Security on a ShoeString Budget

BotHunter is a passive network monitoring tool designed to recognize the communication patterns of malware-infected computers within your network perimeter.  Using an advanced infection-dialog-based event correlation engine (patent pending), BotHunter represents the most in-depth network-based malware infection diagnosis system available today.

Download Now
Your system should have a modern Intel Pentium-class or Motorola PowerPC processor, at least 1 GB RAM, and at least 1 Ethernet NIC/WIC (for network monitoring).

 Sensitive Data Finders

http://www.cit.cornell.edu/security/tools/

http://security.vt.edu/findssnccn.html

https://source.its.utexas.edu/groups/its-iso/projects/senf/

FreeNAC provides Virtual LAN assignment, LAN access control (for all kinds of network devices such as Servers, Workstations, Printers, IP-Phones ..), live network end-device discovery.

Both 802.1x and Cisco's VMPS port security modes are supported.

VLAN, switch port management and documentation of Patch cabling is also included.

FreeNAC is GPL OpenSource and thus entirely free (you may pay for support if you wish).

http://freenac.net/

Asset Discovery and Management/Monitoring

The power of Zenoss includes broad monitoring of resources throughout the infrastructure – physical and virtual. With automatic device discovery, a centralized CMDB, and a single UI screen to monitor everything in the infrastructure, Zenoss helps organizations collaborate better and break free from their silos and boxes.

Documentation

Browse documentation and find answers to your questions about using Zenoss.

Installation

Product Guides

 

 

Open BSD (www.openbsd.org)

operating systems built with security as its primary objective.

Linux (www.linux.com)

which has a history of high-quality, stable and secure code, making this OS a vital building block on which to build security infrastructure (most security appliance solutions are built upon it).

Snort (www.snort.org)

the open source IDS tool maintained by Sourcefire, among the most widely deployed IDS tools around.

OWASP (http://www.owasp.org)

Free application security tools - Webscarab, Webgoat, Paros

Kismet

wireless network detector, sniffer, and intrusion detection system

Wireshark (www.wireshark.org)

a high-quality open source protocol analyzer (network – VoIP)

OpenVPN / SSH / SSL (www.openssl.org)

a full-featured SSL VPN – SSH – SSL

Nessus (www.nessus.org)

free version for vulnerability scanning

Nmap (www.nmap.org)

Network exploration and security auditing

Microsoft Baseline Security Analyzer (MBSA) - free vulnerability scanner for Windows devices

http://technet.microsoft.com/en-us/security/cc184924.aspx

Windows Server Update Services (WSUS) - patch management for windows servers

Poor mans Network Access Control - Perl – Asset list by MAC address installed on network switches

Truecrypt Encryption (www.truecrypt.org)

Whole Disk and

Removeable Media

Tcpdump, PGP, GnuPG, etc.

Email

The average internet user receives more than 18 spam messages per day and spends nearly 3 minutes cleaning it up. It is estimated that spam costs businesses nearly $22 billion a year in lost productivity. To make the most of your time, and protect your computer from the various forms of malware often found in email attachments, you need an effective email protection system.

