SECHome|Crypto|SecToolKit|FirewallsDF|Other

Security Toolkit Submitted by SEC335-01 Spring 2008

Submitted by Andrew Dunham

Information Assurance Resources
http://www.astalavista.net  – is a hacking and security community. The site contains information about the latest rootkits, viruses, and worms. If you join the site they will provide you with a plethora of tools and viruses that you can pick apart to find out how they work. They also setup servers to host hacker war games amongst their members.


http://www.governmentsecurity.org/  - is a site with the latest stories about information security issues. These sites are helpful because they can provide viewers with information about vulnerabilities that they may have overlooked. In addition, the site seems to offer more information to their members.

http://www.milw0rm.com/#  - This site provides up-to-date exploits for all kinds of applications and operating systems. Its helpful to look at to ensure that your not running any software that could compromise your network. New exploits are posted daily. The site also provides video examples of crackers taking advantage of systems.

http://www.hoobie.net/security/exploits/index.html  and http://packetstormsecurity.org/  are similar to milworm, but they all have different exploits.

http://insecure.org/  - This is one of the most useful sites I have found for obtaining free network security tools. This site contains links to exploit programs, sniffers, web scanners, vulnerability scanners, port scanners, password crackers, packet crafters, etc… I would highly recommend checking it out if your not familiar with it.


http://www.speakeasy.net/speedtest/speedtest.swf  - This is a speed tester that I use a lot. It has a nice flash interface that doesn’t lag like some other speed test sites I have used in the past. Its free and has a number of different locations around the U.S. that can be used.

http://ettercap.sourceforge.net/  and http://www.Wireshark.org  – Both of these are decent packet sniffers. The provide realtime passive packet capturing that can be filtered or save to a .cap file and analyzed at a later date. Wireshark was formorly known as Ethereal and has been around for sometime. Ettercap is a neat tool because it is capable of dissecting ciphered protocols.

http://www.angryziber.com  – This site hosts a tool called Angry IP scanner which is a useful tool for scanning individual IP addresses or a range of IP addresses. This can be helpful if your curious who is connected to the network. Angry IP Scanned is open-source and is also capable of scanning ports.

http://www.download.com/Advanced-Port-Scanner/3000-2085_4-10127846.html  - Advanced Port Scanner is yet another useful free port scanner. It has a number of more advanced properties that can be set for things like scanning speed to pvent it from being blocked by security pcautions.

http://usertools.plus.net/tutorials/id/21  - This is a useful site that explains how to use telnet through a DOS command prompt. It shows how to access CGI Servers, Web Servers, and Mail Servers through the use of telnet. This can be useful for a number of reasons. One example would be the use of telnet to examine email headers of spoofed emails to see where they are coming from. It can also be helpful to keep logs of what you are doing through the use of a telnet client.

http://www.securityfocus.com/infocus/1694  - This site contains step-by-step instructions for securing an Apache server. They have walthroughs for installing the OS, pparing the software, compiling, configuring apache, and getting the service online. This site is useful for anyone who doesn’t want their Apache server to be wide open.

