[buug] recommendations for network security tools?
Johan Beisser
jb at caustic.org
Wed Jul 30 16:28:09 PDT 2008
On Wed, Jul 30, 2008 at 4:10 PM, Bob Read <unixjavabob at yahoo.com> wrote:
> Hi,
> I'm looking for recommendations for network security tools:
>
> 1) subnet scanning and IP discovery (nmap...discover new IPs and categorize them with port scan)
Old nmap is still best in class here, imho. It does support some odd
and slightly useless features, but mostly has useful output.
> 2) corporate environment windoze workstation monitoring (to identify a windoze box that has been owned via netflow/sflow, virus scan, port scan, etc)
I'd look at putting an IDP/IDS inline to scan outbound traffic from a
specific subnet. This one tends to be harder though, and multiple
vendors have put forward multiple ideas and systems. As far as
OpenSource solutions go, you're on your own. I've yet to find one that
doesn't scream and provide too many false positives before putting in
a few days worth of tuning.
> 3) secure linux environment (for PCI compliance, for example)
Activate SELinux. Then review the compliance regs really really well.
You'll find that you have to isolate the systems, users, etc anyway.
More information about the buug
mailing list