Below is a list of programs used
to improve security of computers and networks, although
most of these are listed for a Unix system. A good number
of these programs may also have Windows, Linux, Novell
versions. I will add more a more detailed
description as I investigate them.
-
- Abacus Sentry
- Detects the use of a port
scanner in real-time. Availability and
Additional Info: Abacus Sentry
-
- Anonftpd
- anonftpd is a read-only
anonymous FTP server. Availability:
anonymous ftp at koobera.math.uic.edu
- Additional Info: anonftd
-
- Argus
- Argus is a powerful tool
for monitoring IP networks. It provides tools for
sophisticated analysis of network activity that
can be used to verify the efforcement of network
security policies, network performance analysis
and more. Availability: anonymous ftp at ftp.sei.cmu.edu
-
- Arpwatch
- An ethernet monitor program
that keeps tracks of ethernet/IP address pairings.
- Availability:
anonymous ftp at ftp.ee.lbl.gov
-
- COPS (Computer Oracle
and Password System)
- Identifies security risks
on a Unix system. It checks for empty passwords
in /etc/passwd, world-writable files,
misconfigured anonymous ftp and many others.
- Availability:
anonymous ftp at ftp.cert.org
-
- Courtney
- It is a program that tries
identifies the use of SATAN on a subnet. The
program tcpdump will also be needed in order to
run Courtney. See below for information above
tcpdump.
- Availability:
anonymous ftp at ciac.llnl.gov Additional Info: CIAC Notes 08
-
- Crack
- Crack is a password cracker.
Availability: www.users.dircon.co.uk
- Additional Info: Crack Version v5.0 User Manual
-
- Crack lib
- Checks plaintext words
against Crack. Availability: anonymous ftp
at coast.cs.purdue.edu
-
- Deslogin
- Provides a more secure
method for remote login than telnet or rlogin in
untrusted networks. Deslogin encrypts the
connection using DES. Availability:
anonymous ftp at ftp.uu.net
-
- Dig
- Dig is a network utility
which queries Domain Name Servers similar to nslookup.
- Availability:
anonymous ftp at venera.isi.edu
-
- Drawbridge
- Powerful bridging filter
package. Availability: anonymous ftp at net.tamu.edu
-
- Fcheck
- It is an open source PERL
script providing intrusion detection and policy
enforcement of Windows 95/98/NT/3.x and Unix
server administration through the use of
comparative system snapshots.
- Additional Info:
anonymous ftp at The Fcheck Homepage
- Fping
- An efficient way to test
whether a large number of hosts are up. Availability:
anonymous ftp at slapshot.stanford.edu
-
- Icmpinfo
- It displays unusual ICMP
messages received by a host and this can be used
to detect suspicious network activity. Availability:
anonymous ftp at hplyot.obspm.fr Additional Info: icmpinfo man page
-
- ISS
- Checks hosts within a
specified range of IP address for various
security vulnerabilities in sendmail, anonymous
FTP setup, NFS and many more. Availability:
anonymous ftp at info.cert.org
- Additional Info: CERT Advisory 93:14.Internet.Security.Scanner
-
- IPACL
- Filters incoming and
outgoing TCP and UDP in a SVR4/386 kernel.Availability:
anonymous ftp at ftp.porcupine.org
-
- Jetmon
- Java based client-server
link monitoring tool fo rNOC operations.
- Availability and
Additional Info: Home of Jetmon
- Kerberos
- Kerberos is an
authentication system used to protect security
networks. (Export restricted)
- Availability: web.mit.edu Additional Info: Kerberos: The Network
Authentication Protocol
-
- Klaxon
- It is a daemon that is used
to identify the use of port scanners like
ISS
and SATAN.
- Availability:
anonymous ftp at ftp.eng.auburn.edu
-
- L6
- Provides a flexible and
intelligent interface for periodic integrity
checks of data using Perl
- Availability:
anonymous ftp at L6 Additional Info: L6
-
- Logdaemon
- Replacement for system ftp,
rlogin, rexec, rsh
daemons and login program that have
added security features such as login in failures
and S/Key one-time passwords support.
- Availability:
anonymous ftp at ftp.porcupine.org Additional Info: Wietse's tools and papers
-
- Logsurfer
- Analyzes any text-based log
files real-time using contexts and executes a
corresponding action.
- Availability:
anonymous ftp at ftp.cert.dfn.de Additional Info: Lo gsurfer Homepage
- Lsof
- Displays all open files on
a UNIX system. Availability: anonymous ftp
at vic.cc.purdue.edu
-
- Mangle
- It is a utility that either
checks existing passwords for weakness or forces
users to choose good passwords. Availability:
anonymous ftp at ftp.informatik.uni-erlangen.de Additional Info: Readme file for Mangle
-
- Mason
- Mason is a tool that
interactively builds a firewall using Linux'
ipfwadm or ipchains firewalling. You leave mason
running on the firewall machine while you are
making all the kinds of connections that you want
the firewall to support (and want it to block).
