Attacker 3.0 — Download this tool if you wish to monitor a workstation’s open ports. If data come through a port, the program will notify the user. You can customize which UDP/TCP ports you wish to monitor. NOTE: This program opens all the ports it monitors. Although this will not make your machine less secure, it will make your computer more appealing to a hacker because it will look vulnerable from the outside. We suggest using this in conjunction with an antivirus program and to disable file and printer sharing.
ScanMsgr.Exe — For the system administrator looking for a quick and easy way of testing systems for the latest Microsoft Messenger vulnerability.
Securing IIS 5.0 – This document contains a number of steps you can take to improve security on your server running IIS.
SSH for Windows — From Network Simplicity. This site is for Windows-based systems.
Fport — This document explains how to use fport, a free tool from Foundstone that will show you what programs on your system are opening which ports (both TCP and UDP) on Windows NT, 2000, and XP.
Microsoft Security — Microsoft’s official security homepage with patches, strategies, bulletins, development, and more.
Vision 1.0– The successor to Fport that functions in the same way but is a good alternative to fport as many new hackers place “fake” fport programs within hacks. This program also plays a more active role in assessment, as it will determine whether an open port that it identifies is legitimate or not.
Securing Red Hat Linux — This ITS Security document outlines a number of steps to follow to secure a system running Red Hat Linux 7.2, and can be adapted for other Linux installations. You may also want to visit the official Red Hat 8.0 security site.
Securing Solaris — This ITS Security document outlines a number of steps to follow to secure a system running Solaris 8, and can be adapted for other Solaris installations.
Bastille Linux — Bastille Linux is a community project that attempts to provide a hardening script which will provide the most secure yet functional Redhat Linux system. It is recommended for the user who has little knowledge about security.
Installing a UNIX DCI Machine — This ITS document describes the steps necessary to set up a Unix system so that it can take advantage of UNC’s Distributed Computing Infrastructure (DCI), including the following components: UserID Management, Kerberos Authentication, AFS Filespace, License Management, User Environment, and Load Sharing Facility (LSF).
SSH Secure Shell — The standard for remote logins and file transfer over the Internet which should be used in place of telnet. It encrypts all traffic, and provides a high level of protection against hacker attacks. This site is for Unix-based systems.
Sudo — Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments.
TCP Wrappers — A must-use security tool that filters incoming connections to network services such as telnet and ftp. Also provided security options like access control per host, domain and/or service.
Tripwire — Tripwire monitors all servers and clients on a network, detecting and reporting any changes to critical system or data files. Tripwire can determine if a protected file has been altered in a way that violates the policy set by the administrators. This ensures that any change, whether due to an external intruder or internal misuses, will be identified and documented on a timely basis.
Apache suEXEC Support for CGI Applications — Provides Apache users the ability to run CGI and SSI programs under user IDs different from the user ID of the calling web-server. Used properly, this feature can reduce considerably the security risks involved with allowing users to develop and run private CGI or SSI programs.
General Guides and Checklists
Login Banner Message — post the linked login banner message, to the degree technically feasible, on any system that hosts nonpublic services, such as any service that has restricted access through Onyen login, ssh, etc.
The 60 Minute Network Security Guide (pdf) — Brought to you by the Systems Network Attack Center (SNAC) at the National Security Agency, this PDF guide covers the basics of network security, including sections on IDS, Microsoft and Windows, Unix, and firewalls.
Bugtraq Mailing List (and others) — BugTraq is a full disclosure moderated mailing list for the detailed discussion and announcement of computer security vulnerabilities: what they are, how to exploit them, and how to fix them.
CERT/CC — CERT provides technical assistance and coordinates responses to security compromises, identifies trends in intruder activity, works with other security experts to identify solutions to security problems, and disseminates information to the broad community. Also be sure to check out their technical tips.
Computer Security Institute — CSI is the world’s leading membership organization specifically dedicated to serving and training the information, computer, and network security professional.
Computer Security Resource Center — The CSRC, maintained by the National Institute of Standards & Technology (NIST), contains information about a variety of computer security issues, products, and research of concern to federal agencies, the industry, and users.
Forum of Incident Response and Security Teams — FIRST brings together a variety of computer security incident response teams from government, commercial, and academic organizations. FIRST aims to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote sharing information among members and the community at large.
Incident Management | Department of Energy — The Incident Management Program combines multiple Departmental incident-related services into a joint capability that focuses on threat information sharing, critical infrastructure protection, active defense and incident preparedness. The Incident Management program reports incidents to United States Computer Emergency Readiness Team (US-CERT), fulfilling statutory requirements and ensuring a coordinated response to cyber attacks.
InfoSec Institute Resources — A welter of resources for information security students and professionals provided by the InfoSec Institute. The blog specializes in technical “deep-dives” regarding computer and network security.
National Security Agency’s (NSA) Security-Enhanced Linux — Security-enhanced Linux is a research prototype of the Linux kernel and a number of utilities with enhanced security functionality designed to demonstrate the value of mandatory access controls to the Linux community and how such controls could be added to Linux.
Port References — Ports distinguish one type of internet traffic from another (ftp versus http, etc.) In many cases an open port can be vulnerable to attack if the program listening to data on that port is insecure or out-of-date. Treachery Unlimited is a Port Lookup Utility.
RSA Security — RSA Security Inc. helps organizations build secure, trusted foundations for e-business through its two-factor authentication, encryption, and public key management systems.
SecurityFocus — SecurityFocus.com is the leading provider of security information services for business. It is designed to facilitate discussion on security related topics, create security awareness, and to provide the Internet’s largest and most comprehensive database of security knowledge and resources freely available to the public.
Symantec AntiVirus for Windows or or Macs. These programs are availabe at no cost to UNC-CH affiliates with an Onyen. They help protect you while you’re surfing the Web or getting information from local or networked resources. Symantec also automatically scans email attachments.
SpyBot– This program will thoroughly check your system for spyware and security exploits and will remove them. There is also an option to immunize your system against future exploits.
Ad-Aware– Should be used in conjunction with Spybot. It is important to run both programs because they will detect different spyware and adware.
SpywareBlaster — This tool will prevent spyware from getting onto your machine and will allow you to “revert” your computer back to a clean state if you do get spyware.
Password Managers These programs allow individuals to efficiently manage the increasing number of logins and passwords that many people now have to keep track of (think Onyen, gmail, PayPal, Twitter, Facebook, LinkedIn, eBay, etc.)
Roboform (Roboform is a commercial product, but has a free trial version.)
Encryption Software Since Windows 2000, Windows operating systems have been able to encrypt files (EFS); as of Windows 7, they can also encrypt drives (BitLocker). Macintosh OS X, as of version 10.4, has a utility that allows users to encrypt the user’s home folder (FileVault). Additional options for encryption software include
Secure CRT — SecureCRT combines the reliability, usability, and configurability of a proven Windows terminal emulator with the secure login and data transfer capabilities of Secure Shell (SSH) and should be used in place of telnet for remote login.