SAFEsuite

Internet Security Systems, Inc. (ISS)

\SAFESUITE\

SAFEsuite(TM) is a family of network security assessment tools designed to audit, monitor and correct all aspects of network security. Internet Scanner is the fastest, most comprehensive, proactive UNIX and Windows NT security scanner available. It configures easily, scans quickly, and produces comprehensive reports. Internet Scanner probes a network environment for selected security vulnerabilities, simulating the techniques of a determined intruder. Depending on the reporting options selected, Internet Scanner provides information about each vulnerability found: location, in-depth description, and suggested corrective actions. (Requires Windows NT)


Ballista Security Auditing System

Secure Networks, Inc.

\UNIX\BALLISTA\

Ballista is a network security auditing tool developed at Secure Networks Incorporated. Ballista's goal is to serve as a comprehensive auditing tool for use in discovering security weaknesses in networked environments. Ballista is designed to provide a high level of integrity assurance in settings where network security is a serious concern.

Ballista performs comprehensive evaluations of Intranets, Web Servers, Firewalls and Screening Routers by scanning them and performing extensive tests to discern whether they are vulnerable to intrusions or attacks from hostile users.

This CD contains the evaluation version of the Ballista Security Auditing System. An evaluation key is required to use this version. A license key should be provided on the CD-ROM.


GUARDIAN

Datalynx, Inc.

\UNIX\DATALYNX\GUARDIAN\

Introduced in 1988, GUARDIAN has become the de facto standard in UNIX account and access control software, supporting most popular versions of UNIX with a common and intuitive interface across all platforms. The latest revision of GUARDIAN adds access control via 'ftp'; access control via 'su' on a per account basis; single-use passwords; an account exception report, which lists any accounts which may present possible security risks; inactivity logoff/lock-out; support for both NIS and NIS+; enhanced support for larger networks; the ability to enter an account selection template to enable more efficient processing for profile creations, reports etc.; and an enhanced API and many new configuration options.


suGUARD

Datalynx, Inc.

\UNIX\SUGUARD\

suGUARD brings layered management to UNIX systems, allowing you to define how, where, by whom, by which access methods, on what days and at what times programs and applications can be executed. Use suGUARD to allow selected users to run programs normally accessible only to the 'root' account without revealing the 'root' password, and to control access to sensitive applications. The suGUARD system provides an effective and easily administered method of controlling both systems management and application software by assigning each user a privilege level between 0 and 99 which is matched against the required execution level for the command. Only those users who have a level equal to or higher than the level required will be allowed to run the command. In addition, each command can require that the user have the security manager privilege, an option which is always required to run the command profile maintenance programs.


Portus Secure Network Firewall

Livermore Software Labs

\UNIX\PORTUS\

Portus is an NCSA-certified high-performance application-proxy gateway. It supports all TCP-IP connections and has a UDP proxy add-on. It offers high levels of security without becoming network chokepoint. Products include Portus Secure Network Firewall for AIX, Portus Secure Network Firewall for Solaris, and Portus Secure Network Firewall Installation and Administration Guide (Acrobat file), and Portus Secure Network Firewall General Information Manual - Firewall Tutorial (Acrobat file). These are 30-day fully functional demos. For activation, call (713) 974-3274.


RadLast

Kinchlea Computer Consulting

\UNIX\RADLAST\

A tool to filter Radius 1 and 2 detail files.


SATAN (Security Administrator's Tool for Analyzing Networks)

Dan Farmer and Weitse Venema

\UNIX\SATAN\

SATAN is a tool to help systems administrators. It recognizes several common networking-related security problems, and reports the problems without actually exploiting them. For each type or problem found, SATAN offers a tutorial that explains the problem and what its impact could be. The tutorial also explains what can be done about the problem: correct an error in a configuration file, install a bugfix from the vendor, use other means to restrict access, or simply disable service. SATAN collects information that is available to everyone on with access to the network. With a properly-configured firewall in place, that should be near-zero information for outsiders. SATAN will inevitably find problems.


Strobe

Julian Assange

\UNIX\STROBE\

Strobe is a network/security tool that locates and describes all listening tcp ports on a (remote) host or on many hosts in a bandwidth utilization maximizing, and process resource minimizing manner. Strobe approximates a parallel finite state machine internally. In non-linear multi-host mode it attempts to apportion bandwidth and sockets among the hosts very efficiently. This can reap appreciable gains in speed for multiple distinct hosts/routes. On a machine with a reasonable number of sockets, strobe is fast enough to port scan entire Internet sub domains. It is even possible to survey an entire small country in a reasonable time from a fast machine on the network backbone, provided the machine in question uses dynamic socket allocation or has had its static socket allocation increased very appreciably (check your kernel options). In this very limited application strobe is said to be faster than ISS2.1 (a high quality commercial security scanner by cklaus@iss.net and friends) or PingWare (also commercial).


Acrobat

Adobe Inc.

\ALL\ACROBAT\

Adobe's Acrobat viewer.