MacAnalysis (Security Auditing) Developer: Lagoon Software New Mac OS X version of MacAnalysis 2.2.4 MacAnalysis is a security auditing suite for your Macintosh to perform and help implement a security standard for your computer/network by performing a full security check of network protocols, open services, port scans, vulnerable CGI scripts and much more. There has never been such a complete package to help maintain a secure network by running security audits for the MacOS! This will scan your Macintosh, Unix, Windows, and Hardware for any vulnerable security holes! (click to enlarge) What is security auditing? Quick and simple, security auditing is the act of testing the security to see how it stands up to potential intruders. SecureMac.com has always preached that to understand how to secure your computers better you must understand a little about hacking. Try to hack your own computers before the hackers do. With MacAnalysis you can test your computers to see how well they are secured or how easily they are hackable (: By running MacAnalysis it will determine potential holes in the computer and with the results you may upgrade and fix the problem with the suggested solutions, if you are unsure of the procedure to do so you may contact your system administrator or other network/computer experts. You will see below is the results of one of our scans to a remote host (note this host is not SecureMac.com so you do not need to run the tests against our servers!! ) STEP 4: Services/Protocols Holes S_TELNET:23 is active (Risk: Low) Resume: Uses insecure plaintext password authentication. Vulnerable to brute-force password guessing Fix: Use a tcp wrapper and compile a hosts.allow and hosts.deny file. S_BIND:53 is active (Risk: Very High) Resume: Your server respond to an IQUERY and NXT request, this vulnerability can lead to a root compromise Fix: Restrict access to 53/tcp to local clients and nameservers.Restrict incoming traffic to nameservers to your local network. S_LCONF:98 is active (Risk: High) Resume: Several vulnerabilities exist in the linuxconf server Fix: Disable the service or use a tcp wrapper and compile a hosts.allow and hosts.deny file. S_WEB:80 is active (Risk: Very High) Version: Apache 1.3.12 Info: Root Directory Disclosure Access Vulnerability Resume: By performing a range of //// character, an attacker can lists directory contents. S_IMAP:143 is active (RISK: Very High) Resume: Vulnerable to a buffer overflows that can lead to a root compromise. Uses insecure plaintext password authentication. Fix: Upgrade to the lastest version, or disable the service. S_RLOGIN:513 is active (Risk: High) Resume: Vulnerable to .rhost, sniffing and brute force attacks. Fix: Disable the service. In some situations you will notice that even though MacAnalysis reports that you have a particular hole open it may not be vulnerable. MacAnalysis includes the feature to investigate particular vulnerabilities. By clicking on the "Tools" menu and going down to "Security Browser" you will be able to investigate and check further if your computer will actually give out any information that a hacker could use. The screenshot below pictures the Security Browser window running a security scan on SecureMac.com, the results show that the hole is NOT active and I do not have anything to worry about. It is ideal to use the Security Browser window when checking for a particular program/port/service that might fall vulnerable. If SecureMac.com were to run nsf then the results could be very risky! We have many servers we keep tabs on to make sure they are not susceptible to hacks or attacks. MacAnalysis has the feature to scan multiple servers and remember the addresses for future use. Many many security auditing features we can't even cover in the review including brute forcing services to find vulnerable or easy crackable passwords! MacAnalysis also includes a plethora of network information tools built in. . NSLookup . TraceIP . Whois . Ping . NameScan . Finger . PortScan . Reverse IP . Service Scan    . Broadcast scan     . System Information The image shown is a broadcast scan in progress. We will scan a network to see if it has any open broadcast addresses. Broadcast addresses can be used by hackers to cause denial of service or DoS attacks against your network. Now you can research your own network/computers to make sure that your computer can't be used in a DoS attack against other networks. Network seem a little lagged? Someone might be packeting your network with ICMP packets which can cause your computer to lag offline or even crash! Keeping this utility open will help you solve the question if you are being attacked. Don't sweat if it picks up a ICMP packet once in a while, those are common, but if it lights up for a long period of time add the ip address that it shows to your firewall if you find it appropiate (: Updates: Keeping up with all the updates and hacks can be time consuming, we still suggest you read all the security digests and bugtraq! MacAnalysis has the feature to update the vulnerability database on the fly by clicking on one button! You will soon have all the latest security additions for MacAnalysis. Did you know MacAnalysis currently checks for over 1000 vulnerabilities? Lagoon-Software says they add new vulnerability listings often to their database and to keep on updating! We have a computer dedicated to running security assessment tests for our networks. MacAnalysis has the option to loop the tests to they are constantly running. The logs of course are nice. One of the features that tickles me is the way it can contact you with the results. Phones now a days except e-mail and other sorts of ways to contact. MacAnalysis will contact you by email, beeping or SMS (mobile phone) so you will always know what is going on with your computers! Mac OS X Special Features screenshots here - Firewall MacAnalysis for Mac OS X offers you everything you have been waiting from a Classic Firewall, and even more. it instantly enables you to prevent attacks which are intended to you by showing a security alert report. It also allows you to block specific protocols linked to Unix/NT/Mac Servers, Trojan, DOS attacks,etc. The Firewall Detector runs a TCP/IP stacks monitoring's system, allowing an optimal recognition of the attack intented to you. For example, MacAnalysis can detect if one person makes a traceroute towards you, sends fragmented packets in order to trick your system's security, performs DoS attacks, exploits trojan virus via a backdoor etc. - Visual Traceroute Basically, it's a common traceroute function, but it has a fabulous look and style to help understand where the connections are from;it traces the path took by packets between 2 hosts by drawing lines on a world map. - General Info MacAnalysis Mac OS X will show you general information from netstat, login, traffic reports and more giving you access to tons of information with a single click. Rating: Now that you see how important this file is to you, feel free to download the time limited version. You may register online in seconds. Downloads: MacAnalysis 2.1b PPC - Download Now! MacAnalysis 2.1b PPC - SecureMac Mirror OS X Version Here! MacAnalysis 2.2.4 X [macanalysis.com] MacAnalysis 2.2.4 X [securemac.com] What Is New In MacAnalysis - Fixed a major bug in MacAnalysis's launch. - Apple Airport are now supported - Added "Hide/Show" Main Window - Added "Auto Update". - Added "Content Filter". It watchs outgoing data and prevents unauthorized export of private info. - Improved "News" fetcher. Added date. - Improved the stop's list of the Firewall. - Features added, bug fixed, reliability improved. - Added latest exploits, vulnerabilities. Registering Online! To utilize the program to its fullest we suggest registering and it includes free updates. $50.00 US / 350 France Register online securely through yaskifo - Register Now! FEEDBACK TIME! Make sure you tell SecureMac.com what you thought about MacAnalysis, we might post your opinions, and we will be sure to let the authors know how you feel or what you want changed! Enter Email Address: Enter your message: Select Either of These Two Buttons Interactive Feedback Could not connect