Since security is a way of life for most hosts (at least any host that wants to be in business 6 months from now :)), what tools do you use to monitor the security of your servers and your network?

I'll start off with some of my favorite:

chkrootkit (http://www.chkrootkit.org/)
John the Ripper (http://www.openwall.com/john/)
Nmap (http://www.insecure.org/nmap/)


Also, do you tend to favor open source or commercial applications for security?

Proactive:
- Nessus (http://www.nessus.org/) is a pretty good.
- Online resources: cert.org, xforce.iss.net, freebsd-announce
- ipfw / iptables to keep it simple

Reactive:
- chkrootkit
- ipfw / iptables to disappear on thread or breach.
- freebsd watch tool (as necessary)

I find nessus has never once produced any usable results other than the port scans, but I still use it just to be certain on new installations. You never know what makes its way into them linux distros!

I'm not sure if you're looking for initial "check over" of the box or ongoing detection.

For the later I tend to use:

log sentry
chkrootkit
tripwire


Frank

Any suggestions for those of using Windows 2000?

John

TurtleBay,

Nessus will help identify potential flaws in Windows, but generally it's only useful to check against an initial Windows install and to verify that patches have plugged known holes.

There are commercial products available for Windows that warrant looking into though, try www.symantec.com (Hi Allan!).

I honestly think the best and simplest way of protecting your server would be :

1. install a firewall. Nothing fancy.. a simple IP tables should be good enough
2. use NMAP to monitor your open ports and check the deamons your running
3. make sure your software is up to date


If you do that much, I think your very very safe...

kunal

I thought about installing a firewall.

But other than those little blue flames around the hard drive, I've never really had a problem...

Originally posted by etLux
I thought about installing a firewall.

But other than those little blue flames around the hard drive, I've never really had a problem...

The firewall isn't to protect your server from fire, it is to protect the servers around you from fire. The friction that is generated by 1000s of people hitting your site every minute can give of frandom sparks and start fires on other people's equipment -- a firewall stops that from happening.

:bs:

Originally posted by allan
The firewall isn't to protect your server from fire, it is to protect the servers around you from fire. The friction that is generated by 1000s of people hitting your site every minute can give of frandom sparks and start fires on other people's equipment -- a firewall stops that from happening.

:bs:

I am INCENSED! How dare you imply that I run the sorts of sites where people do disgusting things involving friction.

In any event, we're strong believers in Vas-o-line. And you should be, as well! Too much friction leads to abrasion, and you certainly don't want that.

:eek: :rolleyes: :D


*falls of his chair as tears roll down his eyes coz of his laughter*

Get back in your chair, kunal.

And put down that Vas-o-line.

aye captain :bowdown:

*puts a bag on his head to hide his laughter*

:baghead: