I found a list of programs and web page addresses that deal with network security. So I decided to write this article that aims to help network administrators and not only to have a server as secure as possible.
I will start with a list of programs and various security tools that are useful when you need these tools.
- ipfilter: (http://cheops.anu.edu.au/~avalon/ip-filter.htm) is a program with which you can filter IPs
- freestone: (ftp://ftp.soscorp.com / pub / sos / freestone) firewall
- logout: (ftp://ftp.uu.net/pub/security/des) - Remote login
- satan: (http://www.fish.com/satan) - Security Adminstration Tool for Analyzing Networks
- Coutney: (ftp://ftp.auscert.org.au/pub/mirrors/ciac.llnl.gov/sectools/unix/courtney/) - Monitors the network and identifies the source machine of a SATAN attack / scan
- Merlin: ( ftp://ciac.llnl.gov/pub/ciac/sectools/unix/merlin/) - Graphical interface for COPS, Tiger, Crack and Tripwire security programs
- rsaeuro: (ftp://ftp.ox.ac.uk / pub / crypto / misc) -Encryption tools
- COPS: (ftp://ftp.cerias.purdue.edu/pub/tools/unix/scanners/cops/) - Check the security of UNIX systems
- SARA: (http: / /www-arc.com/sara/sara.html) - Security Auditor's Research Assistant, scanner to detect network vulnerabilities
- SAINT: (http://www.wwdsi.com/products/saint_engine.html) - Searches for computers on the network, scans ports and provides the user with a security report (commercial product)
- Tiger: (http://www.net .tamu.edu / network / tools / tiger.html) - Scans UNIX systems for security issues, similar to COPS
Securing connections: SSH (Secure Shell) and SSL (Secure Socket Layer)
- ssh.com: (http: // www.ssh.com/products/ssh) - Secure Shell
- OpenSSH: (http://www.openssh.org) - 'Open' version of ssh; requires
- OpenSSL: (http://www.openssl.org) - Secure Socket Layer (requires OpenSSH)
- zlib: (http://www.gzip.org/zlib.tar.gz) (requires OpenSSH)
- ssh: (http://www.cs.hut.fi/ssh/) - Commercial versions for SSH1 and SSH2
- SSL: (ftp://ftp.tu-chemnitz.de/pub/Local/informatik/sec_tel_ftp/) - Encrypted Telnet
- Windows Clients
- PuTTY (http://www.chiark.greenend.org.uk/~sgtatham /putty/download.html) - Client for Telnet, SSH, SCP, SFTP
- WinSCP (http://winscp.vse.cz/eng/) -Client SCP (Secure CoPy)
Some audit programs. What is an audit? In a few words, this term designates a preventive control over the network security (in our case).
Some of the most used audit programs are: Nessus, Chkrootkit, AdminForce CGI Auto Audit (http://www.linuxforce.net).
Nessus will try to detect holes in the security of the system trying to take advantage of the various weaknesses known in general. It will identify the various services running on the system and try to find security 'leaks'. If any vulnerabilities are found, upgrade recommendations or configuration changes will be made. It will also tell you what to worry about and why your system is vulnerable. It can give you these reports in various formats, among which the one in HTML contains graphics and links to security stats or where you can find upgrades.
Nessus checks the vulnerabilities of UNIX, Linux and Windows systems and can be found at http://Nessus.org or http://freshrmps.net. Warning: scanning a system other than your own is illegal.
Chkrootkit will check the system against intruder programs or Trojans and viruses. The program can be found at www.chkrootkit.org, being in fact a shell script and some programs in the C language.
Another danger to which a system can be exposed is the open ports.
- nmap (http://www.insecure.org/index.html) program is a port scanner tool investigation and security;
- nmapFe (http://codebox.net/nmapfe.html) a graphical interface for nmap;
- ndiff (http://www.vinecorp.com/ndiff) compares the various results obtained by nmap to determine the changes that have taken place;
- strobe (http://freshmeat.com/projects/strobe-classb/) scans the network
- portscan (http://www.perl.com/CPAN-local/authors/id/RBOW/portscan-1.0) a script in the Pearl language looking for open ports.
Even if Linux operating systems are not as exposed to viruses as those produced by Microsoft, this should not be overlooked. Here are some useful links, where you can find antivirus programs and information in this regard: http://www.fsecure.com/, http://symantec.com/, http://www.mcafee.com/ etc.
I hope that everything I have presented in this article will be useful to you to have quieter nights, when you do not personally supervise your server and it is exposed to cracker attacks.
The saying that the safest computer is the one that is off is true , but in a world where the Internet is more and more present in our lives, it can no longer be applied and therefore measures must be taken accordingly.