Submitted by Brendan Miles

Bootable Forensic Operating Systems

WEP Cracking

Window Hardening Guides

Cryptography

Encase Related Items

Firewall Operating Systems

Free Tools

Submitted by Brenton Johnson

Submitted by Charles Nolan

Submitted by Matt Huwyler

  1. http://www.sans.org/resources/popular.php
    I chose this site as one of my 25 as it contains a variety of topics relating to general security and potential issues that an individual could run into securing individual computer systems. This site covers the implementation of firewalls and the implementation of a security policy governing acceptable computer use as well as many other technical issues.
  2. http://www.windowsecurity.com/
  3. http://www.cert.org/homeusers/HomeComputerSecurity/
    This site was chosen because it has a wealth of information that can be used in terms of security. The site covers topics such as installing and maintaining a quality anti-virus program and installing and maintaining a firewall for security on a home computer and a home network. Also have good resources and tips at developing a strong password and encryption scheme.
  4. http://www.cert.org/tech_tips/home_networks.html
  5. http://www.cert.org/cert/information/sysadmin.html
  6.  http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/security-guide/
    This site contains a wealth of various information not only on how to implement various means of securities but also goes into great detail on identifying the various types of attacks that one may encounter. It then goes into great descriptions as to how to defend against the various forms and types of attacks.
  7. http://www.redhat.com/docs/manuals/linux/
  8. http://www.puschitz.com/SecuringLinux.shtml
  9. http://tldp.org/HOWTO/Security-Quickstart-Redhat-HOWTO/index.html
    The site that I chose here contains a wealth of knowledge on security dealing with Red Hat and discusses the implementation of firewalls. It also discusses and describes setting access policies for your computer and networks. It also has information on what services you actually need to be running in Red Hat and which you don’t really need. It also has details and information on Intrusion detection and how to correct any security issues that might allow for intrusion.
  10. http://people.redhat.com/jmorris/slides/dw-RedhatSecurity.pdf
  11. http://www.pctools.com/guides/security/
    This site is an excellent source of information for individuals regarding security in Windows and various windows/Microsoft based programs. It provides a constantly updated list of the various new security issues and holes that are in windows along with information on how to patch and fix these various security issues
  12. http://www.pctools.com/guides/password/
  13. http://www.microsoft.com/technet/security/prodtech/windowsxp/secwinxp/default.mspx
  14. http://www.microsoft.com/security/default.mspx
  15. http://www.windowsecurity.com/securitytests/
    This site provides an individual with several security tests that one can use to test and probe for various security flaws within a windows system. These tests are able to test for a variety of various web attacks that could be used on a computer and networks that are web connected.
  16. http://bignosebird.com/apache/a11.shtml
  17. http://www.oreilly.com/catalog/apache2/chapter/ch13.html
  18. http://www.apachesecurity.net/
    This site provides a decent guide for implementing security within an Apache Web Server in order to make it more security. It covers things such as the installation of various security tools and how to make them function properly in order to safeguard your computer.
  19. http://www.linuxplanet.com/linuxplanet/tutorials/1527/1/
    http://www.petefreitag.com/item/505.cfm
  20. http://linuxgazette.net/143/pfeiffer.html
    This is a site that describes how to secure and safeguard an Apache server with Mod_Security in order to resist and defend against various web attacks. It provides specific installation instructions and also provides instructions on how to configure and maintain it so as that it continues to provide security for Apache Web Servers.
    VPN Security
  21. http://www.cites.uiuc.edu/vpn/
  22. http://www.nta-monitor.com/posts/2005/01/vpn-flaws.html
  23. http://artofinfosec.com/
    This is more of a site where one can post a question and see if any of the other users on the system are familiar with that particular issue in terms of security. This could prove to be a valuable resource as questions arise throughout the class that I might need answers for. The site also has users that post various articles pertaining to security as in attacks, security defenses, and fraud schemes that are currently going around and this could all prove to be very useful.
  24. http://www.darknet.org.uk/

Submitted by Travis Cook

  1. http://www.sans.org/resources/popular.php
    The sans.org website is a good site to find information and resources related to infosec. The page gives several introductory level articles about different information security topics, but then also has a number of summaries and links to more detailed articles. Understanding methods used to violate security is a key part of safeguarding data, and this site is a good educational resource.
  2. http://www.dnsstuff.com
    I usednsstuff.com  all of the time when working on networks and security. They've recently updated the site and added a few new “features” that I could do without, but this is still a great “one stop” website for looking up who owns a certain IP address, who owns a domain, checking DNS records, and numerous other tasks
  3. http://www.coffer.com/mac_find/
    This website, which contains a database of MAC addresses, is a useful resource when troubleshooting networks, and also when attempting to track down security threats. For example, if I was to look at DHCP logs and see that an IP address was being assigned to an unknown device, the only information I may have about this device is its MAC address. By inputing that address into this database, I could easily look up whether it is a computer, or a wireless access point. When trying to track down rogue devices on a network, knowing what you're looking for can be quite helpful.
  4. http://www.grisoft.com/
    For Windows users, having a good, up-to-date antivirus program is an important part of desktop security. Antivirus protection can be applied at different levels of a network, but I would never feel comfortable not having it on the client. For home users, I recommend the use of AVG Free Edition, available from this website. It has a good, light weight scanner that does not bog down systems considerably. The fact that it is free attracts many of my customers, who are fed up with paying yearly fees for software that only makes their computer run worse and is always breaking. Updates are released on a daily basis, and the program downloads and applies these updates with the same frequency.
  5. http://www.securityfocus.com/
    Security Focus is an information security news website. This site contains general news stories about new exploits and technical activities, as well as information and listings of newly discovered vulnerabilities and bugs. Keeping abreast of this information is important for anyone in infosec, as it allows me to know what exploits to be on the lookout for and what software may need to be patched.
  6. http://neworder.box.sk/ 
    The neworder website is one of my favorite infosec news websites. This is a site I have monitored or some time now. The site isn't updated as frequently as a site like security focus, but many of the stories which appear on it really catch my attention. Putting together this list caused me to have to explore many different infosec sites, but neworder was the only site I visited where I had to stop putting together my list to go read an article... which lead me to reading another article. The site also has a detailed list of links about infosec. Unlike some sites, neworder does not shy away from sites that contain instructions and tools for exploits. The crackers certainly aren't going to have trouble finding things like this, and so it is important that network security people have easy and safe access as well, to be aware how these tools might be used against them and conduct controlled tests
  7. http://www.wireshark.org/ 
    I can't even begin to guess how many times I've used protocol analyzers to identify network issues – many related to security topics. Having wireshark handy is an important thing for anyone in infosec. On many occasions, I have used it to troubleshoot firewall configuration issues. I have also used it to gain a better understanding of network packets used in attacks by monitoring controlled environments and then introducing bad packets and capturing and analyzing them with this tool.
  8. http://ha.ckers.org/
    This blog is an excellent source for summeries and links to more detained information about web-based vulnerabilities, including things like javascript, XSS, XML, CGI, and more. They also cover some general information security related stories. The site has an informal feel which makes it easier and more enjoyable to read, while not detracting from the information they present (and you can always read the original articles they link to and form your own opinion – and then debate it with others
  9. http://www.microsoft.com/technet/Security/default.mspx
    The Microsoft TechNet security center website is stop #1 if you're looking for information about securing Microsoft products against discovered vulnerabilities. The site allows downloading of tools, and has all of the security bulletins and advisories released by Microsoft. The site also contains rich educational resources about hardening Microsoft products such as Exchange or IIS, not to mention XP, Vista, or Windows Server products.
  10. http://www.grc.com/default.htm
    The Gibson Research Corporation website is a site which contains a number of tools and web applications related to information security. While I like to take a large portion of the site and it's products with a grain of salt, the site does contain a number of tools and scanners which can provide information that, to an information security professional who knows how to interpret the results, rather than buying into everything Gibson may be trying to sell, may be helpful in identifying vulnerabilities. These include tools such as ShieldsUp and LeakTest, and a patch detection tool for IIS.
  11. http://www.acunetix.com/websitesecurity/
  12. http://www.cs.technion.ac.il/~itaish/software_security.htm
  13. http://www.deter.com/unix/
  14. http://www1.umn.edu/oit/security/resources/OIT__26762_REGION1.html
  15. http://www.windowsecurity.com/
  16. http://tldp.org/HOWTO/SSL-RedHat-HOWTO.html
  17. http://thinkhole.org/wp/2006/03/28/ipcop-openvpn-howto/
  18. http://www.ranum.com/security/computer_security/index.html
  19. http://www.cert.org/tech_tips/home_networks.html
  20. http://ipcop.org
  21. ftp://ftp.porcupine.org/pub/security/index.html
  22. http://www.cerias.purdue.edu/tools_and_resources/
  23. http://www.zone-h.org/
  24. http://www.dnssec.net/
  25. http://www.xssed.com/

