Cal Poly Pomona

    Enterprise Computing      

 

Cal Poly Pomona                    Phone: (909) 869-7659

3801 West Temple Avenue      Submitted By: Daniel Formel

Pomona, California 91768   

                                                    

Title V Project

Foundstone Security Tools

 

Abstract

This report includes an evaluation of useful security tools found on the Foundstone website http://www.foundstone.com/knowledge/free_tools.html. Only the tools that are relevant to the integrity of Cal Poly Pomona’s network are listed in this evaluation. They are all free and available for download.

 

Foundstone Tools

 

1.    Vision v1.0

Vision, a host based forensic utility is the GUI successor to the well-known freeware tool, Fport. It can show all of the open TCP and UDP ports on a machine, display the service that is active on each port, and map the ports to their respective applications.

 

Vision is also able to provide other useful system information such as applications, processes, and services running on the system as well as their respective executable path. It also displays a list of all device drivers in use.

 

This tool would be useful to evaluate the status of a single system. It can be used to detect the presence of a malicious applications and unnecessary open ports.

 

Requirements

NT 4/ Win 2000
NT 4 needs psapi.dll
800x600 res. minimum
256 colors min
32MB

 

Link

http://www.foundstone.com/resources/proddesc/vision.htm

 

2.    Filewatch v1.0

This utility is used to monitor a given file to detect when any changes are made to the file. When a change is made to the file an alarm is activated, and any program can be executed when the alarm is activated. This would be useful to monitor firewall logs to detect any changes, but it can be used for any file.

 

 

Filewatch can be useful to monitor file changes, but it is not consistent in detecting file changes. Sometimes changes are not detected that were detected before, and small changes (adding one character) are also not detected.

 

Link

http://www.foundstone.com/resources/proddesc/filewatch.htm

3.    Attacker v3.0

This program is a TCP/UDP port listener. You provide a list of ports to listen on and the program will notify you when a connection or data arrives at the port(s). It is not meant to stop intruders, but it is meant to monitor attempted probes to your computer and offer information on the source of the probe.

 

 

Link

http://www.foundstone.com/resources/proddesc/attacker.htm