Home Project Overview About the Project Executive Summary Conference Handouts & Slides Press Releases For Superintendents & Policy Makers For Technology Leaders Security Updates & Articles Online Security for Students Share Your Story Free Newsletter Contact Us Join CoSN Blogs and Podcast
Navigation Bar
Keep In Touch

Just fill out the form below, and we'll contact you whenever new information, case studies and best practices are posted to the site!








Please send me more information about becoming a CoSN Member

 
For Technology Leaders
 

Additional Resources

Resources are organized in the same order as the Security Rubric and Planning Grid.

For a quick view of security topics, see the Planning Grid Index. 		Security Tools and Resources
  OCTAVE - Risk Methodology K12 Survey
  Security strategy, and management
  Security auditing and network tools
  Links to Organizations
  Security strategy, management, and policy
  Technical information on security issues
  User-oriented security awareness and training

 

OCTAVE®

OCTAVE® (Operationally Critical Threat, Asset, and Vulnerability Evaluation) is a rigorous and comprehensive risk management and security planning methodology developed by Carnegie Mellon University. Designed to authoratatively handle complex security challenges facing large corporations, the OCTAVE framework can be used in K-12 environments. The downloadable document Risk Methodology K-12 provides a detailed OCTAVE-based approach for K-12 schools. It was written by Carol Woody, Ph.D, Senior Technical Staff, Software Engineering Institute, Carnegie Mellon University.

 

