< Prev 5 6 7 8 9 10 11 12 13 14 15 Next >
Category: Intrusion Detection
Tiger security tool
TIGER is a set of Bourne shell scripts, C programs, and data files which are used to perform a security audit of Unix systems. The security audit results are useful both for system analysis (security auditing) and for real-time, host-based intrusion detection.
Poor Man's IDS
Poor Man's IDS is a couple of scripts which check certain files on your host (any you like) for changes in content, ownership, and mode. Instead of only mailing if something is wrong (like other IDSs), this lean IDS will send you a daily (or weekly or hourly, depending on how you set-up your cron job) security audit, containing details of what it found (if anything).
Saint Jude is a wholly kernel-based intrusion detection and intrusion response system that implements the Saint Jude Model for detection of improper privilege transitions. Saint Jude can detect the presence of ongoing and successful attacks, from sources both local and remote, that would yield root-level access to the attacking individual. Detection is performed using a rule-based anomaly detector that uses a model of normal system behavior that is generated on the protected machine during a training phase. By comparing actual actions against a fully developed model, it is possible to detect attacks against vulnerabilities that are both known and unknown with no false positives or negatives.
WHArsenal is designed to be the next generation of professional web security audit software. Architected from the ground up to be a generic web application security productivity tool, WHArsenal gives security professionals and web developer's access to the tools they need to make the job securing web applications faster and easier. WHArsenal possesses a powerful suite of GUI-Browser based web security tools. These endowments make WHArsenal capable of completing painstaking web security pen-test work considerably faster and more effectively than any of the currently available tools.
Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort has a real-time alerting capabilty, with alerts being sent to syslog, a seperate "alert" file, or as a WinPopup message via Samba's smbclient.
NetSPoc (Network Security Policy Compiler)
The Network Security Policy Compiler (NetSPoC) is a tool for security management of large computer networks with different security domains. It generates configuration files for packet filters controlling the borders of security domains. It provides its own language for describing security policy and the topology of a network. The security policy is a set of rules that state which packets are allowed to pass the network and which are not. NetSPoC is topology aware; a rule for traffic from A to B is automatically applied to all managed packet filters on the path from A to B.
SNARE (System iNtrusion Analysis and Reporting Environment) is a dynamically loadable kernel module that will form the basis for a host intrusion detection facility and C2-style auditing/event logging capability for Linux.
Linux Intrusion Detection System LSM (Linux Security Module)
The Linux Intrusion Detection System (LIDS) is a patch which enhances the kernel's security by implementing a reference monitor and Mandatory Access Control (MAC). When it is in effect, chosen file access, all system/network administration operations, any capability use, raw device, memory, and I/O access can be made impossible even for root. You can define which programs can access specific files. It uses and extends the system capabilities bounding set to control the whole system and adds some network and filesystem security features to the kernel to enhance the security. You can finely tune the security protections online, hide sensitive processes, receive security alerts through the network, and more.
Quarantine is yet another firewall that has masquerade, TOS, and experimental traffic-shaping features. It has a lot of options, but is quite easy to configure. It was formerly known as Netwall.
mod_protection is an Apache module that integrates the basic function of an IDS (Intrusion Detection System) and a firewall. When a malicious client sends a request that matches a rule, the administrator will be warned and the client gets an error message.
Browse by category