Network Security Tools
Brief description of tools documented
at CERN
web site
-
Network Infrastructure
-
Network Investigation:
-
DNSwalk: DNS database debugger.
-
traceroute: like ping to trace the source of IP packets.
-
Firewall Tools:
-
Drawbridge: high speed packet filtering; constant time lookup algorithm.Throughput
same regardless of number of filters defined (developed at UT Austin).
-
SOCKS: proxy protocol for client server environments. Features:
(i) transparent network access. (ii) authentication/encryption deployed.
(iii) flexible filtering.
-
FCT (Firewall Configuration Tool): Configures a UNIX box as a firewall
(setting network configurations, defining filters & testing rules).
-
SINUS: TCP/IP packet filter for linux OS. Features: i) extensive logging
and alerting. (ii) prevention of packet and address spoofing.
-
TIS Internet Firewall Tool kit: Set of programs and configuration practices
designed to facilitate building network firewalls.
-
IPchain: Rewriting of Linux IPv4 firewalling.
-
Host
-
Auditing/Logging:
-
TCP wrapper: monitor and filter services like SYSTAT, FINGER, FTP, TELNET
etc. by looking at client host and service requested.
-
Log daemon: Replace system daemon to enhance logging.
-
Tools to automatize downloading OS patches and latest versions:
-
Tools replacing others with security holes:
-
Portmap: prevents thefts of NIS, NFS information.
-
Postfix, Qmail: alternatives to sendmail.
-
Xinetd: replacement for inetd. Features: i) uses config file. ii) kills
servers (hard kill) not in config. (iii) prevents denial of service by
limiting number of servers.
-
RPCbind: mechanism to discourage remote access to NIS, NFS.
-
Enhanced Tools:
-
ssh: secure connections and secure forwarding (to remote hosts). This
prevents (i) IP spoofing.
(ii) DNS spoofing. (iii) Interception of clear text passwords.
-
S-KEY: one time password.
-
StackGuard: solution to buffer overflow.
-
Host Vulnerability:
-
Local Host: Titan, COPS (Computer Oracle and Password System), Tiger.
These look at system files.
-
Remote Host:(i) SATAN: examines remote host services (ii) SAINT:
examines remote host and network services (iii) Neesus: security scanner
that tries to perform attacks.
-
Port Scanners: NMAP, NTD etc.
-
Encryption Tools:
-
Host based intrusion detection
-
Log Scanners:
-
SWATCH: monitors messages written to a log file.
-
Logsurfer: monitor log files.
-
Log Check: UNIX.
-
Integrity checker:
-
Tripwire: File and directory integrity checker.
-
AIDE: Automatic Intrusion Detection Environment.
-
GOG: Distributed Systems Integrity.
-
Fcheck: System snapshot.
-
Network based intrusion detection
-
Integrated Tools:
-
NID (Network Intrusion detection): Used to detect, analyze, gather evidence
of intrusive behavior on IP. Collects data about network traffic. Uses
security domains.
-
ISS (Internet Security Scanner): Used to detect wrong configuration
in networks.
-
Network Security Tools:
-
tcpdump
-
NFR (Network Flight Recorder): Allows you to capture information. Basically
it is an augmented sniffer. Most information can be saved for future analysis.
-
Firewalk: Technique to gather information about a remote network protected
by a Firewall. Traceroute like IP packet analysis to determine if packets
can pass through a packet filtering device.
-
Other augmentations to sniffers: Ngrep, Ntop, Argus, Clog.
-
Others
-
Kerberos: Used for authentication.
-
Abacus Project: host based security and intrusion detection.
Tools from CAIDA web site
-
cflowd: analyzing Cisco's netflow enabled switching method.
-
Coral reef: analyze data collected by passive Internet monitors.
Tools to be used in this Project
1) Auditing/Logging tools
which need to monitor services like TELNET etc.
2) Tools that examine remote
host and network vulnerabilities like SAINT, SATAN etc.
3) Integrity checkers like
Tripwire, AIDE etc. to protect the integrity of system files.
4) Tools like NFR, Firewalk
that gather information about a remote network.