Seven Free Security Tools for Linux - PCWorld Business Center One of the big advantages of using Linux is that its security tends to be so much better than that of the competing alternatives.
ClamAV is an open source (GPL) antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats. It is the de facto standard for mail gateway scanning. It provides a high performance mutli-threaded scanning daemon, command line utilities for on demand file scanning, and an intelligent tool for automatic signature updates. The core ClamAV library provides numerous file format detection mechanisms, file unpacking support, archive support, and multiple signature languages for detecting threats.
John the Ripper is free and Open Source software, distributed primarily in source code form. If you would rather use a commercial product tailored for your specific operating system, please consider John the Ripper Pro, which is distributed primarily in the form of "native" packages for the target operating systems and in general is meant to be easier to install and use while delivering optimal performance. This version integrates lots of contributed patches adding GPU support (CUDA and OpenCL), support for a hundred of additional hash and cipher types (including popular ones such as NTLM, raw MD5, etc., and even things such as encrypted OpenSSH private keys, ZIP and RAR archives, PDF files, etc.), as well as some optimizations and features.
chkrootkit -- locally checks for signs of a rootkit
The goal of the Glasnost project is to make ISPs' traffic shaping policies transparent to their customers. To this end, we designed Glasnost tests that enable you to check whether traffic from your applications is being rate-limited (i.e., throttled) or blocked. Glasnost tests work by measuring and comparing the performance of different application flows between your host and our measurement servers. The tests can detect traffic shaping in both upstream and downstream directions separately. The tests can also detect whether application flows are shaped based on their port numbers or their packets' payload. For more details on how Glasnost tests work, please read our NSDI 2010 paper. Glasnost: Test if your ISP is shaping your traffic
SQL Injection Walkthrough 1.0 Introduction When a machine has only port 80 opened, your most trusted vulnerability scanner cannot return anything useful, and you know that the admin always patch his server, we have to turn to web hacking. SQL injection is one of type of web hacking that require nothing but port 80 and it might just work even if the admin is patch-happy. It attacks on the web application (like ASP, JSP, PHP, CGI, etc) itself rather than on the web server or services running in the OS. This article does not introduce anything new, SQL injection has been widely written and used in the wild. We wrote the article because we would like to document some of our pen-test using SQL injection and hope that it may be of some use to others.
A customer asked that we check out his intranet site, which was used by the company's employees and customers. This was part of a larger security review, and though we'd not actually used SQL injection to penetrate a network before, we were pretty familiar with the general concepts. We were completely successful in this engagement, and wanted to recount the steps taken as an illustration. "SQL Injection" is subset of the an unverified/unsanitized user input vulnerability ("buffer overflows" are a different subset), and the idea is to convince the application to run SQL code that was not intended. If the application is creating SQL strings naively on the fly and then running them, it's straightforward to create some real surprises.
My neighbours are stealing my wireless internet access. I could encrypt it or alternately I could have fun. I'm starting here by splitting the network into two parts, the trusted half and the untrusted half. The trusted half has one netblock, the untrusted a different netblock.
Is Hiding Your Wireless SSID Really More Secure? SExpand Seems like every guide to securing your wireless network tells you to keep your SSID from broadcasting to make your network more secure, but is that really worthwhile? Let's take a look at one of the silliest myths out there. This myth has been around for a very long time, and we aren't expecting everybody to receive this news with happy agreement. You're welcome to state your case in the comments for why hidden wireless networks are a great idea, but we think if you keep reading, you'll realize that it's just not a security feature. Wireless SSIDs Were Never Designed to Be Hidden
Three locks for your SSH door Introduction If you require remote access to your computer and you enable Secure Shell (SSH) connections, you must accept that you will automatically attract hackers who will try to break your defenses and take command of your machine. Although there's no guarantee that your machine won't be "0wn3d" by a "h4x0r," a few simple solutions can help reinforce your SSH door and make life a bit more difficult for anybody trying to break in.
Zenmap is the official Nmap Security Scanner GUI. It is a multi-platform (Linux, Windows, Mac OS X, BSD, etc.) free and open source application which aims to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users. Frequently used scans can be saved as profiles to make them easy to run repeatedly. A command creator allows interactive creation of Nmap command lines. Zenmap - Official cross-platform Nmap Security Scanner GUI
Yes, the time has come again – for a new kernel, and a new release of BackTrack. Codenamed “Nemesis”. This release is our finest release as of yet with faster Desktop responsiveness, better hardware support, broader wireless card support, streamlined work environment. We could go on for pages on saying how great the new version is, but we’ll cut to the chase, and give you the run down: BackTrack 4 R2 download available