Join us on IRC: #infoanarchy on irc.oftc.net — channel blog

Talk:Security

From iA wiki

Perhaps security as a topic ought to be rearranged somewhat. Right now, things are topic-based, whereas from the user perspective things really ought to be "use"-based. So, where there are topics surrounding "network links" and linked to encryption etc.. there needs to be "security and files" or "security and the internet" etc etc.. This way these topics could be dropped into the Handbook easily. -- rack

  • srm | Sourceforge Page - Secure file deletion for posix systems - A drop-in replacement for 'rm'. Better than 'shred', as this doesn't appear to be limited by shred's inability to securely delete from journalling filesystems. (emailed the author -- rack)
  • Port Scan Attack Detector | GNU Page - Port Scan Attack Detector (psad) works with the Linux kernel firewalling code (iptables in the 2.4.x kernels, and ipchains in the 2.2.x kernels) to detect port scans. It has highly configurable danger thresholds (with sensible defaults provided), verbose alert messages that include the source, destination, scanned port range, begin and end times, TCP flags and corresponding nmap options (Linux 2.4.x kernels only), email alerting, and automatic blocking of offending IP addresses via dynamic configuration of ipchains/iptables firewall rulesets. For the 2.4.x kernels psad incorporates many of the TCP signatures included in Snort to detect suspect scans for various backdoor programs (e.g. EvilFTP, GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port scans (syn, fin, Xmas) can be leveraged against a machine via nmap.
  • LogSentry | GNU Page - ' LogSentry' automatically monitors your system logs and periodically mails security violations and other strange events to you. It can process logfiles from Psionic's PortSentry and HostSentry, system daemons, Wietse Venema's TCP Wrapper and Log Daemon packages, and the Firewall Toolkit by Trusted Information Systems Inc.(TIS). This product was formerly known as 'logcheck.'
  • logwatch | GNU Page - Logwatch analyzes and reports on system logs. It is a customizable and pluggable log-monitoring system that will go through your system logs for a given period of time and report on given areas in set detail. It normally sends you an email every night.
  • AIDE | GNU Page - The Advanced Intrusion Detection Environment does everything Tripwire (tm) does and more. -- The program creates a database from the regular expression rules that it finds from the config file. Once this database is initialized you can use it to verify the integrity of the files. It has several message digest algoriths that are used to check the integrity of the file. More algorithms can be added with relative ease. All of the usual file attributes can also be chacked for inconsistencies. It can read databases from older or newer versions.
  • Tiger | GNU Page - TIGER is a set of Bourne shell scripts, C programs, and data files which are used to perform a security audit of Unix systems. The security audit results are useful both for system analysis (security auditing) and for real-time, host-based intrusion detection (if configured to run through cron and by sending e-mail reports).
  • SNORT | GNU Page - Snort is a network intrusion detection system that performs real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and more.
  • Samhain | GNU Page - samhain is a file system integrity checker that can be used for both single hosts and networks. You can trace what changes have occurred in your system, when they occurred, and who was logged in at the time. -- The program uses cryptographic checksums to monitor file integrity and detect unauthorized modifications of a file system. It's designed for tamper resistance, even if an intruder has obtained root privileges. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, tamper-resistant log file, and syslog) are available.
  • Integrit | Sourceforge Page | GNU Homepage - Integrit is an alternative to file integrity verification programs like tripwire and aide. It helps you determine whether an intruder has modified a computer system. It creates a database that is a snapshot of the essential parts of your computer system. You put the database somewhere safe, and then use it to make sure that no one has made illicit modifications to the computer system. If there's a break in, you know exactly which files have been modified, added, or removed. -- Current features include a small memory footprint, a simple and modular design (for a faster learning curve), up-to-date cryptographic algorithms, cascading rulesets, output that can be XML or a human-readable form that can be scanned, an option to reset access times, simultaneous check and update, and a design that is meant for unattended use.
  • IPFC | GNU Page - IPFC is software and a framework to manage and monitor multiple types of security modules across a global network. Modules can be packet filters (like netfilter, pf, ipfw, IP Filter, checkpoint FW1, etc.), NIDS (Snort, arpwatch, etc.), Web servers, or other general devices (from servers to embedded devices). It features log collection for different security "agents", dynamic log correlation possibilities, and easy extensibility due to the generic database and XML message formats used.
  • Firestorm | GNU Page - Firestorm is an extremely high performance network intrusion detection system (NIDS). At the moment it just a sensor but plans are to include real support for analysis, reporting, remote console and on-the-fly sensor configuration. It is fully pluggable and hence extremely flexible.
  • IDSA | GNU Page - IDS/A is a research project to equip trusted applications with some form of "security awareness." It consists of a combined system logger, reference monitor, and intrusion detection system for applications that lets you monitor and adjust application activity. Features include a powerful logging component and an extensible and modular access control subsystem which can be driven by misuse signatures, anomaly detection modules, or even a human operator.
  • Hackbot - Hackbot is a vulnerability scanner that started as a joke at first, but now it has become a serious project. Hackbot scans over 300 CGI's, scans for banners of several services, does unicode checks, checks for open relays, outsmarts Cisco PIX MailGuard, can do ripe checkup, spamcop db checkup, X connect test and lots more.
  • grsecurity | GNU Page - grsecurity is a complete security system for Linux 2.4 that implements a detection/prevention/containment strategy. It prevents most forms of address space modification, confines programs with least privilege via its process-based ACL system, hardens syscalls, and provides many of the OpenBSD randomness features. It has auditing capabilities and a netfilter module designed to thwart portscans and OS fingerprinting.
  • fenris | GNU Page - Fenris - Tools for code debugging and examining possibly hostile applications -- Fenris is a multipurpose tracer, GUI debugger, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics - providing a structural program trace, interactive debugging capabilities, general information about internal constructions, execution path, memory operations, I/O, conditional expressions and more. Fenris can do traditional, instruction by instruction or breakpoint to breakpoint interactive debugging enhanced by additional structural data about the code delivered to the user; it is able to fingerprint functions in static binaries, reconstruct symbol tables in ELF files based on that information, automatically detect common library code; able to deliver text-based and graphical, browsable output that documents different aspects of program activity on different abstraction layers; able to perform partial analysis of single structural blocks.
  • SoftSecurity - Usemod has some interesting ideas on the topic, and related topics. There may also be some psychological studies on the issues in question. -- rack

- hrm, should probably have log watching and processing functions on their own page -- rack

  • Cryptome.org -- unsure if this fits in anywhere in particular

I recommend putting all the software together on a seperate Security software page. Put them in some logical classification and have a wiki link explaining each topic, maybe. These topic do need detailed explanation -- ABliss

Great quote on security:

"No one can guarantee 100% security. But we can work toward 100% risk acceptance. Fraud exists in current commerce systems: cash can be counterfeited, checks altered, credit card numbers stolen. Yet these systems are still successful because the benefits and conveniences outweigh the losses. Privacy systems--wall safes, door locks, curtains--are not perfect, but they're often good enough."

-- From Counterpane article "Why Crypto Is Harder Than It Looks"

Retrieved from "http://www.infoanarchy.org/en/Talk:Security"