|
(Page 5 of 5) < Prev 1 2 3 4 5 Category: Hardening ImSafe - Host Based Anomaly Detection Added 2001-10-22 Immue Security Architecture for Your Enterprise: detect changes in the "normal" behavior of processes (eg: ftp server). Use a kernel driver to monitor system calls and build a "profile" of the monitored application. Fast heuristics for detection of Buffer Overflows. rTables Added 2001-10-22 rTables is a detailed, customizable iptables firewall for Linux 2.4.x, easily implemented on boxes with one to three network interfaces. It is currently set up to handle a single external LAN, single internal LAN, and a single internal DMZ. SPIRO-Bastille 1.0 Added 2001-10-22 SPIRO-Bastille attempts to make your system ultra secure by periodically checking the SPIRO-Linux website for security updates. It hardens the system from various attacks while adjusting ftpd, inetd, console security, remote access, etc. It is based up on the original Bastille-Linux Hardening System. BufOverP Added 2001-10-22 This code implements a reference monitor for the Linux kernel that authorizes the invocation of critical system calls. It is able to detect and block some buffer overflow attacks. suidcontrol Added 2001-10-22 suidcontrol is an experimental utility for managing suid/sgid policy under FreeBSD. The primary intent is to allow system managers to generate scripts to apply to new FreeBSD installations so that they can minimize risk associated with the plethora of tools requiring additional privilege to run. ech0 security scanner Added 2001-10-22 eSS is a remote security scanner for linux that scans remote nodes for known security flaws. It does some of the simple probing techniques automatically like banner grabbing, OS guessing, and it includes a multithread TCP portscanner. Harden NT Added 2001-10-22 HardenNT is a tool created to automate the task of securing one or more Microsoft Windows based computers. It is specifically aimed at securing Windows NT 4.0 machines, although some of the functionality could also be used on Windows 9x or even Windows 2000 networks. HardenNT is aimed at: Security minded system administrators who are willing to put some time and effort into securing their Windows systems; Security consultants who find themselves having to secure Windows NT computers regularly, and who are looking at a way to automate this as much as possible without losing the flexibility of easy customization. HardenNT's strength lies in its ability to provide security baselines for various systems. It can be used to perform the following tasks: Install one or more security patches on a Windows computer depending on its operating system, CPU architecture and service pack level; Restrict a user group's default NT privileges; Turn on NT auditing for security events a user considers important; Set NTFS ACL permissions, delete and/or move security critical files; Secure a computer's registry. HardenNT is not a tool that is to be installed or even run on a computer that one wants to secure. It merely creates a number of batch files that run standard NT (and NT resource kit) tools. This means that the batch files created by HardenNT are to be copied and run on the host you want to secure. The batch files rely on Microsoft Windows NT resource kit utilities (xcalcs.exe, auditpol.exe, ntrights.exe, regini.exe and shutdown.exe) and Microsoft security hotfixes. These executables will have to be purchased or downloaded from Microsoft and copied to the host you are trying to secure. mmtcpfwd Added 2001-10-22 mmtcpfwd is a port forwarder daemon for linux firewalls, a superserver which starts a standalone, non-root daemon per service. It has ability to limit connections on how many IPs and connections per IP, auto-DENY IPs upon an exceeded connection threshold, or fake services a-la portsentry. It uses a single configuration file. LCAP Linux Kernel Capability Remover Added 2001-10-22 "Capabilities" are a form of kernel-based access control. Linux kernel versions 2.2.11 and greater include the idea of a "capability bounding set". The bounding set is a list of capabilities that can be held by any process on the system. If a capability is removed from the bounding set, the capability may not be used by any process on the system (even processes owned by root). LCAP allows a system administrator to remove specific capabilities from the kernel in order to make the system more secure. LCAP modifies the value in the sysctl file "/proc/sys/kernel/cap-bound". Browse by category |
|
|
Privacy Statement |
