2 Next >
Category: Hardening » NT
Harden SSL/TLS allows hardening SSL/TLS Schannel settings of Windows 2000,2003,2008,2008R2, XP,Vista,7. It allows to locally and remotely set SSL policies allowing or denying certain ciphers/hashes or complete ciphersuites. This tool specific allows setting policies with regards to what ciphers and protocols are available to applications that use SCHANNEL crypto interface. A lot of windows applications do use this interface, for instance Google Chrome as well as Apple Safari are a few of these. By changing the settings you can indirectly control what ciphers these applications are allowed to use.
IIS Secure Parameter Filter (SPF)
SPF is an application security module designed for Microsoft IIS web servers. SPF uses cryptography to dynamically secure embedded application parameters at runtime (Query String Values, Form Inputs & Cookies). SPF does not require any changes to the underlying application code and provides instant protection against parameter tampering, URL manipulation and replay attacks. SPF also includes the capability to define forbidden input patterns (Black-Lists) using regular expressions to block known attack signatures.
Helios is an advanced malware detection system. It has been designed to detect, remove and inoculate against modern Windows rootkits. It performs behavioral analysis as opposed to signature based analysis and is one of the only tools that is able to detect rootkits in real-time, unhide hidden processes, restore hijacked system functions and inoculate the system against rootkit installation.
Password Policy Enforcer
Password Policy Enforcer allows you to create and enforce up to 256 different password policies in a Windows domain. Policies are easily configured, and can be assigned to specific users, groups, and organizational units. An optional client component helps users to choose a suitable password, and reduces password related helpdesk calls. PPE is the only commercially available password filter specified in the "DISA Field Security Operations - Windows 2003/XP/2000 Addendum V5R1 [UNCLASSIFIED]" PPE can also integrate with ANIXIS Password Reset, a self-service password management system that allows users to securely reset their own passwords.
GeSWall Server Edition
With GeSWall Server Edition, you can harden your Web, Mail and SQL Servers. Hardening implies an isolation security policy that prevents damage from targeted intrusions and effectively precludes various attacks, known and unknown. Built on proven technology, GeSWall Server Edition provides powerful features to manage its security policy by means of Microsft Windows Group Policy and Active Directory.
Windows Permission Identifier
This tool enables administrators and penetration testers to review and audit the permissions of users on a windows machine. Windows Permission Identifier can check; File ACLs Folder ACLs Registry ACLs Services Permissions Shares Installation rights Internet Access and so on. The GUI enables the administrator to create policies that can be saved in XML format. The windows machines permissions are then checked against this policy. This enables administrators to run checks against existing organisational windows security baseline documents. Policies can be saved in XML format and all results can be exported for further use. WARNING: The policy that is included is a sample of the functionality of the tool. It is not a security policy that should be followed. Report Bugs & send your own policy files : nhouse[at]stationx.net It would be very useful to the community if you send me any policies you create. For example, Web server, desktop, domain controller or what ever you create. I will upload your policy files to the site and credit you.
Proactive Password Auditor
Proactive Password Auditor is a password security test tool that's designed to allow Windows NT, Windows 2000, Windows XP and and Windows Server 2003-based systems administrators to identify and close security holes in their networks. Proactive Password Auditor helps secure networks by executing an audit of account passwords, and exposing insecure account passwords. If it is possible to recover the password within a reasonable time, the password is considered insecure. The software supports a few different methods of obtaining password hashes for further attack/audit: from dump files (generated by 3rd party tools like pwdump/pwdump2/pwdump3), Registry of local computer, binary Registry files (SAM and SYSTEM), memory of local computer, and memory of remote computers (Domain Controllers), including ones running Active Directory. The product features brute-force and dictionary attacks on LM and NTLM password hashes, effectively optimized for speed, plus "rainbow" attack, that uses pre-computed hash tables that allow to find most passwords in minutes instead of days or weeks.
hardening your tcp/ip stack (e.g. against dos-attacks) of windowsnt/2k/xp/2003-based workstations and servers. new* incl. 7 new methods and remote-registry functions.
Protect your computer from Internet worms and hackers' attacks, which become possible due to the operational system and software vulnerabilities ("exploits"). Neither antiviruses, nor firewalls can protect from exploits. Only Anti-Cracker Shield, a multilevel security system is able to cope with all known and unknown versions of "exploits". It is possible and is necessary to protect from hackers!
ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding applications from attacks. ModSecurity supports Apache (both branches) today, with support for Java-based servers coming soon.
Browse by category