Suramya's Blog : Welcome to my crazy life…

May 5, 2005

The Coroner Toolkit

Filed under: Computer Security,Security Tools,Security Tutorials — Suramya @ 5:37 PM

Linux Magazine has a really good article on The Coroner Tool kit which allows a sysadmin to perform forensics analysis on a compromized system.

Article: Linux Magazine
The Coroner Toolkit: Download Page

– Suramya

April 27, 2005

Detecting suspicious network traffic with psad

Filed under: Security Tools — Suramya @ 2:21 PM

These are light weight tools that alert you to suspicious network activity by analyzing iptables log files. This article contains information on how to install and configure psad.

– Suramya

April 22, 2005

Setting up encrypted tunnels

Filed under: Computer Software,Security Tools — Suramya @ 1:04 AM

Sometimes its desireable to setup an encrypted tunnel between two networked computers so that you can transfer data between them without letting anyone snoop the traffic.

The following are some of the programs that enable you to setup secure tunnels:

cryptcat:

Cryptcat is the standard netcat enhanced with twofish encryption.

stunnel:

Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL. It allows you to secure non-SSL aware daemons and protocols (like POP, IMAP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon’s code.

zeebede:

Zebedee is a simple program to establish an encrypted, compressed â??tunnelâ?? for TCP/IP or UDP data transfer between two systems.

SSH Tunnels:

SSH allows you to redirect local and remote ports over a secure SSH connection. The main advantage of this is that no extra software needs to be installed on the systems in order to use it.

In you know of others let me know and I will add them.

– Suramya

April 21, 2005

How to map network

Filed under: Security Tools — Suramya @ 4:02 AM

If you ever had to find all of the IP’s of the routers and computers on a network then these programs are for you. I havn’t tried them myself yet but they look promising. (The descriptions are taken verbatin from their respective websites)

Angry IP Scanner:

Angry IP scanner is a very fast IP scanner for Windows. It can scan IPs in any range. Its binary file size is very small compared to other IP scanners. Angry IP scanner simply pings each IP address to check if it’s alive, then optionally it is resolving hostname, scans ports, etc.

Superscan:

A powerful connect-based TCP port scanner, pinger and hostname resolver. Multithreaded and asynchronous techniques make this program extremely fast and versatile. Perform ping scans and port scans using any IP range or specify a text file to extract addresses from.

Cheops:

Cheops is an Open Source Network User Interface. It is designed to be the network equivalent of a swiss-army knife, unifying your network utilities.

As usual if you know of any others let me know.

– Suramya

April 17, 2005

Wireless LAN Security resources

Filed under: Security Tools,Security Tutorials — Suramya @ 4:53 AM

These are links to various sites that have information on Wireless LAN security. If you know of any other sites let me know and I will add them here.

Wireless security papers:
Lists a lot of papers on wireless security

Wardriving.com:
Has a lot of resources on Wardriving and how to protect against it

Wi-Fi Networking News:
Wi-Fi Networking News covers high-speed wireless networking and communications, focusing on Wi-Fi and related specifications.

Wi-Fi Planet:
A good source for Wi-Fi news

Securing Wireless Networks:
A good article on how to secure wireless networks

Wireless Intrusion Detection Systems:
Information on how to setup a Wireless Intrusion Detection system.

Wireless LAN Policies for Security &Management:
An interesting paper on setting up Wireless LAN security policies.

Airsnarf:
Airsnarf is a simple rogue wireless access point setup utility designed to demonstrate how a rogue AP can steal usernames and passwords from public wireless hotspots

WPA2 (Wi-Fi Protected Access 2):
WPA2 is the second generation of WPA security; providing enterprise and consumer Wi-Fi® users with a high level of assurance that only authorized users can access their wireless networks

– Suramya

April 11, 2005

How to log idle users out of a Linux system?

Filed under: Security Tools — Suramya @ 1:37 AM

Idle users are a big problem if the system doesn’t either log them out or lock the session. This is so because if a session is idle that means it might be unattended and could be used by an unauthorized person to gain access to restricted resources.

