Disclaimer:

These links are provided as a free service to those seeking commercial information security products or shareware tools. The fact that a product is listed here is not an indication that Timberline Technologies LLC has evaluated it nor that we recommend it. The descriptive text is generally taken from the vendor's own product literature. The buyer has the ultimate responsibility to ensure that the information security product is suitable for its intended use. Please follow the links to the vendor pages to obtain more detailed information on a particular product. Additional guidance on product selection can be found in the On-Site Security Workshops.

Vendors Please Note: If your product does not appear in this index or if you feel that it has been incorrectly categorized please contact webmaster@timberlinetechnologies.com and the error will be corrected.

Important Note to Surfers: Timberline Technologies takes strict precautions to provide "safe" links. We will not knowingly provide a link to a site with dangerous active content or questionable privacy policies. Nevertheless, we can not guarantee the safety of all links provided. Those who are concerned about browsing securely are advised to use the facilities of BeHidden, safeWeb, Anonymizer or similar service.

Product Name	Description
AnaDisk (Sydex)	Search, analyze and copy almost any kind of diskette without regard to type or format. Edit diskette data sector by sector or perform a diagnostic read of a specified diskette track. "Dump" data from a selected range of tracks into a DOS file so that you can examine and manipulate data from non-DOS diskettes. A date- and time-stamped Audit Trail maintains a record of all AnaDisk (LE) operations during a session.
AuditTrack for Netware (WebTrends)	A NetWare Loadable Module (NLM) that installs within minutes on any Novell 3.x, 4.x or 5.0 server. AuditTrack monitors activity at the server and provides complete auditing and reporting functionality that captures all server.
Authd (CERIAS)	Free authentication server daemon software. Makes it easier to trace attackers.
BlackICE Defender (NetworkICE)	A sophisticated application that is designed to run on every PC in your extended enterprise, detecting and protecting your most valuable asset - information.  BlackICE silently monitors communications between your computer and the network.   When suspicious activity occurs, BlackICE immediately springs into action defending your computer, your data, and your business.
bv-LifeLine (BindView Development)	Designed with your worst nightmare in mind. Every aspect of the bv-LifeLine architecture assumes that every other system will fail. If a bv-LifeLine server goes down, the High Availability solution switches to a redundant server.  Not a single notification loses precious time in the escalation, notification, and response process.
Check Point RealSecure (Check Point Software Technologies)	Unobtrusively analyzes packets of information as they travel across your enterprise network. It recognizes a wide variety of traffic patterns that indicate hostile activity or misuse of network resources, including network attacks and malicious Java™ and ActiveX™ applets. The RealSecure attack recognition engine immediately alerts network managers and administrators of any suspicious activity, logs the session, and can automatically terminate the connection. Events are classified and summarized in order of priority, enabling you to assess conditions at a glance. You can play back sessions at any time for further evaluation or for use as criminal evidence.
Cisco Secure IDS (Cicso Systems)	An enterprise-scale, real-time, intrusion detection system designed to detect, report, and terminate unauthorized activity throughout a network. The industry's first intrusion detection system, The Cisco Secure Intrusion Detection System is the dynamic security component of Cisco's end-to-end security product line.
Clog (CERIAS)	Free software that detects suspicious network activity.
CMDS Computer Misuse Detection System (Intrusion.com)	Automatically collects and analyzes data from your devices recognizing over 4,600 different alerts and events. CMDS Enterprise's Analysis Engine combines a powerful expert system and statistical profiling engine that can process gigabytes of event log data per day. Imagine not having to review your audit logs again.
CRCMd5 Data Validation Tool (New Technologies)	This program mathematically creates a unique signature for the contents of one, multiple or all files on a given storage device. Such signatures can be used to identify whether or not the contents of one or more computer files have changed. This tool relies upon 128 bit accuracy and can easily be run from a floppy diskette to benchmark the files on a specific storage device, e.g. floppy diskette, hard disk drive and/or zip disk. This tool can be used as the first step in the implementation of a configuration management policy. Such a policy and related system bench marking can aid computer specialists isolate problems and deal with computer incidents after they occur. The program is also used to document that computer evidence has not been altered or modified during computer evidence processing.
CyberCop Monitor NT (PGP)	Real-time detection agent with a multi-tiered monitoring architecture. Inbound network traffic is monitored along with system events and log file activities providing a single solution with twice the protection.
