New resources | Add a resource | Top rated resources
|
Adaptive Security Analyzer Pro
"Adaptive Security Analyzer Pro is a security and threat intelligence application that allows the expertise and methods of the security specialist to be modeled so that security data can be rapidly and effectively transformed into actionable intelligence. ... ASE continuously monitors high volume, heterogeneous security-related data; freely interprets & associates event attributes to organically cluster system activity; recognizes and quantifies the extent of abnormal events; advises security personnel of the factors that contributed most to the abnormal events' classifications." |
Hits: 1001 |
|
chkrootkit
Tool for detecting the presence of rootkits on Unix systems. |
Hits: 166 |
|
Deception ToolKit
"DTK simply listens for inputs and provides responses that seem normal (i.e., full of bugs). In the process, it logs what is being done, provides sensible (if not quite perfect) answers, and lulls the attacker into a false sense of (your) insecurity." |
Hits: 494 |
|
eSCAN
"eSCAN evaluates your network from a remote location and regularly provides you with detailed network security audit reports that map your entire network security infrastructure. eSCAN will show you vulnerabilities in your network that traditional intrusion detection systems cannot detect. Proactively secure your network against viruses and hackers before they can affect your business." For Windows NT and Windows 2000. |
Hits: 1179 |
|
eTrust Intrusion Detection
Intrusion detection software that runs on Windows servers. To download, click on "Downloads & Trials" in the Information Center menu. Computer Associates. |
Hits: 1513 |
|
F.I.R.E.
"FIRE is a portable bootable cdrom based distribution with the goal of providing an immediate environment to perform forensic analysis, incident response, data recovery, virus scanning and vulnerability assessment. Also provides necessary tools for live forensics/analysis on win32, sparc solaris and x86 linux hosts just by mounting the cdrom and using trusted static binaries available in /statbins." |
Hits: 490 |
|
Foremost
"Foremost is a console program to recover files based on their headers and footers. Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive. The headers and footers are specified by a configuration file, so you can pick and choose which headers you want to look for. Developed by the United States Air Force Office of Special Investigations, foremost has been opened to the general public." |
Hits: 103 |
|
GFI LANguard System Integrity Monitor
"A utility that provides intrusion detection by checking whether files have been changed, added or deleted on a Windows 2000 system. If this happens, it alerts the administrator by email." Free. |
Hits: 860 |
|
Honeywall CD-ROM
"This is a bootable CDROM that contains all the tools and functionality needed to operate a honeywall, including data control, data capture and automated alerting. The CDROM is based on William Salusky's FIRE and is designed to act as an appliance: only those tools necessary to run the Honeywall are included on the CRDOM. The CDROM has a menu interface for faster installation, configuration, and maintenance; it also has advanced features that allow users to create customized .iso images." |
Hits: 172 |
|
Impost
"Impost is a network security auditing tool designed to analyze the forensics behind compromised and/or vulnerable daemons. There's two different kinds of operating modes used by Impost; It can either act as a honey pot and take orders from a Perl script controlling how it responds and communicates with connecting clients; or it can operate as a packet sniffer and monitor incoming data to specified destination port supplied by the command-line arguments." |
Hits: 91 |
|
IPSentry
Designed to monitor hundreds of servers and devices on an IP network. Can run as a desktop application or NT service. IPsentry. |
Hits: 1060 |
|
Linux-Sec.net: Intrusion Detection Systems
Tips and software for Linux systems. |
Hits: 263 |
|
NBS
"Never Before Seen Anomaly detection driver. This utility creates a fast database of things that have been seen, and includes tools to print and update the database." |
Hits: 60 |
|
Osiris
"Osiris is a Host Integrity Monitoring System that periodically monitors one or more hosts for change. It maintains detailed logs of changes to the file system, user and group lists, resident kernel modules, and more. Osiris can be configured to email these logs to the administrator. Hosts are periodically scanned and, if desired, the records can be maintained for forensic purposes. Osiris keeps an administrator apprised of possible attacks and/or nasty little trojans. The purpose here is to isolate changes that indicate a break-in or a compromised system. Osiris makes use of OpenSSL for encryption and authentication in all components." |
Hits: 500 |
|
PacketAlarm - First Class Intrusion Detection System
Realtime IDS based on Snort. Download evaluation. |
Hits: 901 |
|
Prelude Hybrid IDS
"Prelude is a Hybrid IDS. This mean there are differents Sensors with different capabilities (network sensor, host based sensor, etc). These sensors send events to a central Manager which process them and is responsible for event reporting. There is also a correlation agent working together with the Manager." |
Hits: 299 |
|
PyFlag
"FLAG was designed to simplify the process of log file analysis and forensic investigations. Often, when investigating a large case, a great deal of data needs to be analysed and correlated. Flag uses a database as a backend to assist in managing the large volumes of data. This allows flag to remain responsive and expedite data manipulation operations." |
Hits: 48 |
|
Rootkit Hunter
Shell script to detect rootkits and related programs on a Unix server. |
Hits: 66 |
|
RootkitRevealer
"RootkitRevealer is an advanced root kit detection utility. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit." Freeware from SysInternals. |
|
|
Securepoint Intrusion Detection
Scans incoming packets for possible intrusion attempts, trojans and viruses. Comes with a filter/rules system. Free. |
|
|
SNARE
"Enhancing the security of the Linux operating system by providing a comprehensive event logging facility." From Intersect Alliance. |
Hits: 225 |
|
Snort
A lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Platform(s): Unix, Linux, AIX, MacOS, Windows 95, Windows 98, Windows NT, Windows 2000. |
Hits: 1639 |
|
tcptrack
"tcptrack is a sniffer which displays information about TCP connections it sees on a network interface. It passively watches for connections on the network interface, keeps track of their state and displays a list of connections in a manner similar to the unix 'top' command. It displays source and destination addresses and ports, connection state, idle time, and bandwidth usage." |
Hits: 88 |
|
ThreatSentry
"ThreatSentry is an advanced neural application that uses a complex automated learning process, a knowledge-base of documented exploits, and an analysis model specifically designed for Microsoft Internet Information Services (IIS), to continuously collect, analyze and organize server events into an evolving baseline of acceptable activity. Each server connection is compared against the baseline to identify and take action against any activity falling outside of acceptable parameters. ThreatSentry is configurable to prevent suspicious connections, block untrusted IPs, generate error code responses, or stop web services entirely. ThreatSentry also generates Security Alerts that can be displayed centrally or locally on screen or sent via pager or cellular phone. Intuitive management interfaces enable administrators to easily adjust event classifications to achieve progressively enhanced system accuracy." |
Hits: 309 |
|
Tiny Honeypot
"Tiny Honeypot (thp) is a simple honey pot program based on iptables redirects and an xinetd listener. It listens on every TCP port not currently in use, logging all activity and providing some feedback to the attacker. The responders are entirely written in Perl, and provide just enough interaction to fool most automated attack tools, as well as quite a few humans, at least for a little while. With appropriate limits (default), thp can reside on production hosts with negligible impact on performance." |
Hits: 242 |
|
Tripwire
"Tripwire is a tool that checks to see what has changed on your system. The program monitors key attributes of files that should not change, including binary signature, size, expected change of size, etc." Open source for Linux (commercial versions available for Solaris, HP-UX, AIX and Windows NT). |
Hits: 333 |
|
TriSentry suite
Free toolkit that includes a port scan detector, a log monitor and a tool to detect anomalous login attempts. For Unix systems from Psionic. |
Hits: 458 |
Page updated on: Tue Sep 25 2007 - 17:10:19
|
Does Verizon's Voyager stack up to the iPhone? |
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