In windows idle the OS can be instructed to lock accounts after a specific idle time and in KDE/Gnome the screensaver’s allow us to the same thing. But this doesn’t cover the shell access. Users can remain logged in indefinetly unless they logout. Below are some programs that will log a user out if they exceed the specified idle time:

  • Set TMOUT= in /etc/profile. (Only for bash, sh users)
  • Use timeoutd
  • Use porttime to control login times.

If you know of any other ways please let me know.

– Suramya

April 10, 2005

Audit user logon activity

Filed under: Security Tools — Suramya @ 8:15 PM

These program(s) help you audit user logon activity to locate unusual activity:

EventCombMT:

Available as part of the Security Guide Scripts Download, this is a multi-threaded tool that will parse event logs from many servers at the same time.

Instructions on how to use EventCombMT are available over here.

Update (08th Aug 2007): Fixed the link to download the software and added the link to the instructions page

Tools to Audit a Windows Server

Filed under: Security Tools,Security Tutorials — Suramya @ 8:10 PM

Here are some links to software/articles that will help you Audit your windows server(s):

Software:

Articles:

– Suramya

List of Datawipe Tools

Filed under: Knowledgebase,Security Tools — Suramya @ 12:19 AM

Below are some software that allows you to delete data from disks securely. All of them are pretty efficent and make it difficult for someone to recover the data. However keep in mind that no data is 100% unrecoverable to those who have sufficient time and money.

So it you have some really sensitive data that you have to destroy look into purchasing a furnace and melt the disks down and then destroy the remains.

Software for Data Wiping:

DBAN:

Darik’s Boot and Nuke (’DBAN’) is a self-contained boot floppy that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction.

Autoclave:

It’s a bootable floppy image that sterilizes IDE hard disks on x86 machines.

BCWIPE:

BCWipe software is designed to securely delete files from disks and other media

Free Secure Delete Tools:

The utilities on this page allow you to destructively wipe/delete/erase a file, a disk (floppy disks, hard disks, etc), or a partition.

Kill Disk:

Active@ KillDisk is a powerful and compact DOS software that allows you to destroy all data on hard and floppy drives completely, excluding any possibility of future recovery of deleted files and folders.

Eraser:

Eraser is a powerful system security utility developed on the basis of advanced studies and research.

April 9, 2005

System log management Applications and Resources

Filed under: Security Tools — Suramya @ 9:49 PM

Programs to monitor the Log files for multiple computers running Windows 2000/XP/NT/2003.

GFI LANguard S.E.L.M:

GFI LANguard S.E.L.M. can analyze application, system and other event logs. You can back up and clear event logs on all remote machines in your network automatically; and view, report and filter events network-wide, instead of just per machine. GFI LANguard S.E.L.M. collects all events in one central database, making it easy to create network-wide reports and custom filters. Using the custom rules, you can create your own event alerts based on event ID, condition and event contents.

syslogng:

syslogng provides a centralised, securely stored log of all devices on your network, whatever platform they run on. And syslog-ng also incorporates a host of powerful features, including filtering based on message content, as well as customisable data mining and analysis capabilities.

Syslog Daemon for Windows:

Kiwi Syslog Daemon is a freeware Syslog Daemon for Windows. It receives, filters, logs, displays and forwards Syslog messages and SNMP traps from hosts such as routers, switches, Unix hosts and any other syslog enabled device.

LogAnalysis.org:

A site dedicated to pulling together a repository of useful information on log analysis for computer security

Implementing Central Logging Server

This document attempts to provide a practical guide for implementing a centralized syslog server at an Enterprise level. The document includes details on porting cross platform logs to a central syslog server, porting messages to a database and real time viewing and querying of the logs

Update (12th May 2005):

MS Log Parser:

Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key data sources on the Windows® operating system such as the Event Log, the Registry, the file system, and Active Directory®.

SecurityFocus has a good article explaining how to use the logparser.

« Newer Posts

Powered by WordPress