Seven Free Security Tools for Linux - PCWorld Business Center. One of the big advantages of using Linux is that its security tends to be so much better than that of the competing alternatives.
That's due in large part to the way Linux assigns permissions, but it's also certainly true that the open source operating system is targeted by malware writers far less frequently than Windows is, in particular, simply because it's less widely used and so much more diverse. The fact remains, however, that no operating system is perfectly secure. For business users, in particular, a little extra security assurance is always a good idea, at the very least for your own peace of mind. Here, then, are a few of the best free tools you can use to help keep your Linux systems secure. 1. My favorite antivirus software for Linux is Sourcefire's ClamAV, a free, open source package designed to detect Trojans, viruses, malware and other malicious threats. 2.
Clam AntiVirus. John the Ripper password cracker. Wireshark · Go deep. Tenable Network Security. Nmap - Free Security Scanner For Network Exploration & Security Audits. Locally checks for signs of a rootkit. Home Page. Talisker Computer Network Defence Operational Picture.
Glasnost: Test if your ISP is shaping your traffic. The goal of the Glasnost project is to make ISPs' traffic shaping policies transparent to their customers.
To this end, we designed Glasnost tests that enable you to check whether traffic from your applications is being rate-limited (i.e., throttled) or blocked. Glasnost tests work by measuring and comparing the performance of different application flows between your host and our measurement servers. Ip Tools, DNS tools, internet tools, WHOIS, traceroute, ping, domain name tools. SQL Injection Walkthrough.
1.0 Introduction When a machine has only port 80 opened, your most trusted vulnerability scanner cannot return anything useful, and you know that the admin always patch his server, we have to turn to web hacking.
SQL injection is one of type of web hacking that require nothing but port 80 and it might just work even if the admin is patch-happy. It attacks on the web application (like ASP, JSP, PHP, CGI, etc) itself rather than on the web server or services running in the OS. This article does not introduce anything new, SQL injection has been widely written and used in the wild. We wrote the article because we would like to document some of our pen-test using SQL injection and hope that it may be of some use to others. You may find a trick or two but please check out the "9.0 Where can I get more info? " SQL Injection Attacks by Example.
A customer asked that we check out his intranet site, which was used by the company's employees and customers.
This was part of a larger security review, and though we'd not actually used SQL injection to penetrate a network before, we were pretty familiar with the general concepts. We were completely successful in this engagement, and wanted to recount the steps taken as an illustration. "SQL Injection" is subset of the an unverified/unsanitized user input vulnerability ("buffer overflows" are a different subset), and the idea is to convince the application to run SQL code that was not intended.
I could encrypt it or alternately I could have fun. I'm starting here by splitting the network into two parts, the trusted half and the untrusted half. The trusted half has one netblock, the untrusted a different netblock. We use the DHCP server to identify mac addresses to give out the relevant addresses. /etc/dhcpd.conf. Is Hiding Your Wireless SSID Really More Secure? Top 100 Network Security Tools.
Three locks for your SSH door. Introduction If you require remote access to your computer and you enable Secure Shell (SSH) connections, you must accept that you will automatically attract hackers who will try to break your defenses and take command of your machine.
Although there's no guarantee that your machine won't be "0wn3d" by a "h4x0r," a few simple solutions can help reinforce your SSH door and make life a bit more difficult for anybody trying to break in. This article considers three such techniques: Changing SSH's standard port to an unusual value and reinforcing SSH configuration so that simple-minded attacks just bounce back. Zenmap - Official cross-platform Nmap Security Scanner GUI. Zenmap is the official Nmap Security Scanner GUI.
It is a multi-platform (Linux, Windows, Mac OS X, BSD, etc.) free and open source application which aims to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users. Frequently used scans can be saved as profiles to make them easy to run repeatedly. A command creator allows interactive creation of Nmap command lines. Scan results can be saved and viewed later. Saved scan results can be compared with one another to see how they differ. You can download Zenmap (often packaged with Nmap itself) from the Nmap download page. Here are some Zenmap action shots (click for full res): Kismet. BackTrack 4 R2 download available.