|
(Page 1 of 1) Category: Access Control » RPC Windows Permission Identifier Added 2006-01-18 This tool enables administrators and penetration testers to review and audit the permissions of users on a windows machine. Windows Permission Identifier can check; File ACLs Folder ACLs Registry ACLs Services Permissions Shares Installation rights Internet Access and so on. The GUI enables the administrator to create policies that can be saved in XML format. The windows machines permissions are then checked against this policy. This enables administrators to run checks against existing organisational windows security baseline documents. Policies can be saved in XML format and all results can be exported for further use. WARNING: The policy that is included is a sample of the functionality of the tool. It is not a security policy that should be followed. Report Bugs & send your own policy files : nhouse[at]stationx.net It would be very useful to the community if you send me any policies you create. For example, Web server, desktop, domain controller or what ever you create. I will upload your policy files to the site and credit you. PortMap 3 Added 2001-10-22 This is the 3rd enhanced portmapper release. The code compiles fine with SunOS 4.1.x, Ultrix 4.x and ESIX System V release 4.0, but it will work with many other UNIX flavors. Tested with SunOS 4.1.1; an earlier version was also tested with Ultrix 3.0. SysV.4 uses a different program that the portmapper, however; rpcbind is the name, and it can do much more than the old portmapper. This is a portmapper replacement with access control in the style of the tcp wrapper (log_tcp) package. It provides a simple mechanism to discourage access to the NIS (YP), NFS, and other services registered with the portmapper. In some cases, better or equivalent alternatives are available. The SunOS portmap that is provided with patch id100482-02 should close the same security holes. In addition, it provides NIS daemons with their own access control lists. This is better than just portmapper access control. The "securelib" shared library (eecs.nwu.edu:/pub/securelib.tar) implements access control for all kinds of (RPC) services, not just the portmapper. Reportedly, Irix 4.0.x already has a secured portmapper. However, many vendors still ship portmap implementations that allow anyone to read or modify its tables and that will happily forward any request so that it appears to come from the local system. Rpcbind Added 2001-10-22 This is a rpcbind replacement with access control in the style of the tcp/ip daemon wrapper (log_tcp) package. It provides a simple mechanism to discourage remote access to the NIS (YP), NFS, and other rpc services. It also has host access control on IP addresses. Note that the local host is considered authorized and host access control requires the libwrap.a library that comes with recent tcp/ip daemon wrapper (log_tcp) implementations. If a port requests that are forwarded by the rpcbind process will be forwarded through an unprivileged port. In addition, the rpcbind process refuses to forward requests to rpc daemons that do, or should, verify the origin of the request: at present. The list includes most of the calls to the NFS mountd/nfsd daemons and the NIS daemons securelib Added 2001-10-22 The securelib package by William LeFebvre. Provides a replacement shared library from SunOS 4.1.x systems that offers new versions of the accept, recvfrom, and recvmsg networking system calls. These calls are compatible with the originals, except that they check the address of the machine initiating the connection to make sure it is allowed to connect, based on the contents of the configuration file. The advantage of this approach is that it can be installed without recompiling any software. SRA (Secure RPC Authentication for TELNET and FTP) Added 2001-10-22 This package provides drop in replacements for telnet and ftp client and server programs, which use Secure RPC code to provide encrypted authentication across the network, so that plaintext passwords are not used. These programs require no external keyserver or ticket server and work equally well for local or internet wide connections. IP Firewall Accounting (IPFA) Added 2001-10-22 IP Firewall Accounting (IPFA) is software designed to reside on a Linux gateway box doing IP accounting and IP filtering. IPFA can do Virtual DMZ Setting, per-ip accounting, free IP setting, user management, per-month, per-day, and per-minute logging, MAC-IP binding, firewall rule setting, online user monitoring, and more. Browse by category |
|
|
Privacy Statement |
