Bastille : Security hardening script for Linux, Mac OS X, and HP-UX
The Bastille Hardening program “locks down” an operating system, proactively configuring the system for increased security and decreasing its susceptibility to compromise. Bastille can also assess a system’s current state of hardening, granularly reporting on each of the security settings with which it works. Bastille currently supports the Red Hat (Fedora Core, Enterprise, and Numbered/Classic), SUSE, Debian, Gentoo, and Mandrake distributions, along with HP-UX and Mac OS X. Bastille’s focuses on letting the system’s user/administrator choose exactly how to harden the operating system. In its default hardening mode, it interactively asks the user questions, explains the topics of those questions, and builds a policy based on the user’s answers. It then applies the policy to the system. In its assessment mode, it builds a report intended to teach the user about available security settings as well as inform the user as to which settings have been tightened.
Helix : A Linux Distribution with Computer Forensics in Mind
Helix is a customized distribution of the Knoppix Live Linux CD. Helix is more than just a bootable live CD. You can still boot into a customized Linux environment that includes customized Linux kernels, excellent hardware detection and many applications dedicated to Incident Response and Forensics. Helix has been designed very carefully to NOT touch the host computer in any way and it is forensically sound. Helix will not auto mount swap space, or auto mount any attached devices. Helix also has a special Windows autorun side for Incident Response and Forensics.
OllyDbg : An assembly level Windows debugger
OllyDbg is a 32-bit assembler level analyzing debugger for Microsoft Windows. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable. OllyDbg features an intuitive user interface, advanced code analysis capable of recognizing procedures, loops, API calls, switches, tables, constants and strings, an ability to attach to a running program, and good multi-thread support. OllyDbg is free to download and use but no source code is provided.
OpenVPN : A full-featured SSL VPN solution
OpenVPN is an open-source SSL VPN package which can accommodate a wide range of configurations, including remote access, site-to-site VPNs, WiFi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. OpenVPN implements OSI layer 2 or 3 secure network extension using the industry standard SSL/TLS protocol, supports flexible client authentication methods based on certificates, smart cards, and/or 2-factor authentication, and allows user or group-specific access control policies using firewall rules applied to the VPN virtual interface. OpenVPN uses OpenSSL as its primary cryptographic library.
SAINT : Security Administrator’s Integrated Network Tool
SAINT is another commercial vulnerability assessment tool (like Nessus, ISS Internet Scanner, or Retina). It runs on UNIX and used to be free and open source, but is now a commercial product.
Fping : A parallel ping scanning program
fping is a ping(1) like program which uses the Internet Control Message Protocol (ICMP) echo request to determine if a host is up. fping is different from ping in that you can specify any number of hosts on the command line, or specify a file containing the lists of hosts to ping. Instead of trying one host until it timeouts or replies, fping will send out a ping packet and move on to the next host in a round-robin fashion. If a host replies, it is noted and removed from the list of hosts to check. If a host does not respond within a certain time limit and/or retry limit it will be considered unreachable.
Tcptraceroute : A traceroute implementation using TCP packets
The problem is that with the widespread use of firewalls on the modern Internet, many of the packets that the conventional traceroute(8) sends out (ICMP echo or UDP) end up being filtered, making it impossible to completely trace the path to the destination. However, in many cases, these firewalls will permit inbound TCP packets to specific ports that hosts sitting behind the firewall are listening for connections on. By sending out TCP SYN packets instead of UDP or ICMP ECHO packets, tcptraceroute is able to bypass the most common firewall filters.
VMware : Multi-platform Virtualization Software
VMware virtualization software lets you run one operating system within another. This is quite useful for security researchers who commonly need to test code, exploits, etc on multiple platforms. It only runs on Windows and Linux as the host OS, but pretty much any x86 OS will run inside the virtualized environment. It is also useful for setting up sandboxes. You can browse from within a VMware window so the even if you are infected with malware, it cannot reach your host OS. And recovering the guest OS is as simple as loading a “snapshot” from prior to the infection. VMware player (executes, but can’t create OS images) and VMWare Server (partitions a physical server machine into multiple virtual machines) were recently released for free. Another interesting virtualization system (Linux focused) is Xen.