Prevenção & Detecção de Intrusos

Monitoramento de Rede, Sistemas de Preven��o de Intrusos (IPS) & Sistemas de Detec��o de Instrusos (IDS).

Ferramenta Monitoramento Organização
Port Scan Broadband (DSL) Reports

Ferramentas IDS & Monitoramento, Rastreamento e Análise de Rede

  • Nessus - Open Source Vulnerability Scanner
    Nessus is a free, powerful remote security scanner for Linux, BSD, Solaris, and other Unices. It is plug-in-based: each security test is written as an external plugin using NASL (Nessus Attack Scripting Language) or C. Nassus is client-server (server scanner, client frontend), has a GTK interface, can test unlimited amount of hosts, doing thorough service recognition, and performs over 1600 remote security checks, with an daily updated security vulnerability database. It allows complete and exportable reports (HTML, XML, LaTeX, ASCII), and suggests solutions for security problems.
  • Snort - Open Source Network Intrusion Detection System
    Snort is a lightweight network intrusion detection system (IDS), capable of performing real-time traffic analysis and packet logging on IP networks. Open source software, by Marty Roesch. Snort can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more. Snort uses a flexible rules language (for traffic collect), a detection engine with modular plugin architecture, and real-time alerting capability mechanisms.
    Snort has three primary uses: It can be used as a straight packet sniffer (like tcpdump), a packet logger (useful for network traffic debugging, etc), or as a full blown network intrusion detection system.
    Snort should work any place libpcap does, and is known to have been compiled successfully on the following platforms: Linux, BSD, Solaris, SunOS, HP-UX, AIX, IRIX, Tru64, MacOS X Server, Win32 (9x/NT/2000/XP).
    • Analysis Console for Intrusion Databases (ACID)
      ACID é um mecanismo de análise escrito em PHP, para pesquisar e processar uma base de dados de incidentes gerada por softwares de segurança como IDSes e firewalls (e.g. Snort, ipchains, iptables). By Carnegie Mellon CERT.
    • SnortCenter
      Snort IDS Rule & Sensor Management. SnortCenter é um sistema de gerenciamento cliente-servidor baseado em web escrito em PHP e Perl. Ele ajuda a configurar o Snort e manter as assinaturas atualizadas. A Console de Gerenciamento irá construir os arquivos de configuração para você e então enviar ao sensor remoto.
    • IDS Policy Manager
      IDS Policy Manager para Windows 2000/XP é um meio poderoso para modificar os arquivos de configuração e regras do Snort.
  • Wireshark
    Wireshark is a network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It has a rich and powerful feature set and is world's most popular tool of its kind. It runs on most computing platforms including Windows, OS X, Linux, and UNIX. Network professionals, security experts, developers, and educators around the world use it regularly. It is freely available as open source, and is released under the GNU General Public License version 2.
    Wireshark was originated from Ethereal. In May of 2006, Gerald Combs (the original author of Ethereal) went to work for CACE Technologies (best known for WinPcap). Unfortunately, he had to leave the Ethereal trademarks behind. The only reasonable way to ensure the continued success of the project was to change the name. This is how Wireshark was born.
    Link alternativo.
    Projeto SourceForge: Wireshark - SF Wireshark Downloads.
  • Ethereal Network Analyzer
    "Sniffing the glue that holds the Internet together".
    Ethereal é um analisador de protocolo de rede gratuito para Unix e Windows. Ele permite que você examine dados de uma rede em funcionamento ou de um arquivo capturado em disco. Você pode navegar interativamente os dados capturados, vendo informação resumida e detalhada para cada pacote. Fontes e binários do Etheral pré-compilados para Windows, Linux, SunOS/Solaris e outros Unix disponíveis para download.
  • Nmap
    Nmap ("Network Mapper") é um utilitário código-aberto para exploração de redes ou auditoria de segurança. Ele é um scanner de portos de rede "stealth" para Linux/Windows/UNIX/Solaris, projetado para varrer rapidamente grandes redes, embora ele funcione bem para servidores isolados. Nmap é software livre distribuído sob os termos da licença GNU GPL. Por Insecure.Org.
    • Zenmap
      Zenmap is the official Nmap Security Scanner GUI. It is a multi-platform (Linux, Windows, Mac OS X, BSD, etc.) free and open source application which aims to make Nmap easy for beginners to use while providing advanced features for experienced Nmap users. Antes NMapWin.
      Projeto SourceForge: NMapWin - SF NMapWin Downloads.
  • TCPDUMP
    Repositório público do tcpdump / libpcap. This page was started to collect various patches that have been floating around for LBL's tcpdump and libpcap programs, and to continue the work needed on both projects.
    • WinDump: tcpdump for Windows using WinPcap
      WinDump é o porte para a plataforma Windows do tcpdump, um dos sniffers/analisadores de rede mais usados para UNIX. Ele roda em qualquer Win32 (9x/Me/NT/2000/XP). WinDump usa uma biblioteca libpcap-compatível para Windows, WinPcap, que pode ser livremente obtida por download no site da WinPcap. WinPcap: the free industry-standard windows packet capture library.
  • Winfingerprint
    Winfingerprint is a Win32 MFC VC++ .NET based security tool: a Host/Network Enumeration Scanner. Winfingerprint is capable of performing SMB, TCP, UDP, ICMP, RPC, SNMP scans. Using SMB, winfingerprint can enumerate OS, users, groups, SIDs, password policies, services, service packs and hotfixes, NetBIOS shares, transports, sessions, disks, security event log, and time of day in either an NT Domain or Active Directory environment. Winfingerprint-cli is a command line version of winfingerprint and it is currently bundled with each release.
    SourceForge Project: winfingerprint, open source distributed under GPL.
  • AnalogX Network Utilities
    • AnalogX PacketMon
      AnalogX PacketMon allows you to capture IP packets that pass through your network interface - whether they originated from the machine on which PacketMon is installed, or a completely different machine on your network. PacketMon is currently available for Win2000/XP only.
    • Internet Traffic Report (ITR) Client
      AnalogX ITR Client is a GUI tool running in Windows system tray which gives you quick access to graphical tools used to diagnose network access problems: ping, trace route, and Internet Traffic Report on-line rates.