  1. Spamato [OS Independent | Java, JavaScript, Ruby, VB.net] – A complete, client-side spam filter capable of integrating into popular e-mail clients including Outlook and Thunderbird (or as a stand-alone proxy component). Uses multiple popular filtration algorithms including Bayesian and Razor and displays the amount of spam blocked graphically.
  2. Thunderbird [Linux, Windows, OS X | JavaScript, XML, C] – The Cadillac of open source mail programs. Includes extensive spam and phish filters, an anti-virus and encryption capabilities. Supports an extensive user base and add-ons from other developers in the community.
  3. Anti-Spam SMTP Proxy Server [Linux, Windows, OS Independent | Perl] – A complete server side e-mail filtering application equipped with Bayesian filtering spam blockers and anti-virus capabilities.
  4. phPOP3clean [OS Independent | PHP] – A POP3 e-mail account cleaner scans for malformed e-mails, worms, attached image spam, obfuscated and blacklisted words and source code, and blacklisted IPs and domains.
  5. Mailsaurus [OS Independent | AJAX] – Serves as a web-based e-mail client that encrypts all of your data so that nobody (not even the system administrator) can read your e-mail. Includes anti-virus and a spam filter.
  6. MailCleaner [Linux | C, Perl, PHP, Unix Shell] – An extremely customizable server-side e-mail filtering application with a very attractive administration interface. Comes equipped with multiple spam filtering solutions and ClamAV anti-virus.
  7. Tiger Envelopes [Linux, FreeBSD, Windows, OS X, OS Independent | Java] – A peer-to-peer, key mail encryption program that integrates into Outlook, Thunderbird, Mac Mail and KMail.
  8. GFI MailEssentials 11 Web Stat [Windows | ASP] – A browser-based spam filter that tracks the level of spam being blocked and displays the results graphically.

 

Antivirus

No computer is completely protected unless it is running an antivirus. Here are some of the leading open source antivirus solutions.

  1. Clam AntiVirus [Linux, FreeBSD, Windows] – Designed to scan e-mail gateways for viruses. Supports on access scanning for Linux and FreeBSD operating systems.
  2. Winpooch Watchdog [Windows | C] – Complete, enterprise level virus scanner with anti-spyware and anti-Trojan features. User controlled security levels monitor the system for abnormalities.
  3. FullControl [Windows | VB.net] –Software that monitors the activity of the programs running on your computer. When an application executes, FullControl intercepts it and verifies its integrity.
  4. Moon Secure Antivirus [Windows | C, C++, Delphi/Kylix] – Complete on access virus scanner. Includes a firewall.
  5. Softlabs AntiVirus [Linux] – Scans incoming mail for phishing scams, virus attachments and verifies the integrity of HTML embedded e-mails.

 

Web Utility

These apps allow you to securely browse the Internet and transfer files remotely without the fear of privacy invasion.

  1. Firefox [Linux, Windows, OS X | JavaScript, XML, C] – A fan favorite browser for its secure architecture and available add-ons. Uses SSL browsing by default.
  2. JAP [Linux, Windows, OS X, OS Independent | Java] – Surf the Internet anonymously via encrypted intermediaries.
  3. WinSCP [Windows | C++] – Transfer files securely between local and remote computers with this SFTP and SCP client. Also includes a text editor for editing remote documents.
  4. PuTTY [Linux, Windows] – Telnet and SSH client for running remote sessions. Main features include command line based SCP and SFTP clients. Frequently used to communicate between a Windows machine and a Unix machine.
  5. Cyberduck [OS X] – SFTP solution for MACs. Uses SSH to transfer files to remote computers and networks. Also integrates into OS X features including Bonjour, Keychain, iDisk and more.
  6. OpenSSH [FreeBSD] – SSH telnet and SFTP program designed to securely transmit data to remote computers.

 

Personal Firewall

The first line of defense on a PC is a firewall. Here are several highly effective solutions for protecting your computer.

  1. m0n0Wall [FreeBSD | PHP, XML] – Complete firewall and VPN package. Uses a Web-based interface for integration across a wide variety of operating systems.
  2. Firestarter [Linux] – Both a personal and server-side firewall with real time traffic monitors, on access scanning and an overall complete security package.
  3. SmoothWall [Linux | C, Perl] – Firewall, ids and VPN system for home users and networks. Uses a very attractive interface.
  4. AppArmor [Linux] – Complete firewall solution from Novell. Includes protection against zero-day attacks, monitors the system for abnormalities and restricts which system resources and applications users can access.
  5. Bastille-linux [Linux | Perl] – A suite used to improve the security of a Linux box by configuring daemons, system settings and implementing a firewall.
  6. Fail2Ban [Linux | Python] – Monitors log files (i.e. server connections) and searches for patterns. If a certain pattern emerges where an IP address is failure-prone, that IP is blacklisted.
  7. Firewall Builder [Linux, FreeBSD, OS X | C, C++] – Builds and manages policies and rule sets for your firewall.
  8. Hardened Linux [Linux] – A Linux distribution designed to improve security with features including a firewall and IDS system.
  9. ShellTer [Linux | Unix Shell] – Standard IP tables-based firewall. Includes built in SSH Brute force protection.

