Appendix 1: Security Tools

A1.1 Tools

There are many tools that you can use to test and/or monitor your computing environment. The following is a small sample of what you can find available from many different vendors. Check the URL for each tool for ownership, copyright, or trademark considerations.

• Tool Name: TCP/IP wrapper program

• Category: Unix Security

• Description: The TCP/IP wrapper program provides network-logging information about TCP/IP access. The wrapper program can also provide an administrator with the ability to deny or allow access from certain systems or domains.

• URL: ftp://ftp.porcupine.org/pub/security

• Tool Name: ZoneAlarm

• Category: Monitoring

• Description: ZoneAlarm is used to protect your Internet-connected PC from hackers, crackers, and bears. ZoneAlarm includes several different services including firewall, application control, and an Internet lock.

• URL: http://www.zonelabs.com/

• Tool Name: Crack

• Category: Unix Password Cracking

• Description: Crack is a free program designed to identify UNIX passwords that can be found in available dictionaries.

• URL: ftp://coast.cs.purdue.edu/pub/tools/unix/crack

• Tool Name: NetBus Detective 5.2

• Category: Monitoring Tools

• Description: NetBus is a hacking tool that many hackers use for accessing another computer. The program is actually two parts: One tool is used by the hacker, and the other is started (placed) on the computer that the hacker wants to visit. NetBus Detective 5.2 will search for all NetBus programs and other hacking programs on your computer and remove them.

• URL: http://www.microsoft.com/

• Tool Name: Argus

• Category: Monitoring Tool

• Description: Argus is a network monitoring tool that implements a client-server model to capture data and associate it into "transactions." Argus provides network-level auditing, and it can verify compliance to a router configuration file.

• URL: ftp://ftp.andrew.cmu.edu/pub/argus

• Tool Name: BlackICE Defender

• Category: Internet Monitoring

• Description: BlackICE Defender delivers intrusion detection and personal firewall protection to your Internet-connected computer. BlackICE can scan cable, DSL, and dial-up Internet connections.

• URL: http://www.networkice.com/

• Tool Name: ISS (Internet Security Scanner)

• Category: Scanner

• Description: The ISS tool is a program that will interrogate all computers within a specified IP address range and determine the security status of each system in relation to several common system vulnerabilities.

• URL: ftp://coast.cs.purdue.edu/pub/tools/unix/iss

• Tool Name: Exchange Plus

• Category: E-Mail Scanner

• Description: Exchange Plus scans for content and attachments. Automatic attachment compression can help save bandwidth.

• URL: http://www.aspeonsoftware.com/

• Tool Name: ScanMail

• Category: E-Mail Scanner

• Description: ScanMail scans for content, viruses, and attachments.

• URL: http://www.antivirus.com/

• Tool Name: Tripwire

• Category: Monitoring tool

• Description: Tripwire is a security utility that compares a designated set of files and directories to information stored in a previously generated information store. Any differences are flagged and logged, including added or deleted entries.

• URL: ftp://coast.cs.purdue.edu/pub/tools/unix/Tripwire

• Tool Name: HostScan

• Category: Monitoring Tool

• Description: HostScan allows you to scan any or all TCP/IP services running on a computer.

• URL: http://www.savant-software.com/

• Tool Name: 4-Net

• Category: Monitoring Tool

• Description: 4-Net is an Internet tools package. It allows you to indefinitely maintain your Internet connection by simulating Internet activity. Use 4-Net to monitor your Internet connection's latency or your file download speeds.

• URL: http://www.cartoonlogic.com/4net

• Tool Name: COPS

• Category: Unix Security Reporting Tool

• Description: COPS is a publicly available collection of programs that attempts to identify security issues in a UNIX system.

• URL: ftp://coast.cs.purdue.edu/pub/tools/unix/cops

• Tool Name: Attacker 2.1

• Category: Port Listener

• Description: Attacker 2.1 is a TCP/UDP port listener. The PC owner will provide a list of ports to listen on, and the program will notify them when a connection or data arrives at the port.

• URL: http://members.home.com/rkeir/attacker.html

• Tool Name: Big Brother 1.3

• Category: Network Testing

• Description: Big Brother 1.3 consists of local clients that test system conditions and the availability of network services and sends status reports to one or more DISPLAY servers, where these reports appear as little dots on a web page.

• URL: http://bb4.com/features.html

• Tool Name: SATAN

• Category: Network Testing

• Description: SATAN is a testing and reporting tool that collects a variety of information about networked hosts.