Análise de Log

  • Log Analysis.org
    Este sítio é dedicado a reunir um repositório de informações úteis sobre análise de log para segurança de computadores. Por Tina Bird e Marcus Ranum.
  • SWATCH: The Simple WATCHer of Logfiles
    Swatch é um ferramenta de monitoramento ativo de arquivos de log. Swatch surgiu como um "cão de guarda simples" para monitorar ativamente arquivos de log produzidos pelo mecanismo syslog do UNIX. Desde então ele evoluiu para um utilitário capaz de monitorar quase todo tipo de log.
    SWATCH é um utilitário console escrito em Perl, distribuído sob a licença GNU General Public License (GPL).
    SourceForge Project: Swatch.
  • OsHids
    OsHids é um software código-aberto que analisa seus arquivos de log e toma certas ações se ele encontra algo suspeito. OsHids pode ser executado em "Tempo-Real", ou como um serviço (daemon), ou ainda pode ser agendado using crontab no Unix/Linux. By Open Source Security.
    SourceForge project: oshids.
    Detecting Intrusions with your Firewall Log and OsHids (PDF).
  • Logcheck
    Logcheck is software package for Unix/Linux that is designed to automatically run and check system log files for security violations and unusual activity. Logcheck utilizes a program called logtail that remembers the last position it read from in a log file. Open source at SourceForge.
  • syslog-ng
    syslog-ng is a syslogd replacement, but with new functionality for the new generation. syslog-ng adds the possibility to filter based on message contents using regular expressions. The new configuration scheme is intuitive and powerful. Forwarding logs over TCP and remembering all forwarding hops makes it ideal for firewalled environments.
    By BalaBit IT. syslog-ng Download.
    Syslog-ng FAQ.
  • NTsyslog
    Windows NT/2000/XP syslog service. This program is free software. By SaberNet.net.
    SourceForge project: NTsyslog.
  • LogWatch [Em portugu�s]
    Base de dados centralizada para an�lise e gerenciamento das informa��es de logs, com filtros, consultas e relatórios flexíveis e personalizáveis. Agentes para vários tipos de log: Firewall, IDS, SO, Antivírus, Web, Proxy, Roteador e Switch, Banco de Dados, Correio Eletrônico, Serviços de Rede, e outros.
    Por 3Elos Segurança, Brasil. Produto comercial, disponível em Português e Inglês.