Daniel Framer, Eugene
H. Spafford, The Cops
Security Check System
Abstract: This paper briefly describes the Cop Security Check System. Included are the underlying design goals, the functions provided by the tool, possible extensions, and some experiences gained from its use. It also include information on how to obtain a copy of the initial Cops release.
Zerkle, Karl Levitt,
-- A Multi-Host Configuration Vulnerability Checker (A
homepage exists for this item)
Abstract: NetKuang is an extension to SU-Kuang. It runs on computers using UNIX and can find vulnerabilities created by poor system configuration.
A Security Analysis Integration Tool
Keywords: COPS, TCP-Wrappers, Passwrd+, Crack, Trip Wire, SATAN, Tiger, S/Key, logdaemon suite
Abstract: This paper presents the design of SAINT, a tool being developed at the National Autonomous University of Mexico that will allow integrated analysis of information gathered from various sources, such as security tools and system logs. By simulating events occuring in the systems, and collected from the different sources, SAINT will allow detection, or even prevention of problems that may otherwise go undetected due to lack of information about them in any single place. SAINT's modular and extensible architecture make it feasible to add new modules for processgin new data types, detecting new kinds of problems, or presenting the results in different formats.
TIS Firewall Toolkit
Abstract: The TIS Firewall Toolkit is a set of programs and configuration practices designed to facilitate the building of facilitate the building of network firewalls. Components of the toolkit, while designed to work together, can be used in isolation or can be combined with other firewall components. The toolkit software is designed to run on UNIX systems using TCP/IP with a Berkeley-style 'socket' interface.
Andrew Cherry, Mark
W. Henderson, William
K. Nickless, Robert
Olson, Gene Rackow,
Pass or Fail: A New Test for Password Legitimacy
Abstract: While other programs check for bad passwords after the fact, it is important to have good passwords at all times, not just after the latest Crack run. To this end the author have modified Larry Wall's Perl password program and added, among other features, the ability to check a sorted list of all the "bad passwords" that Crack will generate, given all the dictionaries that we could get our hands on (107 MB of unique words, so far). The combination of improvements has turned publicly available code into a powerful tool that can aid sites in the maintenance of local security.
Neil M. Haller,
The S/KEY One-Time Password System
Abstract: This paper is used at a later time to attack the system. The author have developed a prototype software system, the S/KEY one-line password system, to counter this type of attack and have been using it experimentally for external access to a research computer complex at Bellcore.
Stephen E. Hansen, E. Todd Atkins,
Automated System Monitoring and Notification With
Abstract: This paper describes an approach to monitoring events on a large number of servers and workstations. While modern UNIX systems are capable of logging a variety of information concerning the health and status of their hardware and operating system software, they are generally not configured to do so . Even when this information is logged, it is often hidden in places that are either not monitored regularly or are susceptible to deletion or modification by a successful intruder. Also, a system administrator must often monitor several, perhaps dozens, of systems. To address these problems, our approach begins with the modification of certain system programs to enhance their logging capabilities. In addition, our approach calls for the logging facilities on each of these systems to be configured in such a way as to send a copy of the critical system and security related information to a dependable, secure, central logging host system . As one might expect, this central log can see a megabyte or more of data in a single day. To keep a system administrator from being overwhelmed by a large quantity of data we have developed an easily configurable log file filter/monitor, called swatch . Swatch monitors log files and acts to filter out unwanted data and take one or more user specified actions (ring bell, send mail, execute a script, etc .) based upon patterns in the log .
Abstract: This directory provides general information about kerberos. Kerberos is a network authentication system for use on physically insecure networks, based on the key distribution model presented by Needham and Schroeder. It allows entities communicating over networks to prove their identity to each other while preventing eavsdropping or replay attacks. It also provides for data stream integrity (detection of modification) and secrecy (preventing unauthorized reading) using cryptography systems such as DES.
Jeffrey C. Mogul,
Simple and Flexible Datagram Access Controls for Unix-based
Abstract: Internetworks that connect multiple organizations create potential security problems that can not be sloved simply by internal administrative procedures. Oranizations would like to restrict inter-organization access to specific restricted hosts and applications. In order to limit the potential for damage and to reduce the number of systems that must be secured against attack. One way to restrict access is to prevent certain packets from entering or leaving an organization through its gateways. This paper describes simple, flexible , and modernrately efficient mechanisms for screening the packets that flow through a Unix-based gateway.
Guide for Implementing NADF Adaptors
Abstract: Introduction The purpose of this paper is to specify the generic audit record format used by ASAX. It also provides guidelines for implementing programs that convert a native file to a NADF format. Such a converter program is called a format adaptor. Why a Common Format? ASAX is a universal tool for data stream analysis (and in particular a security audit trail analysis). That means ASAX is theoretically able to analyse arbitrary sequential files. This is achieved by translating the native file to a universal format called Normalized Audit Data Format. This ensures target system independence and avoids the need to tune ASAX for every possible source of data.
Michael Neuman, Gray Christoph,
The Operator Shell: A Means of Privilege Distribution Under
Abstract: This paper describes the design, features, security considerations, internals, and applications of the Operator Shell.
David R. Safford, Douglas Lee Schales, David K. Hess,
The TAMU Security Package
Abstract: Texas A&M University (TAMU) UNIX computers came under coordinated attack in August 1992 from an organized group of internet crackers. This package of security tools represents the results of over seven months of development and testing of the software currently being used to protect the estimated 12,000 net worked devices at TAMU (of which roughly 5,000 are IP devices). This package includes three related sets of tools: "drawbridge," a powerful bridging filter package; "tiger," a set of easy to use yet thorough machine checking programs; and "netlog," a set of intrusion detection network monitoring programs.
W. Timothy Polk,
Automated Tools for Testing Computer System
Abstract: Computer security incidents occur with alarming frequency. The incidents range from direct attacks both hackers and insiders to automated attacks such as network worms. System controls are frequently cited as the cause, but many of these incidents are the result of improper use of existing control mechanisms. For example, improper access control specifications for key system files could open the entire system to unauthorized access. Moreover, many computer systems are delivered with default settings that, if left unchanged, leave the system exposed. This document discusses automated tools for testing computer system vulnerabilities. By analyzing factors affecting the security of computer systems, system manager can identify common vulnerabilities.
Built by Mark Crosbie and Ivan Krsul.
Security Archive Homepage.
COAST Project (CERIAS)Page.
Purdue CS Dept page.