Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Favourite Security Tools

  • 29-05-2000 2:54pm
    #1
    Closed Accounts Posts: 60 ✭✭


    After reading:
    http://www.networkcomputing.com/1110/1110ws1.html

    It got me thinking about what the most common
    security tools in use are, so what is every ones favourite tool, be it for IDS, auditing,
    crypto etc and for what platform.


Comments

  • Registered Users, Registered Users 2 Posts: 3,744 ✭✭✭deRanged


    the three I've used most in the past while are
    openssl, l0phtcrack and ultrascan.
    (solaris, nt, nt)

    it's surprising how much you can get done with just those three.


    [This message has been edited by deRanged (edited 29-05-2000).]


  • Closed Accounts Posts: 60 ✭✭anonym00se


    My current favourites would have to be:

    network scanner
    nmap (Unix)
    http://www.insecure.org/nmap

    IDS
    ---
    snort (Unix)
    http://www.clark.net/~roesch/security.html

    OS Hardening
    Titan (Solaris, SunOS)
    http://www.fish.com/titan/

    Auditing
    Sara (Unix), Saint(Unix), ISS(Win), whisker(Unix)
    http://www-arc.com/sara/sara.html
    http://www.wwdsi.com/saint/
    http://www.iss.net/securing_e-business/security_products/security_assessment/internet_scanner/
    http://www.wiretrip.net/rfp/p/doc.asp?id=21&iface=2

    OS
    ---

    openBSD
    http://www.openbsd.org - ok ok I know it
    isnt a security tool, but it is so damn
    cool.


  • Registered Users, Registered Users 2 Posts: 3,744 ✭✭✭deRanged


    you must have thought about that list for a while smile.gif


  • Closed Accounts Posts: 60 ✭✭anonym00se


    Surprisingly enough no, I saw your reply
    like 10 min ago and thought I'd lash my
    own together. After all I would use alot
    of those daily, so it really wasnt that
    hard to decide.

    I did however leave out Crypto tools as
    I just couldnt decide.


  • Registered Users, Registered Users 2 Posts: 3,744 ✭✭✭deRanged


    what crypto tools do you use?
    I know I'm being awkward but I'm in the middle of some ssl stuff atm so it's topical.
    I'm using a mix of openssl, RSA's ssl_j and baltimore's j_ssl. with openssl as my favourite.

    [This message has been edited by deRanged (edited 29-05-2000).]


  • Advertisement
  • Closed Accounts Posts: 60 ✭✭anonym00se


    Off the top of my head

    I would use

    Win32
    pgp - http://www.pgpi.com
    scramdisk - http://www.scramdisk.clara.net/

    Unix
    ----

    pgp
    mcrypt - http://mcrypt.hellug.gr/
    libMcrypt - http://mcrypt.hellug.gr/#_libmcrypt

    I know there are lots more but I really
    cant think of them atm.

    Hopefully I will manage to get around to giving openBSDs swap encryption a go some time soon

    On a slightly related note I also use

    srm (unix) and eraser (win) for secure
    file deletion
    http://www.infowar.co.uk/thc/ http://www.tolvanen.com/eraser/


  • Closed Accounts Posts: 12 BrainDead


    snoop/tcpdump and telnet, what more do you need?


  • Closed Accounts Posts: 60 ✭✭anonym00se


    Ok please explain how telnet is a security tool!!!


  • Closed Accounts Posts: 12 BrainDead


    Well, telnet may not be the fastest means of doing things, but it's always there and can be used for a good variety of things.


  • Closed Accounts Posts: 12 BrainDead


    Besides, ftp is much better for generating core dumps than telnet....ahhh those 8 meg core dumps at the press of a key smile.gif


  • Advertisement
  • Closed Accounts Posts: 60 ✭✭anonym00se


    It is all well and good being able to get a computer to core dump, but being able to get any usefull info with that core file is a different kettle of fish.


