| Author |
Forensic and/or security toolkits
|
|
| meijin 2003-04-21, 6:45 pm |
| I have been doing some looking at a variety of different forensic and security toolkits. I was wondering what comments those of you that have more experience in the field have with such things?
I have a home lab (Win2K, WinXP, Linux and wireless) and was wondering about setting up a variety of different things on it. The above mentioned items as well as some work with VPN and RADIUS to mention just a couple. What tools would you recommend trying to get your hands on and having in your toolbox? What other software would you recommend trying to get a hold of and getting familiar with?
Thanks for your insight! | |
| lodogg 2003-04-23, 11:29 am |
| Well I posted this before but SNORT is awesome IDS software you can get it from www.snort.org. You can run this on a W2k box or a Linux box. You can integrate it with MySql to run reports or any customizing you would like to do. But watch out I have seen it kick up a lot of false positives. But that¡¦s part of the learning experienceƒº he he Other software¡¦s that are a must is a good port scanner Nmap works fine with Linux. You can test your ports to see what's open through your firewall and what services you may have opened. I have not tested this software yet but http://www.nessus.org/ is supposed to be really good and free too. Everything I'm talking about is Open Source and you won't have to pay for.... Unlike good old Bill Gates
Well those are a few I would get familiar with.
Thanks
Lo
PS
Microsoft had a security software to test to see what Microsoft OS¡¦s may need patched I think it was called the baseline tester or something like that. I¡¦m sure someone here knows what I¡¦m talking about. | |
| meijin 2003-04-23, 12:50 pm |
| Lo:
Thanks for the response and yes, it is good to have free open source tools. However, they are geared towards Linux and let's face it...Linux just does not have that big of a market penetration. It's like being caught between a rock and a hard place. KNow what I mean?
Thanks again! | |
| lodogg 2003-04-23, 2:43 pm |
| We use snort here at work and we are completely windows It's a very good IDS software to see if attacks are coming into your network. Nessus is a good penetration software to see what holes and security breeches you may have and yes it can scan IIS boxes and everything else windows has to offer. So download them and give it a shit. Yes nessus has to run on UNIX or Linux. But snort can run on windows!!!!!
Thanks Again
Lo | |
| meijin 2003-04-24, 10:22 am |
| Yeah, I am with you on Snort being Win32...but the point was that it is more the exception than the rule when it comes to open source. Plenty of legit reasons as to why you don't see so many open source Win32 program...but still a pain.
Thanks for the heads up on the other software. | |
| 117wik 2003-04-26, 3:12 pm |
| depends on what sort of vunerability you are trying to scan for... get a hacking expose book (get the one for win2K if that's the area u want to focus on) and it tells you a lot of hack on how people do it, what tool they use and how to stop it etc.
The 'counter Hack' book is ok too. | |
|
| there is a windows port of nessus but its not as good as the *nix version. you arent being too specific on what kind of tools or job you want to accomplish so its hard to answer. what i do it run VMware on an XP box so i can use both kinds of tools depending on what job i need to get done. sometimes things just go easier in Linux... | |
| meijin 2003-04-28, 9:09 pm |
| I'm not looking to do anything in particular at this point...just looking for some tools to have handy and looking for suggestions.
Speaking of VMWare, what version are you running? I have a copy of 3.2.0 (workstation) that I have been meaning to do something with...so many projects, so little time.
Thanks! | |
|
| i'm using 3.0.0... too lazy to download a new copy
i have used it for awhile so if you have any questions just send me a note or if you want to talk about my setup. i basically built my hacklab with it. for example, run win2k server in VM and hack at it from my XP box, or same thing if there is a new sploit that only runs on linux you can fire up the linux VM and the win2k VM but i only have 512 RAM so it takes a while to get up and running but after it gets cranking it works well. | |
| meijin 2003-04-28, 9:40 pm |
| Careful! I'm not too bashful to take you up on that gator! 
I use a RomTec Treos on my PC, so I have three OSes on three different HDs (can only access one at a time). I think VMWare will help with some of my playing around.
Gonna be a few weeks before I completely wipe everything, so it may be a while. And now I want to get Win03 server up and running as well.
Thanks! |
|
|
|