CyberCop Monitor Solaris (PGP)	System based IDS that has the ability to detect network reconnaissance stealth port scanning over many months, warning against even the most determined attacks. CyberCop Monitor's unique system based Intrusion Detection architecture provides both real-time packet analysis and system event analysis. Advanced security features include the detection and alerting of attacks destined not only to the system it is trying to protect, but also when that system is being used as a "jumping off point" to launch attacks against other network assets. Monitor's C2 auditing capabilities produce a more detailed audit report and can create audit logs by user, event and class to integrate with the Solaris Basic Security Mode (BSM) functionality. This capability enables powerful logging of events down to the system call level to counter even the most skillful system misuse.
CyberCop Scanner (PGP)	Allows you to quickly scan and evaluate multiple security scenarios that enable e-business using comprehensive "real-world" resolution data to fix these holes. CyberCop scanner offers a powerful architecture with comprehensive security data, together in a streamlined package that makes e-business security certain.
CyberCop Sting (PGP)	Provides an additional information-gathering device to combat snooping on your network. Found only on your network by running profiling techniques and attack tools, CyberCop Sting appears an enticing target to snoops that normal users would otherwise overlook. Whether the attacks come from inside or outside of your network, CyberCop Sting logs intrusive behavior using advanced analysis tools to collect and log evidence of attack source and techniques.
DesktopSentry (CERIAS)	Free software to allow a Windows NT web surfer to detect when a remote connection is attempted.
DiskSearch (New Technologies)	Used to quickly find and document the occurrence of strings of text stored on computer storage devices.
Dragon Sensor (Network Security Wizards)	Watches live network packets and looks for signs of computer crime, network attacks, network misuse and anomalies. When it observes an event, the Dragon Sensor can send pages, email messages, take action to stop the event and record it for future forensic analysis.
eTrust Internet Defense (Computer Associates)	Delivers state-of-the-art network protection including protection against the deployment and execution of Distributed Denial of Service attacks - an essential capability at a time when networks are susceptible to an increasingly sophisticated array of attacks. A truly comprehensive solution, eTrust Intrusion Detection includes an integrated anti-virus engine with automatic signature updates.
Firewall Reporting Suite (NetIQ)	WebTrends Firewall Reporting Solutions provide essential information about the activity around your firewall or firewall appliance in easy-to-interpret reports. IT managers, webmasters and security professionals can leverage these reports to assess the state of their network and eliminate security threats and network abuses before they arise.
ForensicToolkit (CERIAS)	Free anti-tampering software for Windows NT. The Forensic ToolKit contains several Win32 Command line tools that can help you examine the files on a NTFS disk partition for unauthorized activity.
Gabriel (Los Altos Technologies)	Free port scan detection software. As a public service, Los Altos Technologies, a provider of UNIX system security software, has developed and released Gabriel (TM), a SATAN detector. Gabriel gives the system administrator an early warning of possible network intrusions by detecting and identifying network probing. Gabriel is complete and ready to run. Los Altos Technologies is providing Gabriel to its customers and anyone else who wishes to use it at no charge. It is expected that any future updates, enhancements, and revisions will come from the users.
HP Openview Node Sentry (Hewlett-Packard)	Looks continuously for patterns of misuse. It examines packet headers and data looking for "attack" signatures. And when it finds violations, it raises alarms and removes the offender from the network. And it does so in a way that is transparent to authorized users. With HP OpenView Node Sentry, your network is protected from a wide range of denial of service attacks, webserver vulnerabilities, e-mail attacks, as well as security policy violations.
HP-Tcpdump (CERIAS)	Free packet sniffing tool.
ICEcap (NetworkICE)	Complete security management solution. Features: ICEcap management console centralizes information from BlackICE and ICEscan agents distributed on your network. Review suspicious events across your entire network to spot trends or scans from outsiders. Sophisticated web page user-interface requires no special client-side application installation, only a standard web browser. ICEcap includes its own, secure web server. The ICEcap web services do not interfere with other web services. Generate standard reports or create custom reports to meet your needs.  Powerful device targeting feature allows you to define areas of your network regardless of subnet or location. Flexible policy editor allows you to establish alert priorities and thresholds for reporting and analyzing attacks and vulnerabilities. Fully automatic and customizable pager or e-mail alerts. Automatically propagate defense alerts to BlackICE agents preventing hackers from attacking other systems. Integrates with Microsoft SQL Server 6.5 - 7.0 or Microsoft Access. Open database source allows you to develop your own applications or reports to retrieve information from the ICEcap database. Create multiple reporting accounts to categorize areas of your network for isolated reporting and analysis.
