Sunday, March 03, 2002
Security Tools. As promised in my last entry I am sharing sources of free security tools that will aid in security assurance initiatives:
A complete list of UNIX host and network security tools is provided by NIST. Another list, with overlap, is published by Mitre. This list covers the wider scope of Security Information Resources, that includes tools and documents.
- Egressor, which is designed to check the configuration of their Internet point-of-presence router. The tool will help companies determine whether their routers are configured to the Help Defeat Denial of Service Attacks guidelines. This configuration of egress filtering reduces the chance that their computers can unwittingly contribute to a distributed denial of service attack.
- Spitfire, developed as a prototype operator workstation for Network Intrusion Detection System Operators.
NIST also provides free Common Criteria tools that include the Common Criteria Toolbox and Common Criteria Profiling Knowledge Base.
End Note. Realtime Forensics and Tracking is a PowerPoint presentation on forensics that covers this aspect of security in detail. The more generic PowerPoint presentation titled Security Management Practices is useful as a memory jogger and as a training resource.