Monday, August 29, 2011

OpenDLP - Open source Data Loss Prevention

OpenDLP:-

is a free and open source, agent-based, centrally-managed, massively distributable data loss prevention tool released under the GPL. Given appropriate Windows domain credentials, OpenDLP can simultaneously identify sensitive data at rest on hundreds or thousands of Microsoft Windows systems from a centralized web application. OpenDLP has two components: a web application and an agent.

The speed and simplicity of OpenDLP make it a great choice for Penetration Testers. Unfortunately, it also does the same for an attacker. In one case, SecureState was able to sift through 50 machines to pull out various HIPAA and PCI data in less than an hour. This may result in non-compliance in both areas. With the weaponization of OpenDLP, an attacker no longer has to spend days searching systems or limiting themselves to only large file shares. Attackers can be in and out before they are ever detected.

Data Loss Prevention suite with centralized web frontend to manage Windows agent filesystem scanners, agentless database scanners, and agentless Windows/UNIX filesystem scanners that identify sensitive data at rest.Web Application
  • Automatically deploy and start agents over Netbios/SMB
  • When done, automatically stop, uninstall, and delete agents over Netbios/SMB
  • Pause, resume, and forcefully uninstall agents in an entire scan or on individual systems
  • Concurrently and securely receive results from hundreds or thousands of deployed agents over two-way-trusted SSL connection
  • Create Perl-compatible regular expressions (PCREs) for finding sensitive data at rest
  • Create reusable profiles for scans that include whitelisting or blacklisting directories and file extensions
  • Review findings and identify false positives
  • Export results as XML
  • Written in Perl with MySQL backend

Agent

  • Runs on Windows 2000 and later systems
  • Written in C with no .NET Framework requirements
  • Runs as a Windows Service at low priority so users do not see or feel it
  • Resumes automatically upon system reboot with no user interaction
  • Securely transmit results to web application at user-defined intervals over two-way-trusted SSL connection
  • Uses PCREs to identify sensitive data inside files
  • Performs additional checks on potential credit card numbers to reduce false positives
  • Can read inside ZIP files, including Office 2007 and OpenOffice files
  • Limits itself to a percent of physical memory so there is no thrashing when processing large files

Agentless Database Scans

In addition to performing data discovery on Windows operating systems, OpenDLP also supports performing agentless data discovery against the following databases:

  • Microsoft SQL server
  • MySQL

Agentless File System and File Share Scans

With OpenDLP 0.4, one can perform the following scans:

  • Agentless Windows file system scan (over SMB)
  • Agentless Windows share scan (over SMB)
  • Agentless UNIX file system scan (over SSH using sshfs)

Screenshots

Agent-based Windows OS scan, summary results view:

Agent-based Windows OS scan, detailed results view:

Agentless Microsoft SQL Server scan, detailed results view:


Download Link : Click Here

**********************************************************************************
Posted by at
Labels: , , , , , ,

SSH Tools for Windows , Mac OS


OpenSSH:
is a FREE version of the SSH connectivity tools that technical users of the Internet rely on. Users of telnet, rlogin, and ftp may not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions.

OpenSSH Server for Windows:


An installer for a minimal installation of the Cygwin environment suitable for running an OpenSSH server on the Windows platform.

Download Link : Click Here

SSH Client For Windows:
PuTTY is a free implementation of Telnet and SSH for Win32 platforms.

Download Putty : Click here

TTSSH is a free SSH client for Windows. It is implemented as an extension DLL for Teraterm Pro. Teraterm Pro is a superb free terminal emulator/telnet client for Windows, and its source is available. TTSSH adds SSH capabilities to Teraterm Pro without sacrificing any of Teraterm's existing functionality.

SSH Client For Mac O/S:
NiftyTelnet 1.1 SSH r3 is an enhanced version of Chris Newman's NiftyTelnet 1.1 application which adds support for encrypted terminal sessions using the SSH (Secure Shell) protocol.

Download NiftyTelnet : Click here

MacSSH:
SSH2 client for MacOS before X, based on BetterTelnet, lsh and GUSI.

Download MacSSH: Click Here
Posted by at
Labels: , , , , ,

Tips for Secure SSH Login


Secure Shell (SSH):
has been constructed with regards to security. Previously, customers often accessed Telnet in order to gain connection to their servers; however, this was the time, when servers were located right across the hall, not widely spread across the infinite internet.

Secure Shell provides an additional layer of encryption to the communication, ensuring that the users can connect with the dedicated server or the virtual private server (VPS) without having to feel wary of any threat from malicious activity, such as the capturing of their password.