 

Network Firewall

Firewalls are vital components for filtering out the erroneous and malicious traffic attempting to enter your network.

  1. IPcop [Linux | C, Perl, Unix Shell] – Firewall based Linux distribution used primarily for securing and monitoring networks.
  2. FirewallPAPI [Windows | C++] – A firewall/filtering system for network traffic.
  3. WIPFW [Windows | C] – Monitors and filters packets entering the network router based upon a rule set.
  4. ISP-FW [Linux | C, PHP] – Server side firewall application with packet filtering and monitoring capabilities.
  5. Linux Embedded Appliance Firewall [Linux | C, Unix Shell] – Used as a firewall, router, Internet gateway and wireless access point.
  6. Vyatta [Linux | C, C++] – Commercial grade network firewall solution.
  7. eBox Platform [Linux | Perl] – A complete network management framework including NTP and DHCP servers, content filters and firewalls, proxy-cache and more.

 

Network Monitoring

Maintaining a secure network is perhaps the most critical internet technology task we face today. Nothing is worse than having sensitive data compromised or trying to get work done when the network is down. Fortunately we've compiled more than 20 apps to strengthen the security of your network and keep hackers out.

  1. Network Security Toolkit [Linux] - Comprehensive set of network security tools including traffic analysis, active monitoring, intrusion detection and more.
  2. Nessus [Linux, FreeBSD, Windows, OS X] – Industry-leading open-source network vulnerability scanner. Highly scalable and very thorough.
  3. The Multi Router Traffic Grapher [Linux, Windows] – Simple tool used to monitor SNMP network devices.
  4. Nagios [Linux, FreeBSD] – Comprehensive, Web-based tool equipped with virtually every imaginable feature for knowing exactly what's going on in your network.
  5. Open Source Security Information Management [Linux | C, Perl PHP, Python] – A complete network monitoring system including real-time graphs on bandwidth usage and user participation, policy restrictions, and implementations of various popular network tools including Nessus, Nagios and more.
  6. Network Mapper [Linux, FreeBSD, Windows, OS X] – Uses packets passing through the network to find out what hosts are available, what services they're offering, what operating system they're running and what type of packet filtration/firewall they're using.
  7. Wireshark [Linux, FreeBSD, Windows, OS X] – Powerful tool for capturing network protocol data for analysis. Contains more than 25 methods for reading packets, making it useful for a wide array of networks.
  8. Internet Secure Access Kit [Linux] – Complete network suite used to restrict and monitor access. Contains anti-virus and anti-spam software and detailed reports on each user accessing the network (including websites, dates and times, number of downloaded bytes, etc.)
  9. JbroFuzz [Linux, FreeBSD, Windows, OS X, OS Independent | Java] – Creates malformed data and sends it through the network to simulate exploits and find security holes. Some of the techniques include SQL injection, integer and buffer overflows and XSS checks.
  10. Packet Generator [Linux | Python] – Simulates sequences of packets traversing your network. Useful for optimizing routing schematics.
  11. Network Security Analysis Tool [Linux, FreeBSD | C++] – Tool used to scan networks for vulnerabilities.
  12. Yet Another Security Monitoring Interface [OS Independent | PHP] – Web-based application that prints out information on the data flow routers emit. Useful for detecting anomalies in the system.
  13. The Network Visualizer [OS Independent | Java] – Displays detailed graphic information on network activity. Traffic can be broken down to paths, ports, packets and time periods. Extremely useful for determining when there is an anomaly in the network.
  14. Network Simulator and Network Animator [Linux, FreeBSD, OS X | C++, Tcl] – Simulates traffic flowing through a network to help find bottlenecks and generate more effective routing.
  15. Ettercap [Linux, FreeBSD, OS X | C] – Monitors live LAN connections (via sniffing) for abnormalities and filters the bad traffic.
  16. Automated Incident Reporting [Linux | C, Perl] – Assembles information from IDS's and human-generated reports into a unique database for more thorough analysis. Useful for finding patterns and exploits in the network.
  17. True Real-time Observer of Network Statistics [Windows | C, C++] – Enables you to monitor your network remotely through the Internet.
  18. visualNets [Linux, Windows | VB.net] – Graphically plots network packets over time allowing administrators to identify trends and security exploits.
  19. vSentinel [Windows | C, C++] – Monitors the network in a real-time 3-D map.
  20. Honeytrap [Linux, FreeBSD | C] – Collects TCP information on a network and compares it to what an attack would look like in order to give you a warning prior to an attack.
  21. eXtensible Open Router Platform [FreeBSD | C++] – A secure implementation for the standard network router.
  22. Quagga [Linux, FreeBSD] – Secure routing software for Unix-based architecture.
  23. Network top [Linux, FreeBSD, OS X, Windows] – Sorts and analyzes network traffic based upon user specified criteria. Uses a Web browser-based interface.