Security Tools and Resources

Audience: Tech x x Audience:Policy, Planning
Ref Type Purpose Resource     Notes
Management Issues
A 10 General Resource Clearinghouse SANS Security Reading Room x x Over a thousand security white papers in 67 different categories
A 10 General Resource Security Protocol OCTAVE® x x OCTAVE® (Operationally Critical Threat, Asset, and Vulnerability EvaluationSM) is a rigorous and comprehensive risk management and security planning methodology developed by Carnegie Mellon University. Designed to authoritatively handle complex security challenges facing large corporations, OCTAVE has been scaled to meet the particular needs of K-12 districts by Carol Woody. OCTAVE remains a compelling framework for detailed investigation into many aspects of risk management and best practices on all security issues.
A 10 General Resource Clearinghouse VA SCAN x x Virginia Alliance for Secure Computing and Networking: a Higher Education clearinghouse for security tools, security checklist, best practices.
A 33 Network Auditing Risk Assessment Risk Methodology K-12   x Based on Carnegie Mellon University's OCTAVE®, Carol Woody's Risk Methodology K-12 Survey Worksheets can be used to establish a comprehensive understanding of a school district's current level of security preparedness.
Audience: Tech x x Audience:Policy, Planning
Ref Type Purpose Resource     Notes
Technology
B 12 Network Auditing Firewall filter rule mapper Firewalk x   Firewalking is a technique that employs traceroute-like techniques to analyze IP packet responses to determine gateway ACL filters and map networks. Firewalk the tool employs the technique to determine the filter rules in place on a packet forwarding device.
B 12 Network Auditing Firewall filter rule mapper fwAnalog x    
B 12 Network Auditing Firewall filter rule mapper Firewall Builder x   Firewall Builder is multi-platform, vendor-neutral firewall configuration and management tool. It consists of a GUI and set of policy compilers for various firewall platforms. Firewall Builder uses object-oriented approach, it helps administrator maintain a database of network objects and allows policy editing using simple drag-and-drop operations. Firewall Builder currently supports iptables, ipfilter, OpenBSD PF and Cisco PIX.
B 12 Network Auditing IDS and general purpose sniffer Snort x   General purpose intrusion detection
B 12 Network Auditing Intrusion Detection DeepSight Analyzer x   Symantec's DeepSight Analyzer distills firewall or intrusion detection activity. DeepSight Extractor is typically configured on your system to upload your firewall or intrusion detection system data to the DeepSight Analyzer servers. You will then be able to log into the DeepSight Analyzer website to view your statistics as well generate reports based on your uploaded data.
B 12 Network Auditing Intrusion Detection NetFilter x   What can I do with netfilter/iptables? Build internet firewalls based on stateless and stateful packet filtering Use NAT and masquerading for sharing internet access if you don't have enough public IP addresses. Use NAT to implement transparent proxies. Aid the tc and iproute2 systems used to build sophisticated QoS and policy routers.Do further packet manipulation (mangling) like altering the TOS/DSCP/ECN bits of the IP header.
B 12 Network Auditing Network Protocol Analyzer Ethereal x   Ethereal is a free network protocol analyzer for Unix and Windows. It allows users to examine data from a live network or from a capture file on disk. It can interactively browse the capture data, viewing summary and detail information for each packet. Ethereal has several powerful features, including a rich display filter language and the ability to view the reconstructed stream of a TCP session and parse an 802.11 packet.
B 12 Network Auditing Wireless sniffer AirSnort x   AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys.
B 12 Network Auditing Wireless sniffer AirTraf x   AirTraf is a wireless 802.11 network sniffer.
B 12 Network Auditing Wireless sniffer Kismet x   Kismet wireless network sniffer site
B 12 Network Auditing Wireless sniffer Mognet x   Mognet is a free, open source wireless Ethernet sniffer/analyzer written in Java.
B 12 Network Auditing Wireless sniffer Netstumbler x   Netstumbler 802.11 discovery tool
B 12 Network Auditing Wireless sniffer Prismstumbler x   Prismstumbler is a wireless LAN (WLAN) that scans for beacon frames from access points. Prismstumbler operates by constantly switching channels and monitors any frames received on the currently selected channel.
B 12 Network Auditing Wireless sniffer Wavestumbler x   This is a link to the WaveStumbler wireless network mapping tool.
B 12 Network Auditing Wireless sniffer Dachb0den Labs x   Wireless BSD tools
B 52 Network Auditing Intrusion Detection EnteraSys Dragon Host Sensor x x "A host-based intrusion defense tool, Dragon Host Sensor [DHS] monitors individual systems and applications,[..] for evidence of malicious or suspicious activity in real time, and monitors key system logs for evidence of tampering. [DHS] also reports all information to the Security Information Management functionality within Dragon Management Server for real-time alerting, forensic and trend analysis."
B 52 Network Auditing Network auditing and penetration testing Dsniff x   Dsniff is a collection of tools for network auditing and penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). Arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). Sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKIs.
B 52 Network Auditing Network Monitoring OpenNMS     OpenNMS provides three main functional areas: 1- Service Polling: the system monitors services on the network and reports on their "service level". 2- Performance: data is collected from the remote systems via SNMP in order to measure the performance of the network. 3- Event Management and Notifications: OpenNMS includes a robust notification system, including escalations, that can be generated by network events.
B 52 Network Auditing Network Monitoring Sleuth Kit     The Sleuth Kit (previously known as TASK) is a collection of UNIX-based command line file system and media management forensic analysis tools. The file system tools allow you to examine file systems of a suspect computer in a non-intrusive fashion. Because the tools do not rely on the operating system to process the file systems, deleted and hidden content is shown.
B 52 Network Auditing Network Monitoring Ntop x   Ntop is a network traffic probe that shows the network usage, similar to what the popular top Unix command does. ntop is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform and on Win32 as well.
B 52 Network Auditing security and port scanner LANguard Network Scanner x   LANguard Network Scanner is a freeware security and port scanner to audit your network security. It scans entire networks and provides NetBIOS information for each computer such as hostname, shares, logged on user name. It does OS detection, password strength testing, detects registry issues and more. Reports are outputted in HTML.
B 52 Network Auditing Windows enumeration DumpSec x   DumpSec is a security auditing program for Microsoft Windows. It dumps the permissions (DACLs) and audit settings (SACLs) for the file system, registry, printers and shares in a concise, readable listbox format, so that holes in system security are readily apparent. DumpSec also dumps user, group, and replication information.
B 53 Network Auditing Firewall filter rule mapper Hping2 x   A network probing utility like "ping on steroids" [source: insecure.org]
While hping was mainly used as a security tool in the past, it can be used in many ways by people that don't care about security to test networks and hosts.
- Firewall testing
- Advanced traceroute, under all the supported protocols
- Remote OS fingerprinting
- Remote uptime guessing
- TCP/IP stacks auditing
B 54 Network Auditing File Integrity Checker Aide x   AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire. It does file integrity checking and supports a number a large number of Unix and Linux platforms.
B 54 Network Auditing File Integrity Checker LANGuard x   LANguard File Integrity Checker is a utility that provides intrusion detection by checking whether files have been changed, added or deleted on a Windows 2000/NT system.
B 54 Network Auditing File Integrity Checker Tripwire x   Tripwire monitors file changes, verifies integrity, and notifies the administrator of any violations of data on network hosts.
B 61 Desktop Mgt Configuration control Fortres CleanSlate     Clean Slate is designed to protect public access computers from malicious or inexperienced users. While not restricting users’ activities, Clean Slate will scour drives back to their original state upon reboot or log off.
B 61 Desktop Mgt Configuration control DriveShield - MacShield     With DriveShield or MacShield enabled, a simple reboot restores the computer back to its original configuration
B 61 Desktop Mgt Configuration control Deep Freeze     Deep Freeze protects and preserves original computer configurations. Completely invulnerable to hacking, Deep Freeze makes computing environments easier to manage and maintain. Each restart eradicates all changes and resets the computer to its original state.
B 61 Desktop Mgt Configuration control Drive Disabler x   Drive Disabler™ - In association with the Bill and Melinda Gates Foundation’s U.S. Library Program, Centurion Technologies, Inc. has developed Drive Disabler™. The Drive Disabler™ provides an effortless way to disable the CD-Rom, DVD, an additional hard drive or any other peripheral drive. Simply turn the switch on this patent pending devise to cut power to the drive or drives you wish to disable. You may disable up to 3 drives at any one time. Devices may include CD-ROMs, CD/WRs, DVDs, Hard Drives, LS-120s, Zip Drives, Magnetic Optical Drives, etc.
B 63 Desktop Mgt Spyware detection Spykiller x   Detect and eliminate spyware, adware, and Trojans.
B 63 Desktop Mgt Patch management Microsoft Software Update Services (SUS) x   Software Update Services 1.0 with Service Pack 1
for small-to medium networks, manage desktop OS patching by pointing each desktop to SUS server which is installed on a Win2000 or win2003 server. For larger networks use SUS feature pack that's part of Microsoft SMS package.
B 63 Desktop Mgt Patch management BigFix Enterprise Suite x    
B 63 Desktop Mgt Patch management Patchlink Update 4.0 x    
B 63 Desktop Mgt Patch management UpdateExpert 6.0 x    
B 63 Desktop Mgt Patch management HFNetChkPro x    
B 63 Desktop Mgt Patch management LANDesk Management Suite x   includes patch management
B 65 Network Auditing Password Cracker @stake LC 5
 x   LC™ 5 is the latest version of L0phtCrack™, the award-winning password auditing and recovery application used by thousands of companies worldwide.
B 65 Network Auditing Password Cracker Cain & Abel x   Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.
B 65 Network Auditing Password Cracker John the Ripper x   John the Ripper: A powerful, flexible, and fast multi-platform password hash cracker. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types most commonly found on various Unix flavors, as well as Kerberos AFS and Windows NT/2000/XP LM hashes.

 

  
A Leadership Initiative of CoSN