LINUX SECURITY --- August 01, 2000

A Few "Must Have" Linux Security Tools
by Rick Johnson

With literally thousands of Linux Security related tools out there, how do you know which ones you need? Well, only you can answer that; I can only list a few of the ones in my arsenal. While those I trust have recommended some, most were found through rigorous testing and plain old dumb luck.

* Nmap (http://www.insecure.org/nmap) - Nmap is a utility for port scanning large networks or a single host. This should be at the core of every Security Engineers toolkit. A few of the supported features of nmap include TCP SYN scanning, stealth scanning, ftp bounce attack, SYN/FIN scanning using IP fragments, ping-sweep, Direct RPC scanning, and even Remote OS Identification by TCP/IP Fingerprinting.

* Nessus (http://www.nessus.org) - Nessus is another remote scanner. It currently performs around 400 remote security checks. Nessus also has incredible reporting capabilities with text and graphed HTML output. Not only will it point out problems, but it also suggests a solution for each of them.

One interesting feature is that it will not consider that a given service is running on a fixed port -- that is, if you run your Web server on port 1234, Nessus will detect it and test its security. It will not make its security tests regarding the version number of the remote services, but will really attempt to exploit the vulnerability.

* Linux Security Quick Reference Card (http://www.linuxsecurity.com/docs) - This card, written by Dave Wreski, gives you one easy-to-use reference point for the basics of securing your system. Contained within are references to security resources around the net, tips on securing your Linux box, and general security information. I highly recommend keeping it on your desk.

* StackGuard (www.immunix.org) - StackGuard is a compiler that makes programs much less vulnerable to buffer overflow attacks. Using the compiler requires no source code changes at all. StackGuard does integrity checks on the stack so that it cannot be corrupted by buffer overflows without being detected. When a buffer overflow does happen, StackGuard notices and halts the program before the attacker can take control and do damage. They have even gone so far as to rebuild RedHat 6.2 using this marvel of compiling innovation and the result is the Immunix OS 6.2, which is available from the same site.

These are only a few of the fine tools available to help keep your servers safe from evil. I know there are plenty that are worthy of mention here and if you are the developer of a product that is unique and worthy of mention, please drop me a line. I am always in the market for a new way to protect myself.



Getting to the bottom of a security breach.

The security consultant's toolbox

Commercial products have their place, but nothing beats some of the better freeware tools.
http://www2.itworld.com/cma/ett article frame/0,2848,1 1624,00.html

An arsenal of attack tools
http://www2.itworld.com/cma/ett article frame/0,2848,1 1642,00.html

Copyright 2000 ITworld.com, Inc., All Rights Reserved.

Questions or problems regarding this web site should be directed to abeckman@outdoorssite.com.

Copyright 2008 Art Beckman. All rights reserved.

Last Modified: March 9, 2008