 

Intrusion Detection System

No system is 100 percent secure unless it maintains some sort of intrusion detection system. Here are a few of the best open source IDS solutions.

  1. Snort [Linux, Windows, FreeBSD, OS X] – Top of the line intrusion detection system using real-time traffic analysis and packet logging on IP networks. Detects a wide variety of attacks including buffer overflows, OS fingerprinting, CGI scans and more.
  2. Basic Analysis and Security Engine [OS Independent | Perl, PHP, Unix Shell] – Performs analysis of the intrusions Snort detects on your network.
  3. HenWen [OS X | Objective C] – Simplifies the Snort installation process on MACs.
  4. Open Source Host-based Intrusion Detection System [Linux, Windows, FreeBSD, OS X] – A personal IDS solution for protecting your computer. Also contains malware detection and log analysis software.
  5. Panoptis [Linux | C++] – Network based IDS used primarily for detecting and blocking DoS and DDoS attacks.
  6. Surf IDS [OS Independent | Perl, PHP, Unix Shell] – Uses passive sensors across a distributed IDS to provide early attack warnings for administrators. Maintains a graphic database of all attacks attempted on the system.
  7. wIDSard [Linux | C] – Host based IDS system that monitors the integrity of system calls. If a particular sequence of system calls is initiated (i.e. malware) the process is terminated, logged, etc…
  8. Secwatch [Linux | C, PHP] – Uses log file analysis to determine if a system is under attack. Creates firewall rules to block offending IPs.

 

Virtual Private Network

Big brother is watching you, unless you're using a VPN. The following apps keep your Internet browsing experience secure.

  1. OpenVPN [Linux, FreeBSD, Windows, OS X | C] – A VPN suite allowing you to setup both clients and servers for remote access, WiFi security, ethernet bridging and various other SSL tunneling activities.
  2. SSL-Explorer [Linux, Windows, OS Independent | Java] – Web-based SSL VPN server. Allows users to tunnel through a standard browser. Integrates into the network as opposed to working on the client's side.
  3. strongSwan [Linux | C] – IPsec based VPN solution.
  4. Stunnel [Linux, FreeBSD, Windows] – Encrypts TCP connections inside SSL connections. Requires a SSL solution like OpenSSL to work.

 

Wireless

Having an insecure wifi network is one of the most common security hazards and entry points for malicious exploits today. These apps will get you started in securing your wifi network and keeping unwanted users out.

