B.6. UtilitiesA number of additional utilities provide services you'll find useful when you build and maintain your firewall.B.6.1. TIS Internet Firewall Toolkit (FWTK)See the discussion of the TIS FWTK in Section B.1, "Authentication Tools", earlier in this appendix.
B.6.2. TCP Wrapperftp://coast.cs.purdue.edu/pub/tools/unix/tcp_wrappers/With this package, from Wietse Venema, you can monitor and filter incoming requests for servers started by inetd.
B.6.3. chrootuidftp://coast.cs.purdue.edu/pub/tools/unix/chrootuidchrootuid, from Wietse Venema, makes it easy to run a network service at a low-privilege level and with restricted filesystem access. The program can be used to run Gopher, HTTP, WAIS, and other network daemons in a minimal environment: the daemons have access only to their own directory tree and run under a low-privileged userid. The arrangement greatly reduces the impact of possible security problems in daemon software.
B.6.4. inziderhttp://ntsecurity.nu/toolbox/inzider, written by Arne Vidstrom, is a Windows NT tool that shows what processes are listening on what ports. It is a useful tool for understanding what network services are doing on a Windows NT machine.
B.6.5. MRTGhttp://ee-staff.ethz.ch/~oetiker/webtools/mrtg/mrtg.htmlThe Multi Router Traffic Grapher (MRTG) is a tool that generates web pages with graphs of data about your network. Originally, it was designed to show data from routers, gathered with SNMP, but it is easy to use it to show any data that can be gathered via SNMP, and only slightly harder to adapt it for other ways of getting numeric values. It provides historical data (that is, it shows values over time), but it updates the web pages in real time, as information comes in. These graphs are very useful for recognizing patterns and trends in network usage.
B.6.6. NOCOLhttp://www.netplex-tech.com/software/nocol/NOCOL is a system and network monitoring system that runs on Unix systems and can poll many kinds of devices, using a variety of methods. It can watch syslog, use SNMP, and test machines with ICMP, for instance. Additional monitors can easily be added; there are C and perl APIs to help you write them.
B.6.7. NetCathttp://www.l0pht.com/~weld/netcat/NetCat is a utility, available for Unix and Windows NT, that allows you to read and write data using arbitrary TCP and UDP ports. It is invaluable in debugging and in otherwise investigating network services.
B.6.8. NetSainthttp://www.netsaint.orgNetSaint is a network monitoring program that checks the status of services and notifies you when there are problems with them. It can use electronic mail or a pager for notification. NetSaint is written in C and is designed to run under Linux (and most other Unix variants) as a background process, intermittently running checks on various services that you specify. The actual service checks are performed by separate programs that return the status of the checks to NetSaint. Several CGI programs are included with NetSaint to allow you to view the current service status, problem history, notification history, and log file via the Web.
B.6.9. PGPhttp://www.pgp.comPGP, by Phil Zimmerman, is a suite of encryption tools, available for both Unix and Windows NT, that provides encryption for electronic mail and suitable file encryption for protecting binaries that you intend to leave on bastion hosts but don't want intruders to have access to.
B.6.10. trimlogftp://coast.cs.purdue.edu/pub/tools/unix/trimlogtrimlog, by David A. Curry, is a program that helps you manage log files. It reads a configuration file to determine which files to trim, how to trim them, how much they should be trimmed, and so on. The program helps keep your logs from growing until they consume all available disk space.
B.6.11. AntiSniffhttp://www.l0pht.com/antisniff/AntiSniff is a tool for detecting computers that are running network sniffers. It is discussed in Chapter 26, "Maintaining Firewalls".
B.6.12. tcpdumpftp://coast.cs.purdue.edu/pub/tools/unix/tcpdump/tcpdump is a Unix tool for collecting network traffic. It can be used for network monitoring and debugging and is the basis for a number of other tools that deal with packet-level information.
|
|