ICEpac (NetworkICE)	Comprehensive suite of Network ICE products.  ICEpac is ideal for any network large or small that needs complete intrusion detection and protection. ICEpac includes the following products: BlackICE Pro: Intrusion detection, monitoring and protection for network workstations. BlackICE Sentry: Intrusion detection and monitoring for non-Windows based systems. ICEcap: Management and information console providing enterprise-wide view of network security. InstallPac: Automatically "pushes" a silent copy of BlackICE Pro on to any Windows-based system on your network.
iD2 Secure Transport (iD2 Technologies)	Allows an organisation to monitor user activity on a local network. With the software installed on a customer or employee PC, the user can be identified to the corporate network as they log-on and access applications and files. iD2 Secure Transport uses the standard client authentication procedure in the SSL protocol.
Ifstatus (CERIAS)	Free interface status monitoring software. Ifstatus checks all network interfaces on the system, and reports any that are in debug or promiscuous mode, which may be a sign of unauthorized access to the system.
Incident Manager (Strohl Systems)	Organizes all essential recovery details electronically and is designed to help you manage your recovery more effectively by replacing chalkboards, grease boards, flipcharts, and paper updates. You can also use Incident Manager to test the viability of your plans and make necessary adjustments prior to a real-life business disruption. to test the viability of your plans and make necessary adjustments prior to a real-life business disruption.
IP-Watcher (En Garde Systems)	A network security and administration tool which gives the user the ability to monitor and control any login session on his or her network. This makes IP-Watcher an extremely valuable tool for investigating suspicious activity, obtaining evidence of misuse, and even for stopping malicious users before they do any damage.
Kane Security Monitor (Intrusion.com)	A 24-hour burglar alarm for Windows NT. The KSM continuously reviews and analyzes NT security event logs on hundreds of NT servers and workstations. Using artificial intelligence, the KSM spots obvious violations, such as multiple login failures and can also determine more subtle irregularities in user behavior that can indicate a masquerading user or other potential troublemaker. The KSM alerts the security administrator in real-time via audible alarm, email, pager or other interactive technology.
Klaxon (CERIAS)	Free software to detect port scanner attacks.
LSOF (CERIAS)	Free software to list open files on a UNIX system.
Lucent RealSecure (Lucent Technologies)	Unobtrusively monitors network traffic and responds to suspicious activity instantly—before your network is compromised. Key Benefits: Intercepts and responds to security breaches, from outside or inside the network, before the network is compromised. Terminates, logs or records unauthorized or suspicious activity, and alerts administrators immediately via email, direct page, syslog, SNMP trap, or console message. Recognizes Windows network, email, Web, probing, denial of service and popular service attacks, as well as, FTP exploits and unauthorized network traffic.
Netlog (CERIAS)	Free tool for locating suspicious network traffic, developed at Texas A&M University.
Network Flight Recorder (Network Flight Recorder)	Captures several types of in-flight network activity. May be used for intrusion detection or computer forensics.
Patriot IDS (Patriot Technologies)	Real-time network attack recognition and response system. Designed for maximum intrusion detection performance, superior security, and turnkey operations, Patriot’s IDS provides the ultimate intrusion detection appliance. Powered by the "best of breed" Intel components and Internet Security Systems’ RealSecure software, Patriot’s IDS offers the highest level of protection for your network. The Patriot IDS consists of two components: the Network IDS Console, and the Network IDS Engines.
Peek & Spy (Networking Dynamics)	PEEK & SPY lets a privileged user see exactly what is on another user's terminal and then permits him to either take control of that terminal to fix the problem from his own or let the user have control while he gives any needed instructions. If the PEEK & SPY user chooses to fix it himself, his input can be displayed on the user's screen to show him/her how it was fixed. Now system managers can solve user problems (especially remote ones) without having to go to the user to solve them. Where PEEK informs users they are being watched, SPY doesn't. In addition, SPY gives system managers documented proof of security breaches and provides a tool to lock out unauthorized users.
QRadar (Q1Labs)	QRadar is a Network Security Management platform that combines flow-based network knowledge, security event correlation and asset-based vulnerability assessment. QRadar cuts through the clutter of multiple point products to find, isolate, prioritize and fix offenses before they affect the business. QRadar Network Security Management is the command-and-control center you need for true enterprise security.
RealSecure (ISS)	Integrated network- and host-based intrusion detection and response system. This maximum level of around-the-clock surveillance extends unobtrusively across the enterprise, allowing administrators to automatically monitor network traffic and host logs, detect and respond to suspicious activity, and intercept and respond to internal or external host and network abuse before systems are compromised.
Review (CERIAS)	Free software used to examine tcpdump packet logs.