Submitted by Trevor Bryant

  1. http://www.wireshark.org
    Wireshark is a packet “sniffing” tool. It works by capturing/identifying all the packets that go across your network. Wireshark is a helpful tool when trying to diagnose a variety of network issues.
  2. http://www.ipcop.org/
    Ipcop is a open source firewall application. Ipcop fits onto a single cd and can be installed on an old extra pc that you have lying around. Ipcop is an excellent alternative to expensive name brand firewalls. It can provide the same features as name brand firewalls.
  3. http://nmap.org/
    Nmap is a security scanning tool. It can be used to identify and discover open ports on a network. It is useful when trying to figure or verify what ports are open or being blocked on a computer/network. Nmap can also detect what OS is running on a remote machine.
  4. http://snort.org
    Snort an open source network intrusion prevention system. It capable of capturing, logging, and analyzing network traffic. It can be used to decect a variety of network attack such as buffer overflows, and port scans.
  5. http://www.openwall.com/john/
    John the ripper is a piece of open source software. It's a password cracker. Cracking passwords can be useful in determining if the passwords you are using are secure enough. The longer it takes for the program to crack a password, the more secure you password is.
  6. http://www.kismetwireless.net/
    Kismet is a network detector, packet sniffer, and intrusion detection system for wireless networks. It works with any wireless network card that can be put into monitor mode. Kismet can also be used to crack WEP keys if needed.
  7. http://www.networksecuritytoolkit.org/nst/index.html
    Network Security Toolkit is a set of network security software that can be installed as a separate OS. It is based on Fedora. It can easily be installed from a single CD. This software is useful because it contains a wide variety of useful network security software.
    Metasploit is another piece of open source software. It provides information about security vulnerabilities. Metasploit can be used to exploit code against a machine on your network if you need to test the security of that machine.
  8. http://sourceforge.net/projects/pwgen
    Pwgen is a simple piece of software used to create complex passwords. It can be useful when creating a secure password.
  9. http://www.linuxtopia.org/online_books/redhat_linux_security_guide/index.html
  10. http://bizsecurity.about.com/od/internetsecurity/ss/secureiissteps_4.htm
  11. http://www.acunetix.com
  12. http://www.grc.com/securitynow.htm
  13. http://www.ntop.org
  14. http://freeworld.thc.org/home.php
  15. http://cve.mitre.org/
  16. http://metasploit.org/
  17. http://www.chkrootkit.org/
  18. http://www.chiark.greenend.org.uk/~sgtatham/putty/
  19. http://www.openpgp.org/index.shtml
  20. http://www.netfilter.org/
  21. http://www.cert.org/
  22. http://www.nsa.gov/selinux/
  23. http://www.apachesecurity.net/
  24. http://www.securityfocus.com/
  25. http://www.stumbler.net/

Submitted by Zachary Gauthier