Tools for Clean Living

Bob's 1997 U of A Campus Computing Symposium talk, Security in a Hostile Environment is here.

Security Tools

OpenBSD Is an excellent starting point if you're looking to build a well secured server. Runs on lots of good things and pays attention to security problems. Comes with many of the tools you need to support and maintain a good secure server, including goodies for Kerberos and IPsec. The U of A hosts one of OpenBSD's official ftp mirror sites at ftp.openbsd.org.
tcp wrappers: Wrap your services for better logging and access control
SSLEay and SSL telnet: Implementation of SSL (encrypting sockets) and clients/servers that use it including telnet. Drop-in replacement for standard telnet that supports unencrypted as well. Try getting them from my Canadian Mirror
SSH is a nice command suite, a replacement for the "r" commands that offers strong encryption and port tunnelling, X redirection, the works. Windows and Mac clients available commercially.
identd: Ident server, gives the ability to identify the user associated with a connection.
logdaemon: Replacements for the standard network service daemons for most UNIX systems that provide better security and logging, along with access control.
swatch Log file watcher/filter. Can do things when particular patterns seen.
portmapper/rpcbind: Replacements for the standard RPC daemons of the same name. Stops a bad NFS bug, YP password file snarfing, and other things.
cracklib/ANLpasswd: replace passwd and friends with something that checks a password against cracklib before it's allowed to be used.
qmail offers a much more secure and robust alternative to traditional unix sendmail. It's a good thing to try for a mail server, although one of it's big pluses (It's Not Sendmail :) is also it's biggest weakness.

Firewalling Tools

Bob's Stuff:

This stuff can all be indexed from Obtuse Systems Corporation

Juniper, a software package to let you build a transparent proxying bastion host, and perform packet filtering.
Obtuse smtpd, Free smtp store and forward proxy, or sendmail wrapper.
Obtuse utils, Free utils for doing things in chrooted holes or "sandboxes".

Other People's Stuff

Socksis a proxy server. It uses "Socksified" client software to talk to it and pass traffic accross a gateway
TIS fwtk is a package of proxy servers and tcp-wrapper like software. It uses unmodified client software, with the user talking to the proxy software.
If you don't have a real router capable of doing packet filtering, Linux , OpenBSD, NetBSD, and FreeBSD can do this.
ip_fil is a reasonably nice packet filtering package for a wide variety of operating systems, including Solaris and friends (Original site is ftp.cyber.com.au)
gated is another popular choice for packet filtering on a wide variety of systems.

Auditing Tools

Satan: An easy to use, mildly intelligent security testing tool, tests well established, old, long-known holes. Doesn't exploit anything. Not what it was puported to be by the media and other feather merchents.
cops: A tool to analyse the security of your host. We run this weekly.
Crack: Test your password file for bad passwords. Nice, but ANLpasswd is a better solution to the problem.

Info and Where to Get things

Wietse Venema's excellent collection of tools and papers
www.alw.nih.gov has a good list of tools.

Hack and Slash

Various Hackings and Slashings. U of A CS students Take Note Fooling with this stuff on our systems are grounds for losing your account or worse. You've been warned. Play with this at home. Anything here is for educational purposes only. This is mostly very old meat. The stuff you can get from best-of-security@suburbia.net is much better.