Intrusion Detection
- Free Systems
- Snort: is a free lightweight intrusion detection system that runs on many platorms. In addition to simple signature matching it can handle fragmnented packets and perform both stream reassembly and stateful protocol analysis. It has a rich intrusion signature base with a variety of useful plugins.
- Tcpdump: gives you the ability to "dump" traffic on a network. Allows for customizable TCP/IP filters based on libpcap format. You can perform partial or full packet capture.
- WinDump: tcpdump for Windows.
- Shadow: Heuristic Analysis system for Defensive Online Warfare. A great free IDS developed by the military.
- dsniff:: a collection of tools for network auditing and penetration testing.
- Commercial Systems
- Cisco: Cisco has a suite of intrusion detection systems for firewalls, standalone mode, hosts, switches and applicances.
- SecureNet Pro: Gigabit NIDS, regenerative taps, and a robust protcol decode engine that allows custom signatures.
- RealSecure
- Dragon
- Itrusheild
- Evasion Techniques and Tools
- Useful Tools for an Intrusion Detection Practictioner
- General Resources
Internet Weather Reports
Firewalls
- Free Systems
- Commercial Systems
- General Resources
Denial of Service
- Distributed Denial of Serivce
- Tools
- RID: Remote Intrusion Detector detects Trinoo, TFN, and StachelDraht clients.
- Zombie Zapper: a free tool that can stop flooding packets from zombie systems. Version 1.2 works with Trinoo, TFN, Stacheldraht, and Shaft.
- Gag:
- General Resources
Network Security
- Network Scanning Tools
- Nmap: Network Mapper is an open source utility for network exploration and security auditing. A great tool for stealthy OS fingerprinting.
- SuperScan
-
enum: console based Win32 information enumeration utility. It uses null sessions to retrieve useful information like system lists, sharelists, passwords and LSA policies.
- ELDump:dumps the NY event log from a system.
- Nessus
- Whisker: a CGI scanning tool for websites.
- dnswalk: a dns database debugger that queries live systems with zone transfers.
- Firewalk:: a reconnaissance tool that determines what layer 4 protocols will be passed through a IP forwarding device (firewall).
- Cerberus Internet Scanner:
- Aldebaran sniffer: Linux sniffer and network analyser.
- Sniffer FAQ: good explanation of network sniffing.
- Network Utilities
- Trinux: a ram-based Linux distribution that boots from a single floppy or CD-ROM. It contains the latest security tools for packet sniffing, penetration testing, sniffer detection, OS fingerprinting, etc,.
- Argus: a network audit record generation and utilization system. Argus is a real-time flow monitor designed to perform IP traffic auditing.
- TCPwrappers
- Netcat: dubbed the network swiss army knife for a reason. It has the ability to read and write data across network connections - a must for performing "back-end" communications between systems.
-
- Password Crackers
- Rootkits
- Worms
TCP/IP vulnerabilities and Exploits
Honey Pots
- Free Systems
- Deception Toolkit
- HoneyD
- LaBrea Tarpit
- Projects
Computer Forensics
Operating System Security
- Hardening Scripts
- Bastille Linux: a Linux hardening script that allows you to tighten security on a variety of Linux OSs such as: Red Hat, Debian, Mandrake and even HP-UX systems.
- Hardening Guidelines
- Useful Information
Applied Cryptography
Incident Response
- Internet Activity
- Security Vulnerability Tracking
- CERTs
- Incident Response Procedures
General Security Resources
- Security Websites
- Slashdot: There motto is 'News for Nerds. Stuff that Matters'. A great site with the latest breaking current world and technology news.
- SecurityFocus:
- Infosyssec: the security portal for information system security professionals.
- Government Security Resources
Miscellaneous
|