Firewalls: ANNOUNCE: TAMU Security Tools Package

Firewalls
(April 1993)

Indexed By Thread: [Previous] [Next]

Subject:	ANNOUNCE: TAMU Security Tools Package
From:	Douglas Lee Schales <drawbridge @ sc . tamu . edu>
Date:	Thu, 22 Apr 1993 16:59:48 -0500
To:	firewalls @ GreatCircle . COM

              Texas A&M Network Security Package Overview
                    BETA Release 1.0 -- 4/16/93

	                   Dave Safford
	                   Doug Schales
	                    Dave Hess

DESCRIPTION:

Last August, Texas A&M University UNIX computers came under extensive
attack from a coordinated group of internet crackers.  This package of 
security tools represents the results of over seven months of development
and testing of the software we have been using to protect our estimated
twelve thousand internet connected devices.  This package includes
three coordinated sets of tools: "drawbridge", an exceptionally powerful
bridging filter package; "tiger", a set of convenient yet thorough
machine checking programs; and "netlog", a set of intrusion detection
network monitoring programs.  While these programs have undergone
extensive testing and modification in use here, we consider this to
be a beta test release, as they have not had external review, and
the documentation is still very preliminary.

KEY FEATURES:

For full technical details on the products, see their individual README's,
but here are some highlights to wet your appetite:

	DRAWBRIDGE:
		- inexpensive (pc with SMC/WD 8013 cards)
		- high level filter language and compiler
		- powerful filtering parameters
		- DES authenticated remote filter management
		- O(1) table lookup processing for full ethernet
		  bandwidth processing, even with dense class B net
		  filter specifications.	
	TIGER:
		- checks key binaries against cryptographic
		  checksums from original distribution files
		- checks for critical security patches
		- checks for known intrusion signatures
		- checks all critical configuration files
		- will run on most UNIX systems, and has tailored
		  components for SunOS, Next, SVR4, Unicos.
	NETLOG:
		- efficiently logs all tcp/udp establishment attempts
		- powerful query tool for analyzing connection logs
		- "intelligent" intrusion detection program

AVAILABILITY:

This package is available via anonymous ftp in 
	sc.tamu.edu:pub/security/TAMU
Note that there are some distribution limitations, such as the inability
to export (outside the US) the DES libraries used in drawbridge; see the
respective tool readme's for details of any restrictions.

CONTACT:

Comments and questions are most welcome. Please address them to:
	drawbridge @
 sc .
 tamu .
 edu

Indexed By Date	Previous:	Re: DNS over TCP From: Alexander Dupuy <dupuy @ hudson . cs . columbia . edu>
Indexed By Date	Next:	Forwarded CERT ADVISORY - Cisco Router Packet Handling Vulnerability From: Brent Chapman <brent @ GreatCircle . COM>
Indexed By Thread	Previous:	Re: Firewall protection software - TermServer? From: dand @ qstar . com (Dan Dunn)
Indexed By Thread	Next:	Forwarded CERT ADVISORY - Cisco Router Packet Handling Vulnerability From: Brent Chapman <brent @ GreatCircle . COM>