Mason gives you a list of firewall rules that
exactly allow and block those connections. Availability:
Mason
- Merlin
- Merlin is an interface to
five popular security package to make it easier
to analyze and manage the data. Availability:
anonymous ftp at ciac.llnl.gov Additional Info: Merlin Information
-
- MD5
- MD5 is a hash function
using to the authenticity of a file. Availability:
anonymous ftp at rsa.com
- Additional Info: RFC 1544, www.rsa.com
-
- MIME Object Security
Services (MOSS)
- It is an extension of Multi-purpose
Internet Mail Extensions (MIME) that provides
authentication, integrity, and confidentiality of
an email message. (export restricted) Availability:
anonymous ftp at ftp.tis.com
- Additional Info: MOSS FAQ
-
- The Nessus Project
- The "Nessus"
Project is a free, powerful, up-to-date and easy
to use remote security scanner.
- Additional Info: The Nessus Project
-
- Netlog
- Network logging and
monitoring of all TCP and UDP connections on a
subnet. Netlog also includes tools to analyzing
the output. Availability: anonymous ftp at
net.tamu.edu
-
- Network Security Scanner
(NSS)
- NSS is a perl that scans
one host on subnet or an entire subnet for
various simple security problems.
- Availability:
anonymous ftp at jhunix.hcf.jhu.edu
-
- NFSWatch
- NFSWatch monitors NFS
requests and measures response time for each RPC.
- Availability:
anonymous ftp at coast.cs.purdue.edu
-
- Nmap
- Utility for stealthily port
scanning large networks. See Syn for tracking these types of
scans.
- Additional Info: Information and download for Nmap
-
- Npasswd
- It is a replacement for the
system passwd command that enforces
stronger passwords.
- Availability:
anonymous ftp at ftp.cc.utexas.edu Additional Info: Information about npasswd
-
- OPIE
- This software provides the
ability to generate and use one time passwords.
Related tools are also available for Windows, DOS
and Mac. Availability: anonymous ftp at ftp.nrl.navy.mil (may not be for public use)
-
- Osh
- Osh is a restricted C shell
that allows the administrator to control access
to files and directories and to provide logging. Availability:
anonymous ftp at ftp.c3.lanl.gov Additional Info: The Operator Shell
-
- Passwd+
- Passwd+ is a proactive
password checker which replaces the system passwd
command. It enforces strong passwords. Availability:
anonymous ftp at ftp.dartmouth.edu
-
- PGP
- Pretty Good Privacy (PGP)
protects documents such as email from
unauthorized reading using public key encryption.
This is the famous program by NAI. (Some versions
are export restricted) Availability: USA
and Canada--anonymous ftp at www.eff.org or via web form Availability: International--
anonymous ftp at ftp.ifi.uio.no
- Additional Info: Cryptography, PGP, and Your
Privacy
-
- Pidentd
- Identd tries to identify
the remote user name of a TCP/IP connection.
Identd is an implementation of RFC 1413. Availability:
anonymous ftp at ftp.lysator.liu.se or ftp.csc.ncsu.edu Additional Info: RFC 1413
-
- PingLogger
- PingLogger detects and logs
ICMP ECHO REQUESTS. Availability:
world wide web at www.students.uiuc.edu
-
- Portmapper
- It is a modified version of
portmapper that reduces the
vulnerabilities and denies proxy access.
- Availability:
anonymous ftp at ftp.porcupine.org
-
- RIPEM
- Riordan's Internet Privacy
Enhanced Mail (RIPEM) improves the security of
email by verifying the authenticity of the
message sender among other things. ( Export
restricted) Availability: anonymous ftp at
ripem.msu.edu Additional Info: Information about RIPEM
-
- Rpcbind
- A modified version of rpcbind
(System V.4 portmapper) that prevents intruders
from bypassing NFS export restrictions. Availability:
anonymous ftp at porcupine.org
-
- Rscan
- Rscan is a extensible
network scanner that checks for common network
problems and SGI specific vulnerabilities. Availability:
anonymous ftp at ftp.vis.colostate.edu Additional Info: Rscan: Heterogeneous Network
Interrogation
-
- SARA
- SARA, Security Auditor's
Research Assitant, is a third generation security
analysis tool that is based on the SATAN model,
covered by the GNU GPL-like open license, fosters
a collaberative environment and is updated
periodically to address hte latest security
threats. Availability and additional info:
SARA
- SATAN
- SATAN is a program that
gathers network information such the type of
machines and services available on these machine
as well as potential security flaws. Availability:
anonymous ftp at ftp.porcupine.org. Also see wzv.win.tue.nl for a list of mirror sites. Additional
Info: Cert Advisory CA-95:06.satan
-
- Scan-Detector
- Scan-detector determines
when an automated scan of UDP/TCP ports is being
done on a host running this program. Logs to
either syslog or strerr. Availability:
anonymous ftp at coast.cs.purdue.edu
- Additional Info: COAST Projects' Tools
-
- Sendmail
- A replacement for the
system sendmail. This version includes
all of the latest patches.
