[ previous ] [ Contents ] [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ A ] [ B ] [ C ] [ D ] [ E ] [ F ] [ next ]

Securing Debian Manual
Chapter 8 - Security tools in Debian


FIXME: More content needed.

Debian provides also a number of security tools that can make a Debian box suited for security testing purposes. Some of them are provided when installing the harden-remoteaudit package


8.1 Remote vulnerability assesment tools

The tools provided by Debian to perform remote vulnerability assesment are:

By far, the most complete and up-to-date tools is nessus which is composed of a client (nessus) used as a GUI and a server (nessusd) which launches the programmed attacks. Nessus includes remote vulnerabilities for quite a number of systems including network appliances, ftp servers, www servers, etc. The latest releases are able even to parse a web site and try to discover which interactive pages are available which could be attacked. There are also Java and Win32 clients (not included in Debian) which can be used to contact the management server.

Whisker is a web-only vulnerability assessment scanner including anti-IDS tactics (most of which are not anti-IDS anymore). It is one of the best cgi-scanners available, being able to detect WWW servers and launch only a given set of attacks against it. The database used for scanning can be easily modified to provide for new information.

Bass (Bulk Auditing Security Scanner) and Satan (Security Auditing Tool for Analysing Networks) must be thought of more like "proof of concept" programs than as tools to be used while performing audits. Both are quite ancient and are not kept up-to-date. However, SATAN was the first tool to provide vulnerability assesment in a simple (GUI) way and Bass is still a very high-perfomance assesment tool.


8.2 Network scanner tools

Debian does provide some tools used for remote scanning of hosts (but not vulnerability assesment). These tools are, in some cases, used by vulnerability assesment scanners as the first type of "attack" run against remote hosts in an attempt to determine remote services available. Currently Debian provides:

Whileas queso and xprobe provide only remote operating system detection (using TCP/IP fingerprinting), nmap and knocker do both operating system detection and port scanning of the remote hosts. On the other hand, hping2 and icmpush can be used for remote ICMP attack techniques.

Designed specifically for Netbios networks, nbtscan can be used to scan IP networks and retrieve name information from SMB-enabled servers, including: usernames, network names, MAC addresses...


8.3 Internal audits

Currently, only the tiger tool used in Debian can be used to perform internal (also called white box) audit of hosts in order to determine if the filesystem is properly setup, which processes are listening on the host, etc.


8.4 Auditing source code

Debian provides two packages that can be used to audit C/C++ source code programs and find programming errors that might lead to potential security flaws:


8.5 Virtual Private Networks

FIXME: Content needed

Debian provides quite a number of package to setup encrypted virtual private networks:

IPsec (i.e. FreeSWAN) is probably the best choice overall since it promises to interoperate with most anything that runs IPsec, but these other packages can help you get a secure tunnel up in a hurry. PPTP is a Microsoft protocol for VPN. It is supported under Linux, but is known to have serious security issues.

For more information read VPN-Masquerade HOWTO (covers IPsec and PPTP) VPN HOWTO (covers PPP over SSH), and Cipe mini-HOWTO, PPP and SSH mini-HOWTO.


8.6 Public Key Infraestructure (PKI)

When considering a PKI you are confronted to a wide variety of tools:

You can use some of the software available in Debian GNU/Linux to cover some of this tools, this includes openSSL (for certificate generation), OpenLDAP (as a directory to hold the certificates), gnupg and freeswan (with X.509) support. However, the operating system does not provide (as of the woody release, 3.0) any of the freely availabe Certificate Authorities available such as pyCA, OpenCA or the CA samples from OpenSSL. For more information read the Open PKI book.


8.7 SSL Infraestructure

Debian does provide some SSL certificates with the distribution so they can be installed locally. SSL certificates are distributed in the ca-certificates. This package provides a central repository of certificates that have been submitted to Debian and approved (that is, verified) by the package maintainer.

FIXME: read debian-devel to see if there was something added to this.


8.8 Anti-virus tools

There are not that many anti-virus tools in Debian, probably because GNU/Linux users are not that much plagued currently by virii. There have been, however, worms and virii for GNU/Linux even if there has not (yet, hopefully) been any virus that has spread on the wild over any Debian distribution. In any case, administrators might want to build up anti-virus gateways or protect themselves against them.

Debian provides currently the following tools for building anti-virus environments:

As you can see, Debian does not currently provide any anti-virus software itself. There are, however, free software anti-virus projects which might (in the future) be included in Debian openantivirus and jvirus (less chances for this since it is completely Java based). Also, Debian will never provide commercial anti-virus software like: Panda Antivirus, NAI Netshield (uvscan), Sophos Sweep, TrendMicro Interscan, RAV.... For more pointers see the Linux anti-virus software mini-FAQ.

For more information on how to setup an a virus detection system read Dave Jones' article Building an E-mail Virus Detection System for Your Network.


[ previous ] [ Contents ] [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ A ] [ B ] [ C ] [ D ] [ E ] [ F ] [ next ]

Securing Debian Manual

2.5 (beta) 29 augusti 2002Sat, 17 Aug 2002 12:23:36 +0200
Javier Fernández-Sanguino Peña jfs@computer.org