  1. Kismet [Linux, FreeBSD, OS X | Java] – Detects wireless networks by passively collecting and interpreting packets. Also doubles as a WiFi intrusion detection system.
  2. RogueScanner [Linux, Windows | C++, Ruby] – Scans wireless networks for vulnerabilities and rogue access points based upon a set of rules kept in a central server.
  3. Airview [Windows | Delphi/Kylix] – Captures wireless network packets via Packet Sniffer SDK technology and displays the results visually helping you monitor your wireless network.
  4. Wireless Access Point utilities for Unix [Linux, FreeBSD, OS X | C] – A set of utilities and programs used to configure and monitor wireless access points.
  5. WEP Key Changer [Linux, Windows | C, Python] – Enables greater WEP protection by randomly changing the WEP key after a specified amount of time. Note: Despite this product's solid features, we still recommend you only use WEP if WPA protection is unavailable.
  6. WepLab [Linux | C] – Cracks your network's WEP key proving how unsafe and ineffective WEP protection is. Useful if you're wondering why you should switch to WPA.
  7. NoMice [Linux | PHP] – Acts as a layer between wireless access points and WiFi users by regulating Internet access based upon a user's level of authorization.
  8. WiFiDog [Linux | C, PHP] – Serves as a firewall by regulating what traffic is allowed to pass through a WiFi hotspot. Also regulates which users are allowed access to the wireless network and Internet.
  9. Wififingerprint [Windows | C++] – Gains information about the users on your WiFi network including operating system, shared files and open TCP/UDP ports.

 

Encryption

From archiving your passwords to using military grade encrypted messages, these apps have you covered.

  1. GNU Privacy Guard [Linux, FreeBSD, Windows, OS X] – A command line based encryption tool using multiple encryption algorithms including OpenPGP, AES, SHA-1 and more.
  2. FreeOTFE [Windows | Delphi, C] – A powerful encryption tool containing various 256 bit encryption algorithms used to create secure virtual drives on your PC.
  3. Cryptonit [Linux, FreeBSD, Windows, OS X | C++] – Uses multiple encryption techniques for securing files and address books. Employs a unique verification system requiring a user's signature.
  4. AxCrypt [Windows | C++] – An encryption suite using AES-128 file encryption and compression. Integrates into Windows explorer right-click menus for easy use.
  5. Magikfs [Linux | C] – Uses a steganographic filesystem to protect sensitive files. Keeps the encrypted files hidden rather than open to the public.
  6. Cryptology [Windows | C++] – A simple tool using AES-256 encryption to securely access files. Integrates into Windows Explorer right-click menus.
  7. CiphSafe [OS X | Objective C] – Uses 320 bit Blowfish encryption to secure usernames and passwords for popular Internet websites. Acts as a secure logging system to protect sensitive data.
  8. Checkpoint Commander [Linux, Windows, OS Independent | Java] – A tool for encrypting and archiving files. Also includes comprehensive disk erasing software.
  9. Keep It Secret! Keep It Safe! [Linux, Windows, OS Independent | Java] – Stores all of your important username and passwords in a file secured by OpenPGP encryption. Includes a password generator and secure file for tracking the history of your password changes.
  10. Magic Cube Cryptography [Linux | C] – A new algorithm for encrypting data on a Linux system. Recommended for developers wishing to try their hand at encryption.
  11. Cameloid [Linux | C] – Encrypts peer-to-peer voice and video connections using secret keys. Works for both TCP and UDP connections.
  12. XML-Security Plug-In [Linux, Windows, OS Independent | Java] – A tool for developing and verifying digital signatures based upon W3C recommendations.

 

Miscellaneous

Although these apps didn't fit into any of the above categories, they are essential tools for security analysis and useful for maintaining a secure system.