- Availability:
anonymous ftp at ftp.cs.berkeley.edu
-
- Sendmail Wrapper
- The sendmail wrapper
provides some protection against local sendmail
attacks.
- Availability:
anonymous ftp at ftp.auscert.org.au
-
- SENSS
- A flexible, Java-based
security tool that enables organizations to audit
and secure their systems and networks in a modern,
heterogeneous, corporate intranet. Availability
and more info: Sun Enterprise Network Security
Service
-
- Shadow
- This package includes
everything that is necessary to use shadow
password file.
- Availability:
anonymous ftp at ftp.cs.widener.edu
-
- Simple Socksd
- It is another
implementation of Version 4 SOCKS protocol that
is fast, easy to compile, and simple to configure.
Availability: http at Simple SOCKS Daemon Additional Info: Simple SOCKS Daemon
-
- SKey
- S/Key generates one time
passwords to gain authenticated access to
computers.
- Availability:
anonymous ftp at thumper.bellcore.com or coast.cs.purdue.edu
-
- Simple Key-Management
For Internet Protocols (SKIP)
- SKIP adds privacy and
authentication at the network level. Availability:
USA and Canada--via web form Availability: International--anonymous
ftp at ftp.elvis.ru Additional Info: SKIP Information and SKIP in Russia
-
- Smrsh
- Smrsh is a restricted shell
for sendmail to restrict the number of programs
that can be executed by sendmail. Availability:
anonymous ftp at ftp.nec.com
-
- Socks
- Socks is a package which
allows various Internet service such as gopher,
ftp and telnet to be used
through a Firewall. Availability:
anonymous ftp at ftp.nec.com Additional Info: Welcome to SOCKS
-
- SSH
- SSH (Secure Shell) is an
enhance versions of rlogin, rsh
and rcp that provides RSA
authentication and encryption of communications
as well as many other security improvements. (
Export restrictions)
- Availability:
anonymous ftp at ftp.cs.hut.fi Additional Info: Ssh (Secure Shell) Home Page or Ssh FAQ
-
- STEL
- STEL is a system
replacement for telnet which provides strong
mutual authentication and encryption.
- Availability:
anonymous ftp at idea.sec.dsi.unimi.it
-
- Strobe
- Strobe displays all active
listening TCP port on remote hosts. It uses an
algorithm that efficiently uses network bandwidth.
Availability: anonymous ftp at suburbia.apana.org or minnie.cs.adfa.oz.au
-
- Sudo
- Sudo allows a system
administrator to give limited root privileges to
user and log their activities. This version of
Sudo is also known as CU-sudo. Availability:
anonymous ftp at ftp.cs.colorado.edu
- Additional Info: Sudo - a utility to allow
restricted root access
-
- Swatch
- Swatch is a package used to
monitor and filter log files and executes a
specified action depending of pattern in the log.
Availability: anonymous ftp at ee.stanford.edu
-
- Syn
- Perl utility for tracking
stealth port scanning Availability:
anonymous ftp at Syn Additional Info: Syn
-
- TCP Wrapper
- Allows a Unix System
Administrator to control access to various
network services through the use of access
control list. It also provides logging
information of wrapped network services which may
be used to prevent or monitor of network attacks.
Availability: anonymous ftp at ftp.porcupine.org Additional Info: TCP Wrapper
-
- Tcpdump
- Tcpdump captures and dumps
protocol packets to monitor or debug a network.
- Availability:
anonymous ftp at ftp.ee.lbl.gov
-
- Tcpr
- Tcpr is a set of perl
scripts that forwards ftp and telnet
commands across a firewall.
- Availability:
anonymous ftp at ftp.alantec.com
-
- Tiger
- Checks for known security
vulnerabilities of Unix workstations. It is
similar to Cops with many extensions. Availability:
anonymous ftp at net.tamu.edu
-
- TIS Firewall Toolkit
- Firewall Toolkit is a
software package to build and maintain a system
which is used to protect networks from unwanted
network activities. Availability:
anonymous ftp at ftp.tis.com
- Additional Info: TIS Firewall Toolkit Overview
-
- Tripwire
- Monitors for changes in
system binaries.
- Availability:
anonymous ftp at coast.cs.purdue.edu Additional Info: Tripwire
-
- TTY-Watcher
- TTY-Watcher monitors, logs
and interacts with all of the tty on a system.
- Availability:
anonymous ftp at coast.cs.purdue.edu Additional Info: TTY-Watcher
-
- Wu-ftpd
- A replacement ftp
server for UNIX systems that has many features
including extensive logging and as well as
limiting the number of ftp users. Availability:
anonymous ftp at wuarchive.wustl.edu
-
- Xinetd
- It's a replacement for inetd
which has extensive logging and access control
capabilities for both TCP and UDP services. Availability:
anonymous ftp at qiclab.scn.rain.com
-
- YPX
- It is a utility to retrieve
a NIS map from a host running NIS daemon.
- Availability:
anonymous ftp at ftp.uu.net or WWW server at mls.saic.com
Notify C0VERTl
of any dead ftp/links and I will attempt to relocate the
programs.
|