Building Internet Firewalls

Building Internet FirewallsSearch this book
Previous: B.1 Authentication ToolsAppendix B
Tools
Next: B.3 Packet Filtering Tools
 

B.2 Analysis Tools

The tools in this category let you audit your system. Some perform audits and check for well-known security holes; others establish databases of checksums of all of the files in a system (to allow you to watch for changes to those files); some do both.

B.2.1 COPS

ftp://coast.cs.purdue.edu/pub/tools/unix/cops

COPS, by Dan Farmer, is the Computer Oracle and Password System, a system that checks UNIX systems for common security problems (such as unsafe permissions on key files and directories).

B.2.2 Tiger

ftp://net.tamu.edu/pub/security/TAMU/
ftp://coast.cs.purdue.edu/pub/tools/unix/tiger

Tiger, by Doug Schales of Texas A&M University (TAMU), is a set of scripts that scan a UNIX system looking for security problems, in the same fashion as Dan Farmer's COPS. Tiger was originally developed to provide a check of UNIX systems on the A&M campus that users wanted to be accessible from off campus. Before the packet filtering in the firewall would be modified to allow off-campus access to the system, the system had to pass the Tiger checks.

B.2.3 Tripwire

ftp://coast.cs.purdue.edu/pub/COAST/Tripwire

Tripwire, by Gene H. Kim and Gene Spafford of the COAST project at Purdue University, is a file integrity checker: a utility that compares a designated set of files and directories against information stored in a previously generated database. Added or deleted files are flagged and reported, as are any files that have changed from their previously recorded state in the database. Run Tripwire against system files on a regular basis. If you do, the program will spot any file changes when it next runs, giving system administrators information to enact damage control measures immediately.

B.2.4 SATAN

ftp://ftp.win.tue.nl/pub/security/satan.tar.Z

SATAN, by Wietse Venema and Dan Farmer, is the Security Administrator Tool for Analyzing Networks. (If you don't like the name, it comes with a script named repent that changes all references from SATAN to SANTA: Security Administrator Network Tool for Analysis.) Despite the authors' strong credentials in the network security community (Wietse is from Eindhoven University in the Netherlands and is the author of the TCP Wrapper package and several other network security tools; Dan is the author of COPS), SATAN is a somewhat controversial tool. Why? Because, unlike COPS, Tiger, and other tools that work from within a system, SATAN probes the system from the outside, just as an attacker would. The unfortunate consequence of this is that someone (such as an attacker) can run SATAN against any system, not just those he already has access to. According to the authors:

SATAN was written because we realized that computer systems are becoming more and more dependent on the network, and at the same becoming more and more vulnerable to attack via that same network.

SATAN is a tool to help systems administrators. It recognizes several common networking-related security problems, and reports the problems without actually exploiting them.

For each type or problem found, SATAN offers a tutorial that explains the problem and what its impact could be. The tutorial also explains what can be done about the problem: correct an error in a configuration file, install a bugfix from the vendor, use other means to restrict access, or simply disable service.

SATAN collects information that is available to everyone on with access to the network. With a properly-configured firewall in place, that should be near-zero information for outsiders.

B.2.5 ISS

ftp://coast.cs.purdue.edu/pub/tools/unix/iss.shar.Z

ISS, by Christopher William Klaus, is the Internet Security Scanner. When ISS is run from another system and directed at your system, it probes your system for software bugs and configuration errors commonly exploited by crackers. Like SATAN, it is a controversial tool; less so, however, in that it is older and less capable than SATAN, and it was written by someone who (at the time it was released) was relatively unknown in the network-security community. (Much of the controversy about SATAN concerns whether or not the authors "sold out," as opposed to any technical or philosophical point.)


Previous: B.1 Authentication ToolsBuilding Internet FirewallsNext: B.3 Packet Filtering Tools
B.1 Authentication ToolsBook IndexB.3 Packet Filtering Tools