IPSEC is mostly used to create secure channels between computers, however in Windows 2000 and above IPSEC can also be used to create firewall like rules so long as IPSEC security options are not enabled. (a basic knowledge of TCP/IP is needed to use this tool.)
The following article explains how to use this with Windows 2000. IPSEC filter rules are setup the same way in XP.
EDIT This page comes up really slow sometimes, so you'll need to be patience.
The next set of tools really require that you know TCP/IP in order to get the most out of them. Still even with just some basic knowledge you should be able to understand their output. Most of these tools (except Nessus) come in both a Linux and Windows version. Of course, I prefer the Linux versions. These tools can be "hosted" on any computer on your network, since they look at all network traffic.
Snort is a free Intrusion Detection System that has many uses. But I use it only as an IDS. It can be found here: Linux or Windows. Be sure to pick up the needed extra files and rule sets, links are provide on Snort's download page. Also be sure to read the "trojan" warning on the Linux version's download page.
Snort will monitor your network traffic and alert you to "hacker" type traffic. Be warned that it does give out a lot of false positives (Alarms) Which is where the knowledge of TCP/IP comes in handy. (you'll need it to read the packet dumps or create your own snort rules.)
Windump (or tcpdump for Linux) will record all your network traffic. It's a command line tool that isn't easy to read. but if you think you have a trojan on your system. You can fire this up and capture all traffic to and from the infected computer. The file it creates can then be read in any text editor or in Ethereal. (Ethereal has the abilty to follow some network conversations and show you the actual keystrokes typed at the other end. Ethereal can also read Snort "TCPDUMP" format files.)
The last tool is Nessus, which runs only on Linux. (The Nesssus "server" runs only on linux. There is a Windows "client", but without the server it's useless. ) Nessus is a vulnerability scanner that can scan a system for trojans and other security problems. Of all the tools I listed this one requires the least amount of TCP/IP know how. Just pick what you want to look for, what computer you want to look for it on,and let it rip.
It takes some time to get use to how these tools work and how to use 'em best. But if your really interested you might find them fun to play with. (besides their free) There are many more tools then the ones I listed here, but they aren't for the faint of heart.
Last edited by Ghost_Hacker; 11-23-2002 at 07:41 AM.
Ferengi Rules of Acquistion:
Rule # 47 Don't trust a man wearing a better suit than your own.