Security Tools

* SECURITY TOOLS*

 

IPFilter               http://coombs.anu.edu.au/ipfilter/

Description: IP Filter is a TCP/IP packet filter, suitable for use in a firewall environment. To use, it can either be used as a loadable kernel module orincorporated into your UNIX    kernel; use as a loadable kernel module where possible is highly recommended. Scripts are provided to install and patch system files, as required.

 

Iptables/netfilter/ipchains/ipfwadm              http://netfilter.kernelnotes.org/

Description: IP packet filter administration for 2.4.X kernels Iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. The iptables tool also supports configuration of dynamic and static network address translation.

 

Tcp wrappers                 ftp://ftp.porcupine.org/pub/security/index.html

Description: Wietse Venema's TCP wrappers library Wietse Venema's network logger, also known as TCPD or LOG_TCP. . These programs log the client host name of incoming telnet, ftp, rsh, rlogin, finger etc. requests. Security options are: access control per host, domain and/or service; detection of host name spoofing or host address spoofing booby traps to implement an early-warning system.

 

Cisco ACL’s and Cisco IOS              http://www.cisco.com

Description: Cisco Systems IOS and information about Access Lists (ACL’s)

 

OpenSSH / SSH                  http://www.openssh.com/

Description: Secure rlogin/rsh/rcp replacement (OpenSSH) OpenSSH is derived from OpenBSD's version of ssh, which was in turn derived from ssh code from before the time when ssh's license was changed to be non-free. Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands on a remote machine. It provides secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. It is intended as a replacement for rlogin, rsh and rcp, and can be used to provide rdist, and rsync with a secure communication channel.

 

 

[Index] [Introduction] [Attack] [Detection / Recovery] [Prevention] [Conclusion] [Credits]