Favourite Security Tools

anonym00se · 29-05-2000 3:54pm #1

After reading:
http://www.networkcomputing.com/1110/1110ws1.html

It got me thinking about what the most common
security tools in use are, so what is every ones favourite tool, be it for IDS, auditing,
crypto etc and for what platform.

deRanged · 29-05-2000 4:09pm

the three I've used most in the past while are
openssl, l0phtcrack and ultrascan.
(solaris, nt, nt)

it's surprising how much you can get done with just those three.

[This message has been edited by deRanged (edited 29-05-2000).]

anonym00se · 29-05-2000 4:28pm

My current favourites would have to be:

network scanner

nmap (Unix)
http://www.insecure.org/nmap

IDS
---
snort (Unix)
http://www.clark.net/~roesch/security.html

OS Hardening

Titan (Solaris, SunOS)
http://www.fish.com/titan/

Auditing

Sara (Unix), Saint(Unix), ISS(Win), whisker(Unix)
http://www-arc.com/sara/sara.html
http://www.wwdsi.com/saint/
http://www.iss.net/securing_e-business/security_products/security_assessment/internet_scanner/
http://www.wiretrip.net/rfp/p/doc.asp?id=21&iface=2

OS
---

openBSD
http://www.openbsd.org - ok ok I know it
isnt a security tool, but it is so damn
cool.

deRanged · 29-05-2000 4:30pm

you must have thought about that list for a while

anonym00se · 29-05-2000 4:35pm

Surprisingly enough no, I saw your reply
like 10 min ago and thought I'd lash my
own together. After all I would use alot
of those daily, so it really wasnt that
hard to decide.

I did however leave out Crypto tools as
I just couldnt decide.

deRanged · 29-05-2000 4:37pm

what crypto tools do you use?
I know I'm being awkward but I'm in the middle of some ssl stuff atm so it's topical.
I'm using a mix of openssl, RSA's ssl_j and baltimore's j_ssl. with openssl as my favourite.

[This message has been edited by deRanged (edited 29-05-2000).]

anonym00se · 29-05-2000 4:54pm

Off the top of my head

I would use

Win32

pgp - http://www.pgpi.com
scramdisk - http://www.scramdisk.clara.net/

Unix
----

pgp
mcrypt - http://mcrypt.hellug.gr/
libMcrypt - http://mcrypt.hellug.gr/#_libmcrypt

I know there are lots more but I really
cant think of them atm.

Hopefully I will manage to get around to giving openBSDs swap encryption a go some time soon

On a slightly related note I also use

srm (unix) and eraser (win) for secure
file deletion
http://www.infowar.co.uk/thc/ http://www.tolvanen.com/eraser/

BrainDead · 30-05-2000 10:47am

snoop/tcpdump and telnet, what more do you need?

anonym00se · 30-05-2000 11:20am

Ok please explain how telnet is a security tool!!!

BrainDead · 30-05-2000 1:07pm

Well, telnet may not be the fastest means of doing things, but it's always there and can be used for a good variety of things.

BrainDead · 30-05-2000 1:11pm

Besides, ftp is much better for generating core dumps than telnet....ahhh those 8 meg core dumps at the press of a key

anonym00se · 30-05-2000 1:43pm

It is all well and good being able to get a computer to core dump, but being able to get any usefull info with that core file is a different kettle of fish.

BrainDead · 30-05-2000 1:55pm

Ahh, I know, but all these fancy tools make life just too easy

anonym00se · 30-05-2000 2:01pm

I for one dont want to have to waste time on things that can be automated. It just cuts into the time you have to test for "unknown" problems.

Kali · 30-05-2000 2:03pm

my syringe and a baseball bat.
what more security do you need?

spod · 30-05-2000 7:33pm

usual really.

nmap
netcat
a decent ssh client
tcpdump

been working with nt lots lately so things like smbclient and winfingerprint are useful.

never really used automated scanning tools much so don't have any particular favourites.

pgp obviously

snort/ipfilter

openbsd or a decent vax, oh and plan9 looks like it could be worth a look, if just for novelty. Kinda like a mate running arm linux, imagine porting shell code for sploits to that...

deRanged · 31-05-2000 12:12am

it can be used in many ways - to verify usernames/passwords, to check for active services/ports, you can get core dumps from it, stuff like that.

anonym00se · 31-05-2000 12:55am

Originally posted by deRanged:
it can be used in many ways - to verify usernames/passwords, to check for active services/ports, you can get core dumps from it, stuff like that.

Crack or JtR would be better suited to
verifying passwds were strong enough.

port scanner would be alot quicker to check for active services.

and if your telnet client/daemon is coredumping, you have problems. And
just cus it coredumps does not make it
a security tool!!!!!

anonym00se · 31-05-2000 10:00am

I hope that is openSSH

Found a very cute little tool for NT, does nothing other than delete the guest account
it is called delguest (duh) unfortunately cant remember the site i got it from.

on the ipf front, if you are using openBSD 2.7 release, becareful with ipf as it is buggy, you'd do well to cvsup to -stable once it is ready

BrainDead · 31-05-2000 4:38pm

Originally posted by spod:
Kinda like a mate running arm linux, imagine porting shell code for sploits to that...

Ahh, arm linux. just don't run the X-server... it's sloooow (uses too much fp).
ARM code is nice to write, especially since all the instructions are a fixed (32bit) size.

[This message has been edited by BrainDead (edited 31-05-2000).]

spod · 01-06-2000 12:10am

Originally posted by anonym00se:
I hope that is openSSH

obviously :P

Found a very cute little tool for NT, does nothing other than delete the guest account
it is called delguest (duh) unfortunately cant remember the site i got it from.

sounds useful. A good place for NT utilites is http://www.sysinternals.com/ lots of v. useful tools and some very interesting articles/papers. http://www.ntobjectives.com/ have some nice toys as well. Oh and don't forget http://netgroup-serv.polito.it/windump/ a win32 port of TcpDump. useful

on the ipf front, if you are using openBSD 2.7 release, becareful with ipf as it is buggy, you'd do well to cvsup to -stable once it is ready

Thanks for the tip, I've known about that for a while, the main open box I have at the minute is a half built dual interface box I was setting up to do firewalling for work so I have been keeping an eye out for that kind of thing. Don't particularly wanna run 2.7 cvsup'd on a production box so I'm gonna have to look into some sort of alternative or see if it's possible to get an updated ipf for open2.6. Haven't really looked into it yet, I'ill be doing it end of this week, early next week.

fun never stops eh?

anonym00se · 01-06-2000 12:23am

Wait till the 15th of June and hopefully they should have the 2.7-stable branch ready, which should be perfect for cvsuping.

As for delguest.exe I found the site it is: http://ntsecurity.nu/toolbox/

It has a few other neat tools worth playing around with.

Favourite Security Tools

Comments