  • Closed Accounts Posts: 12 BrainDead


    Ahh, I know, but all these fancy tools make life just too easy tongue.gif


  • Closed Accounts Posts: 60 ✭✭anonym00se


    I for one dont want to have to waste time on things that can be automated. It just cuts into the time you have to test for "unknown" problems.


  • Closed Accounts Posts: 6,601 ✭✭✭Kali


    my syringe and a baseball bat.
    what more security do you need?


  • Registered Users, Registered Users 2 Posts: 332 ✭✭spod


    usual really.

    nmap
    netcat
    a decent ssh client
    tcpdump

    been working with nt lots lately so things like smbclient and winfingerprint are useful.

    never really used automated scanning tools much so don't have any particular favourites.

    pgp obviously

    snort/ipfilter

    openbsd or a decent vax, oh and plan9 looks like it could be worth a look, if just for novelty. Kinda like a mate running arm linux, imagine porting shell code for sploits to that...


  • Registered Users, Registered Users 2 Posts: 3,744 ✭✭✭deRanged


    it can be used in many ways - to verify usernames/passwords, to check for active services/ports, you can get core dumps from it, stuff like that.


  • Closed Accounts Posts: 60 ✭✭anonym00se


    Originally posted by deRanged:
    it can be used in many ways - to verify usernames/passwords, to check for active services/ports, you can get core dumps from it, stuff like that.

    Crack or JtR would be better suited to
    verifying passwds were strong enough.

    port scanner would be alot quicker to check for active services.

    and if your telnet client/daemon is coredumping, you have problems. And
    just cus it coredumps does not make it
    a security tool!!!!!


  • Closed Accounts Posts: 60 ✭✭anonym00se


    I hope that is openSSH :)


    Found a very cute little tool for NT, does nothing other than delete the guest account
    it is called delguest (duh) unfortunately cant remember the site i got it from.

    on the ipf front, if you are using openBSD 2.7 release, becareful with ipf as it is buggy, you'd do well to cvsup to -stable once it is ready


  • Closed Accounts Posts: 12 BrainDead


    Originally posted by spod:
    Kinda like a mate running arm linux, imagine porting shell code for sploits to that...

    Ahh, arm linux. just don't run the X-server... it's sloooow (uses too much fp).
    ARM code is nice to write, especially since all the instructions are a fixed (32bit) size.


    [This message has been edited by BrainDead (edited 31-05-2000).]


  • Registered Users, Registered Users 2 Posts: 332 ✭✭spod


    Originally posted by anonym00se:
    I hope that is openSSH smile.gif

    obviously :P

    Found a very cute little tool for NT, does nothing other than delete the guest account
    it is called delguest (duh) unfortunately cant remember the site i got it from.

    sounds useful. A good place for NT utilites is http://www.sysinternals.com/ lots of v. useful tools and some very interesting articles/papers. http://www.ntobjectives.com/ have some nice toys as well. Oh and don't forget http://netgroup-serv.polito.it/windump/ a win32 port of TcpDump. useful wink.gif

    on the ipf front, if you are using openBSD 2.7 release, becareful with ipf as it is buggy, you'd do well to cvsup to -stable once it is ready

    Thanks for the tip, I've known about that for a while, the main open box I have at the minute is a half built dual interface box I was setting up to do firewalling for work so I have been keeping an eye out for that kind of thing. Don't particularly wanna run 2.7 cvsup'd on a production box so I'm gonna have to look into some sort of alternative or see if it's possible to get an updated ipf for open2.6. Haven't really looked into it yet, I'ill be doing it end of this week, early next week.

    fun never stops eh?


  • Advertisement
  • Closed Accounts Posts: 60 ✭✭anonym00se


    Wait till the 15th of June and hopefully they should have the 2.7-stable branch ready, which should be perfect for cvsuping.

    As for delguest.exe I found the site it is: http://ntsecurity.nu/toolbox/

    It has a few other neat tools worth playing around with.


Advertisement