Network and Computer Security

I’ve already featured some tools here like Nmap, OSSEC and Honeytrap, but I’m not talking about security tools nearly enough.

So this time let me introduce you to OSSIM. OSSIM stands for Open Source Security Information Management and aims to unify network monitoring, security, correlation, and qualification in one single tool. It combines Snort, Acid, MRTG, NTOP, OpenNMS, nmap, nessus and rrdtool to provide the user with full control over every aspect of networking or security. It has always been long and painfull to install and maintain many security tools at once and OSSIM allows to benefit from the best security tools in an easy and integrated way.
OSSIM has been under heavy development for a few years now and the last release (0.9.9rc2) is much easier to install than the previous versions.

If you’re in doubt you can get a feel at how it looks by looking at those OSSIM screenshots.

Links:

• OSSIM homepage
• Download OSSIM

It’s always great to have new tools to protect our assets from attackers and when those tools are free it’s even better (honeytrap is licenced under the GNU GPL licence).

Honeytrap is still a very new tool but it already provides neat services to its users by allowing to collects information regarding known or unknown network-based attacks and therefore provide early-warning information to the network/security administrator.

Honeytrap usage shouldn’t be a problem as the program is well documented. This software should also run on any “standand Unixish” operating system.

Just click here to download honeytrap!

There aren’t enough good open source security related software so new ones are always welcome.

On the heels of Snort and Prelude, we know have OSSEC.

Here are the version 0.8 release notes:

OSSEC HIDS is an Open Source Host-based Intrusion
Detection System. It performs log analysis, integrity
checking, rootkit detection, time-based alerting and
active response.
It runs on most operating systems, including Linux,
OpenBSD, FreeBSD, Solaris and Windows.

This is the first version offering native support for
Windows (XP/2000/2003). It includes as well a new set
of log analysis rules for sendmail, web logs (Apache
and IIS), IDSs and Windows authentication events.

The correlation rules for squid, mail logs, firewall
events and authentication systems have been improved,
now detecting scans, worms and internal attacks.
The active-responses were also refined, with support
to IPFW (FreeBSD) added.

See here for the OSSEC homepage.

NMap, the invaluable tool for smart port scanning and network mapping got a new version released yesterday. NMap 4.03 is mostly a bugfix release of 4.01, but there are a few new features and improvments (now works better in chroot environments, improved error logging, etc…)

See the Release Notes from Fyodor for the full details and download location.

In december, Nessus 3.0.0 has been released bringing major evolutions compared to the Nessus 2 branch. It’s hard to memtion all the changes, but basically Nessus 3 is a fully rewrite of Nessus 2 and as a result performances got a huge boost. However during those major changes some new problems creep in. Nessus 3.0.1 fixed most of them and the newly released Nessus 3.0.2.

• Why upgrade to Nessus 3 ?
• Nessus FAQ
• Download Nessus 3.0.2!