|
TOOLS
Sage InfoSec proudly supports Open Source Software. Open source projects have achieved a breadth and quality that makes them integral parts of our toolkit. We believe open source developers represent innovation and ingenuity combined with a strong social ethic. Here is a list of some of the open source projects relevant to information security that we are familiar with, and can recommend.
The Web Quartet Plus Two
Linux
Linux is the flagship open source project, an entire operating system. In the true tradition of open source, there are a bewildering array of options. For beginners, we recommend the Fedora Core series, a user friendly and regularly updated distribution from Red Hat, which can be found at http://www.redhat.com/en_us/USA/fedora/ . For desktop builds, Ubuntu is hard to beat: http://www.ubuntulinux.org/ For enterprise class servers, consider the CentOS distro: industrial strength Linux: http://www.centos.org/
Apache
This open source webserver is legendary, and with good reason. It's the best the world has seen. It's free, it's great, and keeps getting better. You can find it at http://www.apache.org/
MySQL
A database for the masses, and one that runs big chunks of the Internet. It's fun, it's friendly, it's free. Find it at http://dev.mysql.com/
PHP
In their own words, “PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML.” It's more than that, it's a programming language perfect for tying databases to webservers. It's cute, friendly, and fuzzy too, and can be found at: http://www.php.net/
Samba
Samba provides file and print services to all manner of SMB/CIFS clients, including the numerous versions of Microsoft Windows operating systems. Meaning it allows disk sharing between Windows systems and the rest of the world, a very handy thing. You can find them at http://www.samba.org <http://www.samba.org/>
GCC
A compiler is a handy thing for building software, and the Gnu C Compiler is as much an industry standard as this industry has ever had. Oh yeah, it does C++, Fortran, and Java, too. You can find it at http://gcc.gnu.org/
Security tools
This is the part we love. Open source security tools are world class. They can be used on their own in smaller organizations, or can be used in the enterprise to supplement commercial software.
Nmap
The grandaddy of all scanners, this network mapping tool knows more tricks than a carload of circus clowns. White hat hackers (us!), grey hats, and black hats all use this as a gold standard: http://www.nmap.org
Snort
Snort is an intrusion detection system, used to monitor traffic into and out of an organization. This is a down-and-dirty tool, it helps to be up on your TCP/IP stack to use it well. But it can provide a gold mine of information about what's happening on your network: http://www.snort.org
Netdisco
Netdisco is a network management tool and analyzer which excells at layer 2 mapping of your network. It's best for medium and large networks, and can be found at http://www.netdisco.org/
Nessus
One of the best vulernability scanners available, and certainly the cheapest. Nessus checks your systems for hundreds of weaknesses and misconfigurations, then generates reports on the results. It's a bit dicey to learn, but it gives great results: http://www.nessus.org/
Iptables
Iptables is the builtin firewall that is a part of Linux. It does great job, but it's cumbersome to use, what with obscure command line switches and configuration files. That's why we recommend using it in conjunction with fwbuilder.
Fwbuilder
Fwbuilder is a graphical user interface for iptables and serveral other firewalls. In my humble opinion, it's rather a clone of the Checkpoint interface, but that's OK, since Checkpoint is the industry standard. Fwbuilder makes setting up a commercial grade firewall with Linux easy. Recommended! http://www.fwbuilder.org/
Ethereal
Ethereal is one terrific packet sniffer. It runs on Windows, and does sophisticated packet capture and conversation analysis. Slick, and very handy for debugging network problems. "The world's most popular network protocol analyzer." http://www.ethereal.com/
TcpDump and Pcap
This pair provide old style, command-line packet capture, but they're handy sometimes: http://www.tcpdump.org/
John The Ripper
John the Ripper is a seriously good password cracker. You don't want ANYONE getting hold of your encrypted password files with tools like this out there. It cracks easy passwords in minutes. Hard ones take longer. You can find it at: http://www.openwall.com/john/
OpenSSH
OpenSSH is a free version of the SSH (Secure Shell) protocol, which replaces older, unencrypted protocols like rlogin and telnet. It encrypts traffic to eleminate eavesdropping, and supports lots of tunneling and authentication methods. They live at: http://www.openssh.com/
Osirus and Samhain
If you've been attacked, how would you know if it was successful? By using your file integrity checker, of course. This tool requires a little more care and feeding that most. You can find it at: http://la-samhna.de/samhain/
ACID
The Analysis Console for Intrusion Databases provides a killer front end to the Snort IDS. Set up with MySQL, it logs incidents to a database, and provides a great user interface for querying and handling logged incidents. ACID makes SNORT much more usable. It lives at http://acidlab.sourceforge.net/
Kismet
Kismet is a layer 2 wireless network sniffer, and one of the best. It's a Linux tool that works with about any wireless card that supports rfmon. You can find it at http://www.kismetwireless.net/
OpenSSL
The OpenSSL Project has built a robust, commercial-grade, full-featured toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. It's a bit gnarly to use (and will they EVER get to V1.0?) but it's good stuff. http://www.openssl.org/
Bastille
Bastille is a Linux hardening script. Run it to lock down your Linux box. It's well tested, but you would be advised to read up on it a bit if you are new to Linux before running it. It doesn't break things, but it does change a lot of things. Bastille lives at: http://www.bastille-linux.org/
Putty
Putty is a free SSH client that runs on windows. Very useful for moving around the network securely, small, lightweight, and secure. I use this one a lot. You can find it at: http://www.chiark.greenend.org.uk/~sgtatham/putty/
Driftnet
Driftnet is a program which listens to network traffic and picks out images from TCP streams it observes. It is interesting to run it on a host which sees a lot of web traffic. It can be hilarious, but it can also show very quickly what kind of sites your users are viewing. You can find it lots of places, it's a standard package in debian now, but you can also find it here:a program which listens to network traffic and picks out images from TCP streams it observes. It is interesting to run it on a host which sees a lot of web traffic. As Debian notes, this is an invasion of privacy of a fairly blatant sort. Also, if you are possessed of Victorian sensibilities, and share an unswitched network with others who are not, you should probably not use it. That said, it's pretty hilarious to watch what people are up to.
http://packages.debian.org/stable/admin/driftnet
Nagios
Nagios is an open source host, service, and network monitoring program. This is great for getting alerts when a server or piece of your network goes down. It requires a bit of configuration, but it is a top notch program for a moderately complex network. You can find it at http://www.nagios.org
|
|
