It was wrong for us to do this without permission and, instead, we should have found a sympathetic professor to arrange for us to get legitimate access. One of us (not the three named above) was arrested, spent a night in jail, and had to fight to avoid conviction due to our activities. This was my only less than white hat activity.
What are your favourite security tools and why?
IP Chains/IP Tables
This is the "Killer App" that allowed Linux to be a good Enterprise-class firewall. I find it far easier to configure than Cisco's Pix, cheaper, and more versatile; IP Tables offers all of the features that most organizations need.
I wrote 60 pages on IP Tables in RWLS 2/e that includes "Tips and Techniques" for easy rule set creation and debugging, a detailed comparison of IP Tables with IP Chains, and complete IP Tables scripts for SOHO and medium organizations that want a DMZ.
Logcheck (my enhanced version)
Logcheck takes the tedium out of properly checking your systems' log files for attacks and illness. I find it better than other tools, such as LogWatch, that either do not catch enough problems or do not discard unimportant events. I recommend that anyone running LogWatch immediately replace it with Logcheck.
My enhancements including fitting each IP Chains/IP Tables entry on a single line, being able to page the System Administrator for major problems, and not repeating "Attack" entries in the "Violations" section and not repeating "Violation" entries in the "Unusual" section. This encourages one to read all sections, knowing that it does not contain repeated data.
This version is on the CD-ROM that comes with the book and has been submitted back to Logcheck's original author.
My own Adaptive Firewall
It runs on top of IP Chains/Tables ("The Cracker Trap"). It locks an attacking system out of one's network within a fraction of a second.
Fyodor's wonderful tool allows a thorough analysis of a firewall, network, or system very quickly and easily. Both SysAdmins and crackers use it daily. I even use it to see if an e-commerce site has made an effort to harden its server before I trust it with my credit card number.
Arpwatch (my enhanced version)
This wonderful tool allows the SysAdmin to know when someone connects a new system to the network or changes the IP address of an existing system within seconds. This is critical to ensure that users do not install "rogue" systems without authorization.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.