[ Search ] [ What's New? ] [ About ]
[ Bugs ] [ Misc ] [ Mailing Lists ] [ Newgroups ] [ NewsWire ] [ Papers ] [ People ]
[ Pictures ] [ Publications ] [ Responce Teams ] [ Tools ] [ Upcoming Events ] [ Web Sites ]

Security Tools

Title: Automated System Monitoring and Notification With Swatch
Authors: Stephen E. Hansen E. Todd Atkins
Abstract:
This paper describes an approach to monitoring events on a large number of servers and workstations. While modern UNIX systems are capable of logging a variety of information concerning the health and status of their hardware and operating system software, they are generally not configured to do so . Even when this information is logged, it is often hidden in places that are either not monitored regularly or are susceptible to deletion or modification by a successful intruder. Also, a system administrator must often monitor several, perhaps dozens, of systems. To address these problems, our approach begins with the modification of certain system programs to enhance their logging capabilities. In addition, our approach calls for the logging facilities on each of these systems to be configured in such a way as to send a copy of the critical system and security related information to a dependable, secure, central logging host system . As one might expect, this central log can see a megabyte or more of data in a single day. To keep a system administrator from being overwhelmed by a large quantity of data we have developed an easily configurable log file filter/monitor, called swatch . Swatch monitors log files and acts to filter out unwanted data and take one or more user specified actions (ring bell, send mail, execute a script, etc .) based upon patterns in the log .

Title: Experiences with Tripwire: Using Integrity Checkers for Intrusion Detection
Authors: Gene H. Kim Eugene H. Spafford
Abstract:
This paper begins by motivating the need for an integrity checker by presenting a hypothetical situation any system administrator could face. An overview of Tripwire is then described, emphasizing the salient aspects of Tripwire configuration that supports its use at sites employing modern variants of the UNIX operating system. Experiences with how Tripwire has been used in "in the field" are then presented, along with some conjectures on the prevalence and extent of system breakin. Novel uses of Tripwire and no-table configurations of Tripwire are also presented.

Title: Pass or Fail: A New Test for Password Legitimacy
Authors: Andrew Cherry Mark W. Henderson William K. Nickless Robert Olson Gene Rackow
Abstract:
While other programs check for bad passwords after the fact, it is important to have good passwords at all times, not just after the latest Crack run. To this end the author have modified Larry Wall's Perl password program and added, among other features, the ability to check a sorted list of all the "bad passwords" that Crack will generate, given all the dictionaries that we could get our hands on (107 MB of unique words, so far). The combination of improvements has turned publicly available code into a powerful tool that can aid sites in the maintenance of local security.

Title: The Cops Security Check System
Authors: Daniel Framer Eugene H. Spafford
Abstract:
This paper briefly describes the Cop Security Check System. Included are the underlying design goals, the functions provided by the tool, possible extensions, and some experiences gained from its use. It also include information on how to obtain a copy of the initial Cops release.

Title: The Design and Implementation of Tripwire: A File System Integrity Checker
Authors: Gene H. Kim Eugene H. Spafford
Abstract:
This paper describes the design and implementation of the Tripwire tool. It uses interchangeable "signature" routines to identify changes in files, and is h highly configurable.

Title: The Operator Shell: A Means of Privilege Distribution Under Unix
Authors: Michael Neuman Gray Christoph
Abstract:
This paper describes the design, features, security considerations, internals, and applications of the Operator Shell.

Title: The S/KEY One-Time Password System
Authors: Neil M. Haller
Abstract:
This paper is used at a later time to attack the system. The author have developed a prototype software system, the S/KEY one-line password system, to counter this type of attack and have been using it experimentally for external access to a research computer complex at Bellcore.

Title: TIS Firewall Toolkit
Authors:
Abstract:
The TIS Firewall Toolkit is a set of programs and configuration practices designed to facilitate the building of facilitate the building of network firewalls. Components of the toolkit, while designed to work together, can be used in isolation or can be combined with other firewall components. The toolkit software is designed to run on UNIX systems using TCP/IP with a Berkeley-style 'socket' interface.

Title: Writing, Supporting, and Evaluating Tripwire: A Publically Available Security Tool
Authors: Gene H. Kim Eugene H. Spafford
Abstract:
This paper begins with brief overview of what Tripwire does and how it works. It discuss how certain implementation decisions affected the course of Tripwire development, also presents other applications that have been found for Tripwire.


Aleph One / aleph1@underground.org
Copyright © 1996 Computer Underground Society. All rights reserved.