Default Port No: 22/Tcp


Restrict Root login's:
In an ordinary situation, you have no motive to permit straight root logins to your server. Although the system administrator can be one of the roots once it has logged in (using su or sudo), it is far too dangerous to make your root account open to the entire Internet.

Jail users in chroot directories:
Servers, belonging to Linux and UNIX, provide the ability of restricting ordinary users from doing something dangerous, such as removing all the documents;, however, nothing can be done about viewing the files.

Install Brute Force Detection software:
Malicious hackers can make use of forcible methods in an attempt to gain knowledge of your password and carry out malevolent activity on your server.

Maintain secure password and periodic rotations:
Being the sysadmin, you have the ability to manage the requirements regarding the strength of the password along with making it compulsory for users to modify their password after a period of time.

Set the Timeout Interval:
An extremely helpful feature, a part of SSH configuration file, is that it allows you to determine a timeout interval, disallowing users from staying logged in, irrespective of whether they have forgotten to logout .


Posted by at
Labels: , , , ,

Friday, July 29, 2011

open source security assessment framework



Dradis

is an open source framework to enable effective information sharing, specially during security assessments.

Dradis is a self-contained web application that provides a centralized repository of information to keep track

This application is suited to people in lengthy engagements, it’s very useful to have all the information in one place. It’s also good to have if your team changes (i.e. someone joins half the way through), it will be useful to bring them up to speed.

Download Link : Click Here

************************************************************************************
Posted by at
Labels: , , , , , , , , ,

Wednesday, July 27, 2011

Open Source Live-CD for Computer Forensic



PlainSight :
is a versatile computer forensics environment that allows inexperienced forensic practitioners perform common tasks using powerful open source tools.

We have taken the best open source forensic/security tools, customised them, and combined them with an intuitive user interface to create an incredibly powerful forensic environment.

Download Link : Click Here

********************************************************************************

DEFT 6 :
 is based on Lubuntu with Kernel 2.6.35 (Linux side) and DEFT Extra 3.0 (Windows side) with the best freeware Computer Forensic tools; it is a new concept of Computer Forensic live system, ewflib ready, that use WINE for run Windows Computer Forensics tools under Linux.


DEFT live-cd for incident-response & corporate/gov forensics and a DEFT-based persistent environment for acquisition-analysis within the inhouse forensic lab.

Download Link : Click here

**********************************************************************************
Posted by at
Labels: , , , , , , ,

Open Source Live-CD for Penetration testing



BackBox :
 is a Linux distribution based on Ubuntu Lucid 10.04 LTS developed to perform penetration tests and security assessments. Designed to be fast, easy to use and to provide a minimal yet complete desktop environment thanks to its own software repositories always been updated to the last stable version of the most known and used ethical hacking tools.

Hacking tools new or updated: Firefox 4, Hydra 6.2, Kismet 2011.03.2, Metasploit Framework 3.6.0, NMap 5.51, SET 1.3.5, SqlMap 0.9, sslstrip 0.8, w3af 1.0-rc5, weevely 0.3, WhatWeb 1.4.7,
Wireshark 1.4.5, Zaproxy 1.2, etc

Download Link : Click Here

**************************************************************************************************************************************

Blackbuntu :
 is distribution for penetration testing which was specially designed for security training students and practitioners of information security.
Blackbuntu is Ubuntu base distro for Penetration Testing with GNOME Desktop Environment. It's currently being built using the Ubuntu 10.10.

Download Link : Click here

***********************************************************************************

Posted by at
Labels: , , , , , , , ,

Tuesday, July 26, 2011

Open Source network firewall


NetDefender :
is a Free Firewall with source code, which can be downloaded along with firewall executables. Netdefender works on windows 2000 and windows XP.

Requirements :

1. Netdefender can only run on an OS higher than windows 2000 (i.e. Win 2000, Win Xp I hope Vista would not break anything)
2. User must has admin rights (i.e. must be member of administrator group ) on the system.

Download Link : Click here

***********************************************************************************
Shorewall :
is a gateway/firewall configuration tool for GNU/Linux.


Download Link : Click here

************************************************************************************

Zorp
is a new generation proxy firewall suite and as such its core architecture is built around today's security demands: it uses application level proxies, it is modular and component based, it uses a script language to describe policy decisions, it makes it possible to monitor encrypted traffic, it let's you override client actions, it let's you protect your servers with its built in IDS capabilities... The list is endless. It gives you all the power you need to implement your local security policy.

Download Link : Click here

***********************************************************************************
Ufw :

 stands for Uncomplicated Firewall, and is program for managing a netfilter firewall. It provides a command line interface and aims to be uncomplicated and easy to use.

Download Link : Click here

Thanks

chandru
Posted by at
Labels: , , , , , , , , , , ,
Subscribe to: Posts (Atom)