Questions you should have
How to install it
Full technical disclosure
Related technical resources
Let us know!
If you have any information you think should be on this page, tell me.
Erik Winkler has a setup for 68K Macintosh computers:
Security focus is a news web site that keeps an eye out on technical issues related with security, break-in attempts, etc. This is a very valuable resource if you want to stay current:
Here is a list of Firewall vendors and their products.
IP Filter Based Firewalls HOWTO:
Unix security checklist
Some ADSL and cable modem provider want you to run PPP over ethernet to connect to their modem. Here's where you can find a version for NetBSD and Linux.
Bastille Linux 1.0
by Bastille Linux Project < http://bastille-linux.sourceforge.net/ >
Bastille Linux is aimed primarily at non-security-experts, who are less knowledgeable about security, but want to run a more secure distribution of Linux. Our goal is to build a more secure distribution based on an well-supported existing distribution. Our solution currently takes the form of a Universal Hardening Program which must be run immediately after installation of Redhat 6.0.
nmap is a utility for port scanning large networks, although it works fine for single hosts. The guiding philosophy for the creation of nmap was TMTOWTDI (There's More Than One Way To Do It). This is the Perl slogan, but it is equally applicable to scanners. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). You just can't do all this with one scanning mode. And you don't want to have 10 different scanners around, all with different interfaces and capabilities.
The NetBSD package is here.
The Firewall Toolkit is one of the most often used freely available set of firewall tools:
Wietse Venema's wrote a number of widely used tools that are excellent. His wrapper functions are among the most used Firewall Tools.
Wietse's tools and papers can be found here:
Tripwire is a file and directory integrity checker, a utility that compares a designated set of files and directories against information stored in a previously generated database. Any differences are flagged and logged, including added or deleted entries. When run against system files on a regular basis, any changes in critical system files will be spotted -- and appropriate damage control measures can be taken immediately. With Tripwire, system administrators can conclude with a high degree of certainty that a given set of files remain free of unauthorized modifications if Tripwire reports no changes.
The Deception Toolkit is a set of software that makes your computer look like it is running something it is not, and is meant to confuse and/or track crackers. Read the site for full information.
PortSentry is probably the most often used network intrusion detection tool.
Snort is a new network intrusion detectioon tool that is rapidly becoming popular.
Frequently Asked Questions on Intrusion detection software
Macintosh users who want firewall protection should consider DoorStop Personal Edition from Open Door Networks, Inc. DoorStop PE is inexpensive, easy-to-use software that runs on the Mac it's protecting and lets you deny TCP access to specific (or all) services on that Mac based on the user's IP address. DoorStop can also log allowed and denied connection attempts, and notifiy you when such attempts occur.
http://www.cl.cam.ac.uk/~rja14/ is a site with some excellent reading material that should give you some insight on why it is so difficult to get things really secure.
Books on security and Intrusion detection
Although O'Reilly probably has the best books there are on this subject, you might want to look into these as well:
Network Intrusion Detection: An Analyst's Handbook
by Stephen Northcutt
Maximum Linux Security
Publisher: SAMS Publishing
First Printing: September 1999