanner and Security Administrator's Research Assistant (SARA). One product, World Wide Digital Security's System Analyst Integrated Network Tool (SAINT), is open source, with a commercial reporting tool. ........ We set up 17 of the most common and critical vulnerabilities out there, and not one product detected them all....... The two that shined the brightest on this front were ISS' Internet Scanner and Nessus Security Scanner. Unfortunately, it's a case of the best of the worst.

Comment: a detailed report that makes sober reading.

 

FreshMeat

Authforce 0.9.3
kapheine
http://kapheine.hypa.net/authforce/index.php  

Authforce is an HTTP authentication brute forcer. Using various methods, it attempts brute force username and password pairs for a site. It has the ability to try common usernames and passwords, username derivations, and common username/password pairs. It is used both to test the security of your site and to highlight the insecurity of HTTP authentication due to the fact that users just don't pick good passwords.

 

SecurityFocus

Blaster Scan
polos
http://www.ezkracho.com.ar/polos/progs.html

PORT SCAN -extract users exploiting expn -extract users exploiting vrfy -brute force on ftp -anonymous access check -cgi scan.


Firewalls for UNIX/Linux/BSD & Cross-platform

Astaro Security Linux 1.737
Astaro AG
http://www.astaro.com/products/index.html

Astaro Security Linux is a new firewall solution. It does stateful inspection, packet filtering, content filtering, virus scanning, VPN with IPSec, and much more. With its Web-based management tool and the ability to pull updates over the Internet, it it is pretty easy to manage. It is based on a special hardened Linux 2.4 distribution where most daemons are running in change-roots and are protected by kernel capabilities. See also the discussion board on http://www.astaro.org

 

PacketStorm

zorp 0.7.10
Balazs Scheidler
http://www.balabit.hu/products/zorp

Zorp is a new-generation modular proxy firewall suite to fine tune proxy decisions with its built in script language, fully analyze complex protocols (like SSH with several forwarded TCP connections), and utilize outband authentication techniques (unlike common practices where proxy authentication had to be hacked into the protocol).
Changes: Ipchains support to add and remove rules at runtime was added, and bugfixes were included.

FreshMeat

MonMotha's IPTABLES Masquerading Firewall 2.1.16
http://t245.dyndns.org/~monmotha/firewall

MonMotha's IPTables firewall is a shell script that implements masquerading and basic security using IPTables. It is easily configurable by modifying the options near the beginning and does not need to be rerun every time your IP address changes, making it perfect for users with dialup connections. Many features, such as SSH rulesets and limited flood protection, are available.
Changes: Moving the drop policy to normal options, setting default drop policy to "REJECT" (not "DROP"), and removal of the root DNS server loop (deprecated by previous version).

 

IPTables Linux Firewall  4.2b-2
Patrik Hildingsson
http://freshmeat.net/projects/iptablesfw/

IPTables Linux Firewall is a firewall that uses netfilter in Linux 2.4. It features easy configuration and a DMZ option, logs portscans (limited so they won't flood the logfile), and has stateful inspection, masquerading, and general NAT support.

 

floppyfw stable: 1.0.7 - devel: 1.9.2
http://www.zelow.no/floppyfw/

A Linux firewall on a single floppy.
2000-12-30: floppyfw-1.0.7. Now with kernel 2.2.18 and some other small changes as a better way to add the PPPoE stuff, which also has a new 1.0.7 version.


Tools for UNIX/Linux/BSD & Cross-platform

ttywatch 0.5
ftp://people.redhat.com/johnsonm/ttywatch/ttywatch-0.5.tar.gz

ttywatch was originally designed to log serial console output from lots of Linux machines on a single monitor machine. It handles log rotation correctly, can be configured in both a configuration file and on the command line (mix-and-match command-line and config file), and supports arbitrary data logging methods via dynamically loaded modules.

 

bftpd 1.0.14
http://c.codercity.de/bruksoft/bftpd

bftpd is a very configurable Linux FTP server which can do chroot without special configuration or directory preparation. It works on all Unix variants tested. Most FTP commands are supported, and user authentication is done via passwd/shadow or PAM.

 

Packetstorm

lomac v1.0
http://www.pgp.com/research/nailabs/secure-execution/lomac.asp

LOMAC is a security enhancement for Linux that uses Low Water-Mark Mandatory Access Control to protect the integrity of processes and data from viruses, Trojan horses, malicious remote users, and compromised root daemons. LOMAC is implemented as a loadable kernel module - no kernel recompilations or changes to existing applications are required. Although not all the planned features are currently implemented, it currently provides sufficient protection to thwart script-kiddies, and is stable enough for everyday use. Whitepaper available. Manual available.
Changes: First stable release! Includes a new manual, performance benchmarks, and bug fixes.

 

International Linux patch 2.2.18.3
http://www.kerneli.org

The idea of the International Kernel Patch is to collect all crypto patches so that using crypto in the kernel will be easier than today. The patch includes a number of crypto patches including a crypto API including Blowfish, CAST-128, DES, DFC, IDEA, MARS, RC6, Rijndael, Safer, Serpent, and Twofish, an encrypted filesystem loopback device using the crypto API, CIPE VPN and EnSKIP patches.
Changes: Ported to Linux kernel v2.2.18.

 

sslwrap 2.06
Dan Cyr
http://www.rickk.com/sslwrap

sslwrap is a simple unix daemon that sits over any simple TCP service such as POP3, IMAP, SMTP, and encrypts all of the data on the connection using TLS/SSL. It uses ssleay to support SSL version 2 and 3. It can run from inetd and encrypt data for services located on another computer. It works with the servers you already have, and does not require any modifications to your existing servers.
Changes: This release fixes compatibility issues with OpenSSL 0.9.6, a missing err.h, and a missing MALLOC error.

Freshmeat

Email Security through Procmail 1.125
John Hardin
http://freshmeat.net/projects/emailsecuritythroughprocmail/

Changes:

Closed the gaping hole: the failure to scan attachments that are themselves RFC822 messages with MIME attachments; the sanitizer will now recurse into attached messages (several layers deep if necessary) and sanitize MIME headers in all. Unfortunately the RFC822 excessively-long-header checks are still only performed on the outermost headers. Added SECURITY_TRUST_STYLE_TAGS as an option. Catch encoded periods in filenames so that they can't be used to prevent filename mangling or poisoning.

This is probably the last release (barring bugs) in this series - I want to get started on the policy-file version now.


Tools for Windows

SecurityFocus

WinSCP 1.0
Martin Prikryl
http://winscp.vse.cz/eng

WinSCP can do all basic operations with files, such as copying and moving (to and from a remote computer). It also allows you to rename files and folders (on both remote and local computer), create new folders (on both remote and local computer), change access rights (only on remote computer) and change groups (only on remote computer).


Note: tools announced on forums are not necessarily updates or new or free, it's just that someone posted an announcement. We try out best to only notify you only of new or updated free tools.

About the Author

Seán Boran is an IT security consultant based in Switzerland and the author of the online IT Security Cookbook.

© Copyright 2000, SecurityPortal Inc. & Seán .Boran, All Rights Reserved, Last Update: 03 January, 2001