• URL: ftp://ftp.porcupine.org/pub/security

• Tool Name: CommView 1.0

• Category: Network Monitoring tool

• Description: CommView 1.0 is an application for capturing and analyzing network packets.

• URL: http://www.tamos.com/cv.htm

• Tool Name: NoBackDoors

• Category: Monitoring Tool

• Description: NoBackDoors is an antihacker program that searches a computer and detects back door programs like NetBus and Back Orifice. This program can be set to run in the background and continually scan for "bad dudes."

• URL: http://home.swipnet.se/technotel

• Tool Name: ESMonitor

• Category: Monitoring Tool

• Description: ESMonitor is a networked systems monitoring package that will periodically check the status of systems and notify the appropriate users in the event that a system is down.

• URL: http://www.eronsoft.com/products.html

• Tool Name: Internet Anywhere Toolkit

• Category: Generic Tools

• Description: The Internet Anywhere Toolkit is a set of diagnostic tools, including Ping, Finger, WhoIs, TraceRoute, Name Server LookUp, Time, and Quote of the Day.

• URL: http://www.tnsoft.com/toolkit.htm

• Tool Name: MailMarshal

• Category: E-mail Scanner

• Description: MailMarshal scans for content, viruses, and attachments and can help prevent e-mail spoofing.

• URL: http://www.marshalsoftware.com/

• Tool Name: Net-Commando 2000

• Category: Virus and Trojan Detection

• Description: Net-Commando 2000 is an Internet security package designed to detect and remove all known and unknown Trojan horse viruses.

• URL: http://www.deltadesignuk.com/

• Tool Name: WorldSecure Mail

• Category: E-mail Scanner

• Description: This tool scans for content, viruses, and attachments. It can automatically encrypt messages at the server.

• URL: http://www.tumbleweed.com/

• Tool Name: ProtectX

• Category: Monitoring Tools

• Description: ProtectX is a hacker protection program for a PC. It monitors a system on the specified ports, notifies a user if someone tries to connect, and logs the IP number of the intruder.

• URL: http://www.plasmateksoftware.com/

• Tool Name: Elron CommandView Message Inspector

• Category: Scanner

• Description: Elron scans for content and attachments.

• URL: http://www.elronsoftware.com/

• Tool Name: NetHound

• Category: Monitoring Tool

• Description: NetHound will notify an assigned person in case of server malfunction by sending alerts via pager, e-mail, and pop-up windows to any number of alert recipients.

• URL: http://www.people-network.com/nethound.htm

• Tool Name: MailSweeper

• Category: E-Mail Scanner

• Description: This tool scans for content, viruses, and attachments, and also helps prevent e-mail spoofing.

• URL: http://www.mimesweeper.com/

• Tool Name: OstroSoft Internet Tools

• Category: Network Monitoring Tool

• Description: OstroSoft Internet Tools is an integrated set of network (Internet) information utilities that is intended for use by network, domain and systems administrators, network security professionals, and Internet users.

• URL: http://www.ostrosoft.com/ostronet.html

• Tool Name: PrivacyMaker

• Category: Utility

• Description: This program makes computer activities private. It securely cleans, hides, or encrypts cookies, cache, history, files, and folders. It clears the document menu. It includes the antihacker feature of a desktop alarm.

• URL: http://www.privacymaker.com/

• Tool Name: PortWatch

• Category: Port Monitor

• Description: PortWatch is an application that watches a user-specified TCP port for a connection, data, and close events. When these events occur, the user is alerted and information about the event is logged.

• URL: http://www.isd.net/jturgeon/portwatch

• Tool Name: Share finder

• Category: Network Scanner/Server Scanner

• Description: Share finder is a tool for administrators to examine what is being shared on their networks.

• URL: http://nfisher.campus.vt.edu/ogre%20electronics

• Tool Name: The VirusMD Personal Firewall

• Category: Personal Firewall

• Description: The VirusMD Personal Firewall program will monitor up to 12 user-selected ports at a time, including some ports that most modern firewalls miss. It will sound an alarm Klaxon when an intruder is detected.

• URL: http://www.virusmd.com/

• Tool Name: Webtrends for Firewalls and VPNs

• Category: Network Reporting Tool

• Description: Webtrends for Firewalls and VPNs is a comprehensive security and network traffic reporting solution. It analyzes firewall and proxy-server log files and allows the user to generate customized graphs and detailed tables on bandwidth consumption and security issues.

• URL: http://www.webtrends.com/products/firewall