Weekly Security Tools Digest
2001/05/04 to 2001/05/10

By Sean Boran (sean at boran.com) for SecurityPortal


Weekly Security Tools Digest Archive
http://securityportal.com/research/research.wst.html

To receive this digest via Email:
http://securityportal.com/subscribe.html

This is a summary of changes to free security tools over the last week.


The Rundown

Updates to favourite free tools this week include PGP tools, sftp, iXplorer, mod_ssl.

Auditing and Intrusion Monitoring tools include PIKT, chkrootkit, syslog-ng

Firewall tools include hap-linux, ferm.

General Cross Platform security tools include lsof, tightVNC, silc.

Tools for Windows include Sygate personal firewall.


Favourite Tools

PGP

  • WinPT 0.2.0
    http://www.winpt.org/

    WinPT is a so called "Frontend" for the GnuPG. It supports all common commands for en- and decryption, key transport with the clipboard and of course to create and the verification of signatures.
     
  • SSH (Secure Shell)

    This is a UNIX/Linux port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups. OpenSSH also features an independent implementation of the SSH2 protocol.

    Changes: It fixes a few minor bugs and improves the help command. This is basically just a maintenance release. Now that OpenSSH supports the ssh2 sftp protocol, there's probably no reason to use this program anymore, unless you like it better. There probably won't be any new versions, for the same reason.

     

    Snort
    http://www.snort.org/  

    Jim Forester has updated the ports list, and placed it back online. Richard Howlett describes the procedures to configure the Windows port of Snort to monitor an IS A Server.

     

    mod_ssl  2.8.3-1.3.19
    http://www.modssl.org/  

    Changes: Allow loadcacert.cgi script to work inside mod_perl.  Fixed typo in the directive descriptions in mod_ssl.c. Fixed EAPI context usage in http_request.c: a context pointer  potentially can be NULL requests and can cause a segfault if  dereferenced. Fixed ENGINE support: the engine support is are now already loaded at configure time. Else mod_ssl fails to find them. Fixed typo in httpd.conf-dist.

     

    John the ripper 1.6.24-de v (Password Cracker)
    http://www.openwall.com/john/  

     


    Auditing and Intrusion Monitoring Tools

    PIKT (Problem Informant/Killer Tool) 1.13.0
    Robert Fosterling
    http://pikt.uchicago.edu/pikt/index.html 

     

     

    FreshMeat

     Mytop 0.7
    Jeremy D. Zawodny
    http://freshmeat.net/projects/mytop/

     

    PacketStorm

    psad 0.8.8
    http://www.cipherdyne.com/psad

    Port Scan Attack Detector (psad) is a perl program that is designed to work with Linux firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans.
    Changes: Whois lookups against scanning IPs were added. An uninstall option was added to install.pl. A bug in the 'stop' routine in psad-init was fixed. A bug in the syslog restart system call in install.pl was fixed.

     

     


    Firewalls tools

    fireparse v2.4
    http://aaron.marasco.com/linux.html  

     

    FreshMeat

    hap-linux 2.2.19-3
    www.doutlets.com/downloadables/hap.phtml  

    HAP-Linux is a collection of security related patches which are designed to be applied after Solar Designers Openwall patches are installed.
    Changes include some extra information in the printks, and the ability to allow hard links to files you don't own which are in your group, and the ability to follow links & pipes in +t directories if they are not world-writable. This is useful for getting various daemons to run chrooted as a non-root user, and some secure drop- directory stuff. Changes: A fix for a compile bug on non-x86 platforms, and a fix for weakening hardlink restrictions when CONFIG_SECURE_NOTSOMUCH is enabled.

     

     

    SecurityFocus

     


    General cross-platform security tools

     

    PacketStorm

    Lsof 4.56W
    Vic Abell
    ftp://vic.cc.purdue.edu/pub/tools/unix/lsof  
    is an extremely powerful unix diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes currently running on the system. It easily pinpoints which process is using each network connection / open port.
    Changes: Fixes memory usage errors, adds support for FreeBSD 4.3 and 5.0, nonstop clusters, and CFS. Also includes fixes for Solaris and Linux.

     

    FreshMeat

     SILC 0.2.3
    Pekka Riikonen
    http://silc.pspt.fi

            


    Tools for Windows

    Keytime
    Forix
    http://www.forixnt.com/keytime.zip

    Keytime is a new ForixNT utility that allows an NT admin to retrieve the LastWrite time from a Registry key.  This is a useful functionality, particular when performing configuration checks of systems, or when responding to an incident.  Keytime takes a Registry key as an argument, and returns the LastWrite time in readable format.  This version of keytime is demo of functionality that will be added to the new version of  ForixNT to be released in June, '01. 

     

    Sygate Personal Firewall v4 Build 670
    http://www.sygate.com/free/spf_download.htm  

    Great little tool! See also out analysis of Personal Firewalls on http://www.securityportal.com/articles/pf_main20001023.html

     

    Stealth HTTP Security Scanner 1.0 b22
    Felipe Moniz
    http://www.hideaway.net/Server_Security/Software/Auditing/auditing.html

    Description: This tool is designed especially for the system administrators, security consultants and IT professionals to check the possible security holes and to confirm any present security vulnerabilities that hackers can exploit. Totally free for commercial and non-commercial use. Stealth 1.0 includes the following features:- Designed to evade intrusion detection.- Scanner can work via proxy, Different Anti-IDS tactics Can test webserver Denial-of-Service, Support virtual host scan, Enables administrators to create tests for their specific security needs, Stealth correctly processes the custom made "success" pages and "not found" errors, reducing the number of false positives.
    Comment: No sources are provided, which makes it hard to check for trojans....

     


    Note: tools announced on forums are not necessarily updates or new or free, it's just that someone posted an announcement. We try out best to only notify you only of new or updated free tools.

    © Copyright 2001, SecurityPortal Inc. & Sean Boran, All Rights Reserved, Last Update: 10 May, 2001