Product SiteDocumentation Site

Capítulo 8. Herramientas de seguridad en Debian

8.1. Herramientas de evaluación de vulnerabilidades remotas.
8.2. Herramientas de escáner de red
8.3. Auditorías internas
8.4. Auditorías de código fuente
8.5. Redes virtuales privadas
8.5.1. Point to Point tunneling
8.6. Infraestructura de clave pública (ICP).
8.7. SSL Infrastructure
8.8. Herramientas antivirus
8.9. GPG agent
ARRÉGLAME: Se necesita más contenido.
Debian provides also a number of security tools that can make a Debian box suited for security purposes. These purposes include protection of information systems through firewalls (either packet or application-level), intrusion detection (both network and host based), vulnerability assessment, antivirus, private networks, etc.
Since Debian 3.0 (woody), the distribution features cryptographic software integrated into the main distribution. OpenSSH and GNU Privacy Guard are included in the default install, and strong encryption is now present in web browsers and web servers, databases, and so forth. Further integration of cryptography is planned for future releases. This software, due to export restrictions in the US, was not distributed along with the main distribution but included only in non-US sites.

8.1. Herramientas de evaluación de vulnerabilidades remotas.

The tools provided by Debian to perform remote vulnerability assessment are: [54]
  • nessus
  • raccess
  • nikto (whisker's replacement)
De lejos, la herramienta más completa y actualizada es nessus, que se compone de un cliente (nessus), que es el IGU, y un servidor (nessusd), el cual lanza los ataques programados. Nessus incluye vulnerabilidades remotas para un amplio número de sistemas incluyendo aplicaciones de red, servidores ftp, servidores www, etc. Los últimos accesorios de seguridad son capaces de analizar un sitio web y tratar de descubrir, de las páginas interactivas disponibles, las que se podrían atacar. También hay clientes Java y para Win32 (no se incluyen en Debian) que se pueden usar para conectar con el servidor.
nikto is a web-only vulnerability assessment scanner including anti-IDS tactics (most of which are not anti-IDS anymore). It is one of the best cgi-scanners available, being able to detect a WWW server and launch only a given set of attacks against it. The database used for scanning can be easily modified to provide for new information.

[54] Some of them are provided when installing the harden-remoteaudit package.