LINUX SECURITY --- August 01, 2000
A Few "Must Have" Linux Security Tools
by Rick Johnson
With literally thousands of Linux Security related tools out there, how do you
know which ones you need? Well, only you can answer that; I can only list a few
of the ones in my arsenal. While those I trust have recommended some, most were
found through rigorous testing and plain old dumb luck.
* Nmap (http://www.insecure.org/nmap) - Nmap is a utility for port scanning
large networks or a single host. This should be at the core of every Security
Engineers toolkit. A few of the supported features of nmap include TCP SYN
scanning, stealth scanning, ftp bounce attack, SYN/FIN scanning using IP
fragments, ping-sweep, Direct RPC scanning, and even Remote OS Identification by
* Nessus (http://www.nessus.org) - Nessus is another remote scanner. It
currently performs around 400 remote security checks. Nessus also has incredible
reporting capabilities with text and graphed HTML output. Not only will it point
out problems, but it also suggests a solution for each of them.
One interesting feature is that it will not consider that a given service is
running on a fixed port -- that is, if you run your Web server on port 1234,
Nessus will detect it and test its security. It will not make its security tests
regarding the version number of the remote services, but will really attempt to
exploit the vulnerability.
* Linux Security Quick Reference Card (http://www.linuxsecurity.com/docs) - This
card, written by Dave Wreski, gives you one easy-to-use reference point for the
basics of securing your system. Contained within are references to security
resources around the net, tips on securing your Linux box, and general security
information. I highly recommend keeping it on your desk.
* StackGuard (www.immunix.org) - StackGuard is a compiler that makes programs
much less vulnerable to buffer overflow attacks. Using the compiler requires no
source code changes at all. StackGuard does integrity checks on the stack so
that it cannot be corrupted by buffer overflows without being detected. When a
buffer overflow does happen, StackGuard notices and halts the program before the
attacker can take control and do damage. They have even gone so far as to
rebuild RedHat 6.2 using this marvel of compiling innovation and the result is
the Immunix OS 6.2, which is available from the same site.
These are only a few of the fine tools available to help keep your servers safe
from evil. I know there are plenty that are worthy of mention here and if you
are the developer of a product that is unique and worthy of mention, please drop
me a line. I am always in the market for a new way to protect myself.
Getting to the bottom of a security breach.
The security consultant's toolbox
Commercial products have their place, but nothing beats some of the better
http://www2.itworld.com/cma/ett article frame/0,2848,1 1624,00.html
An arsenal of attack tools
http://www2.itworld.com/cma/ett article frame/0,2848,1 1642,00.html
Copyright 2000 ITworld.com, Inc., All Rights Reserved.