  1. Advisory Check [Linux, FreeBSD, OS X | Perl] – Monitors the security of the software installed on your machine by reading popular RSS and XML security advisory feeds, and alerts you when your computer is at risk.
  2. Tripwire [Linux | C++] – Alerts the user when specific changes are made to files on the system. Useful for monitoring sensitive system files.
  3. Babel [Linux | C, Perl, PHP, Unix Shell] – A tool designed to strengthen the security of a Linux machine by reporting the various flaws in security to the user. Monitors all system changes and helps you to design a secure environment.
  4. Pro Shield [Linux | Unix Shell] – Scans your system for vulnerabilities and recommends changes and upgrades.
  5. Security Officers Management and Analysis Project [Linux, FreeBSD, Windows, OS X | Java, PHP, TCL] – A multitude of tools for assessing the security and inventory of a network.
  6. Rootkit Hunter [Linux | Perl, Unix Shell] – Scans your system for rootkits and other forms of malware.
  7. Gargoyle [Windows] – Security software to clean up your temporary and no longer in use files.
  8. Install Fix [Windows] – Deletes tracking cookies and clears the cache of unused files.
  9. Patch Integration Engine [Linux | C] – Very interesting implementation for preventing security exploits. Intercepts data being passed to vulnerable functions and verifies that it is not malicious.
  10. RTL-Check [Linux, Windows | Python] – Analyzes source code from a safety and security perspective. Specializes in static analysis and memory flaws.
  11. Security & Privacy Complete [Windows | C++] – Disables security risk features, hardens registry settings and includes several privacy options for securing Internet Explorer and Firefox.
  12. xpy [Windows] – Contains multiple configuration tweaks for maximizing the security of your PC.
  13. UltraVNC [Windows | C, C++, Java] – Remote PC control software that is useful for performing diagnostics on clients' machines and accessing other PCs externally.
  14. Paranoid Android [OS X | C, C++, Objective C] – Security application that requires conformation from the user before an app can run.

Configuration Management

Own description: "CollabNet, Facilitating Collaborative Software Development"

Own description: "Home of the Git Version Control System and Friends"

Own description: "Mercurial - Mercurial"

Own description: "monotone: distributed version control"

Own description: "Aegis 4.24"

Own description: "Welcome - Bazaar Version Control"

Own description: "darcs is an advanced revision control system."

Own description: "HomePage - SVK Wiki"

Own description: "GNU Arch, etc."

Own description: "OpenCM Web Site"

Own description: "RCS - GNU Project - Free Software Foundation (FSF)"

Own description: "Superversion: Version control for gourmets"

Own description: "Vesta Configuration Management System"

Own description: "JEDI Version Control System"

Own description: "SourceJammer"

Own description: "Main Page - Ximbiot - CVS Wiki"

 

ISO17799, OCTAVE, CISSP, CISM, Sarbanes Oxley, SOX, CobiT, 27001, ISMS, ISO-27001, ISO 27001, ISO27001, 27005, 27002, GRC, prevention, 17799, proactive, FISMA, defense in depth, arabic, jihadi, cyber jihad, cyber terrorism, holistic security, 201 CMR 17, governance, risk, compliance, Jeff Bardin, Wireless Security, CMM, ITIL, ITSM, Sarbanes Oxley, security awareness, risk, threat, threat matrix, security metrics, ISO1779 training, 21 CFR 11, NSA IAM, BITS, risk management, security in the sdlc, secsdlc, security program, security strategy, business impact analysis, Treadstone 71, bourne, CISM, penetration testing, risk, GRC, detective controls, preventative controls, HIPAA, GLBA, Graham-Leach-Bliley, SAS 70, intrusion detection, interim CISO, interim CIRO, CIRO, CISO, chief security, FFIEC, financial services, trust, continuity, risk assessment, maturity, vulnerability scans, data classification, assessments, disaster recovery, homeland security, security metrics, rosi, roi, training, security posture, threat vulnerability pairs, vulnerability management, security services, information security, risk management, business risk, controls, holistic security, defense in depth, Governance, Risk and Compliance, information risk management