|
(Page 2 of 5) < Prev 1 2 3 4 5 Next > Category: Hardening ServerMask Added 2006-05-26 ANY INFORMATION A HACKER CAN OBTAIN ABOUT YOUR SYSTEM IS TOO MUCH INFORMATION. Broadcasting your Web server's identity via HTTP header data makes it easy for potential intruders to complete their first hacking task: identifying your OS and Web server. Hacker pre-attack reconnaissance accounts for 40% of all Internet attack traffic, so make sure that your Windows Web server isn’t giving away unnecessary clues about its identity. SERVERMASK SOFTWARE FROM PORT80 SOFTWARE MODIFIES YOUR WEB SERVER’S "FINGERPRINT" by removing unnecessary HTTP response data, modifying cookie values, and obscuring other response information, thus masking the identity of your server. Advanced options include custom header creation, Apache emulation, response randomization, a Remove Any Header feature, cookie masking, and one-click WebDav disabling. PART OF A TOTAL SECURITY STRATEGY FOR WINDOWS-BASED WEB SERVERS, ServerMask software provides camouflage to augment the armor provided by firewalls and intrusion detection systems (IDS). Not only does successful obfuscation discourage attacks in the first place by making your Windows server less conspicuous, but it also makes hackers more likely to trigger IDS through misguided exploits. ServerMask is already used by thousands of customers, including financial institutions, governments, and corporations concerned with security best practices, and has been hailed as "clearly the best solution yet produced for managing the IIS Server banner." INSTALLED IN MINUTES AS A SUPER-FAST AND STABLE ISAPI FILTER, ServerMask is fully compatible with IIS 4, 5, and 6, IIS Lockdown, URLScan, FrontPage, Outlook Web Access, and major scripting platforms like ASP, ASP.NET, ColdFusion, PHP, and Perl. ServerMask is available for a free, fully functional 30-day trial and includes free technical support. FOR COMPLETE OS/SERVER ANNONYMIZATION AT THE TCP/IP LEVEL AND INTRUSION PREVENTION, CHECK OUT PORT80’s SERVERMASK IP APPLIANCES: www.servermask.com/appliances OSSEC Added 2006-05-12 OSSEC HIDS is an Open Source Host-based Intrusion Detection System. It performs log analysis and correlation, integrity checking, rootkit detection, time-based alerting and active response. It runs on most operating systems, including Linux, OpenBSD, FreeBSD, Solaris and Windows. GeSWall Server Edition Added 2006-04-03 With GeSWall Server Edition, you can harden your Web, Mail and SQL Servers. Hardening implies an isolation security policy that prevents damage from targeted intrusions and effectively precludes various attacks, known and unknown. Built on proven technology, GeSWall Server Edition provides powerful features to manage its security policy by means of Microsft Windows Group Policy and Active Directory. Security Cloak Added 2006-03-09 Allows you to spoof your OS in order to fool passive fingerprinting techniques (twenty different OSs are supported). Also helps prevent information leakage via timestamp options. dotDefender Added 2006-02-06 dotDefender secures websites against a broad range of HTTP-based attacks, including Session attacks (e.g. Denial of Service), Web application attacks (e.g. SQL injection, Cross-site scripting, and known attack signatures), as well as requests originating from known attack sources ( e.g. spammer bots and compromised servers). easily installed, dotDefender requires minimal administrator maintanance and updates via a "live update" functionality that keeps its rule set up to date, enabling it to secure the Web environment from the moment it is deployed. dotDefender is cost-effective and is available for a 30 day evaluation period at www.dotdefender.com Windows Permission Identifier Added 2006-01-18 This tool enables administrators and penetration testers to review and audit the permissions of users on a windows machine. Windows Permission Identifier can check; File ACLs Folder ACLs Registry ACLs Services Permissions Shares Installation rights Internet Access and so on. The GUI enables the administrator to create policies that can be saved in XML format. The windows machines permissions are then checked against this policy. This enables administrators to run checks against existing organisational windows security baseline documents. Policies can be saved in XML format and all results can be exported for further use. WARNING: The policy that is included is a sample of the functionality of the tool. It is not a security policy that should be followed. Report Bugs & send your own policy files : nhouse[at]stationx.net It would be very useful to the community if you send me any policies you create. For example, Web server, desktop, domain controller or what ever you create. I will upload your policy files to the site and credit you. dotDefender Added 2005-12-19 dotDefender secures websites against a broad range of HTTP-based attacks, including Session attacks (e.g. Denial of Service), Web application attacks (e.g. SQL injection, Cross-site scripting, and known attack signatures), as well as requests originating from known attack sources ( e.g. spammer bots and compromised servers). dotDefender installs within moments on the Web server along with a predefined, configurable rule-base - enabling it to secure the Web environment from the moment it is deployed, with virtually no administrator intervention. dotDefender retails at a fraction of the cost of conventional web application firewalls, and is available for evaluation via a free 30-day trial. fortifie Added 2005-09-06 Fortifie is designed as a security tool for Windows computers running Internet Explorer 4 or greater, which will provide peace of mind as you surf the web, and confidence that you are protected from many internet borne threats, such as covert software installation. Proactive Password Auditor Added 2005-07-30 Proactive Password Auditor is a password security test tool that's designed to allow Windows NT, Windows 2000, Windows XP and and Windows Server 2003-based systems administrators to identify and close security holes in their networks. Proactive Password Auditor helps secure networks by executing an audit of account passwords, and exposing insecure account passwords. If it is possible to recover the password within a reasonable time, the password is considered insecure. The software supports a few different methods of obtaining password hashes for further attack/audit: from dump files (generated by 3rd party tools like pwdump/pwdump2/pwdump3), Registry of local computer, binary Registry files (SAM and SYSTEM), memory of local computer, and memory of remote computers (Domain Controllers), including ones running Active Directory. The product features brute-force and dictionary attacks on LM and NTLM password hashes, effectively optimized for speed, plus "rainbow" attack, that uses pre-computed hash tables that allow to find most passwords in minutes instead of days or weeks. Umbrella Added 2005-04-20 Umbrella is a security mechanism that implements a combination of Process-Based Access Control (PBAC) and authentication of binaries through Digital Signed Binaries (DSB). The scheme is designed for Linux-based consumer electronic devices ranging from mobile phones to settop boxes. Umbrella is implemented on top of the Linux Security Modules (LSM) framework. The PBAC scheme is enforced by a set of restrictions on each process. Browse by category |
|
|
Privacy Statement |