SafeBack (Sydex)	Create mirror-image backup files of hard disks or make a mirror-image copy of an entire hard disk or partition. Backup image files can be written to any writable magnetic storage device, including SCSI tape backup units. SafeBack preserves all the data on a backed-up or copied hard disk, including inactive or "deleted" data. Cyclical redundancy checksums (CRCs) distributed throughout the backup process enforce the integrity of backup copies. Backup image files can be restored to another system's hard disk. Remote operation via parallel port connection allows the hard disk on a remote PC to be read or written by the master system. A date- and time-stamped audit trail maintains a record of SafeBack operations during a session.
Security Management Pack for MOM 2000 (NetIQ)	For companies implementing Microsoft Operations Manager 2000 (MOM) as their core system for monitoring Windows events and system performance and automating response actions, NetIQ provides an integrated security management solution. NetIQ's Security Management Pack for MOM (SMP for MOM) extends the MOM architecture and functionality, allowing you to react to security events in real-time to protect critical systems and data.
Security Manager (NetIQ)	NetIQ's Security Manager provides an advanced, central security console for real-time security event monitoring and automated response, host-based intrusion detection, event log consolidation, and security configuration management.
Sentry (CERIAS)	Free port scanning detection software.
SilentRunner (SilentRunner)	Network security solution specifically designed to address the insider threat. A passive network discovery LAN engine, consisting of ten major modules, permits the user to view in real-time network topology and activity levels, display individual terminal activity, create and execute Boolean logic alerts and sort and process network data for further detailed visualization and analysis.
SMARTWatch (WetStone Technologies)	Actively monitors a Windows computer system. With SMART Watch, changes to watched resources are detected and reported instantly. While other change detection techniques are based on polling, or must be integrated into the system's scheduler, SMART Watch's self contained, silent operation actually wakes up when a change in the file system is detected. These operating system level changes tell SMART Watch when to verify if a resource is still intact. If a resource has changed or been deleted, SMART Watch can respond within milliseconds. In the case of a file modification or deletion, SMART Watch can actually restore the content of that file immediately! SMART Watch is not just a change detection tool.
Snort (Snort)	Freeware lightweight network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks.
Strata Guard (StillSecure)	Strata Guard™ is an award-winning family of network-based intrusion detection/prevention systems (IPS/IDS) that provide real-time, zero-day protection from network attacks and malicious traffic. With four different models and two deployment options, Strata Guard protects your enterprise from the network perimeter to the core, including remote and internal segments
Tcpdump (CERIAS)	Free Internet trace capability software.
Tcp_wrappers (CERIAS)	Free intrusion detection software. With this package you can monitor and filter incoming requests for the SYSTAT, FINGER, FTP, TELNET, RLOGIN, RSH, EXEC, TFTP, TALK, and other network services.
Tklogger (CERIAS)	Free log monitoring software. This is a program that watches log files for certain events and displays them according to certain simple rules in a priority or a normal window.
Tocsin (CERIAS)	Free port-scanning detection software.
Tripwire (Tripwire Security Systems)	Used to build infrastructures of trust in organizations needing assurance that unintentional changes or an unauthorized party has not compromised their critical systems. Tripwire's proven Integrity Assessment (IA) technology gives users the confidence that their systems are the same today as they were yesterday.
T-sight (En Garde Systems)	Manual intrusion detection system. Based on the fact that an intruder must establish connections with other computers to accomplish his or her goal. These connections are an intruder's footprints, and the best way to catch the intruder is to have an advanced visualization of those footprints. With T-sight, you are able to monitor all your network connections (i.e. traffic) in real time and can observe not only when suspicious activity takes place, but the composition of that activity.
TTY-Watcher (CERIAS)	Free user monitoring software.
Vanguard Enforcer (Vanguard Integrity Professionals)	Monitors the security systems and facilities that protect critical data and other resources on your mainframe 24 hours a day seven days a week. Enforcer makes certain that the standards, policies, rules and settings defined by your security experts are in force and stay in force. With Vanguard Enforcer, you will never have to wonder whether the security implementation on your mainframe is protecting your critical resources effectively. This technology ensures that security on your mainframe systems continuously adheres to "best practices" standards and your own security policies.
ViewDisk (Sydex)	Find hidden or deleted data on computer diskettes regardless of format. ViewDisk analyzes diskettes for content and consistency, checking for instances where a file extension may not be consistent with actual file type. Search any diskette by user-defined values, print data on a physical sector or file basis, and copy almost any kind of diskette without regard to format or type. To guard against accidental tampering with data, ViewDisk requires that scanned diskettes be write-protected. A date- and time-stamped Audit Trail maintains a record of all ViewDisk operations during a session.

© 2005 by Timberline Technologies LLC