The security front has been fairly quiet over the last week, but I found several tools that might interest you. The first item is SnortSam, an open-source plugin and agent for Snort, a lightweight Intrusion Detection System (IDS) for Windows and UNIX systems. SnortSam offers automated IP address blocking in conjunction with Checkpoint Firewall-1, so you don't have to review Snort logs and manually enter new firewall rules. The tool consists of two components: a Snort plugin, which interacts with Snort's detection mechanism, and an agent that runs on the Firewall-1 system. SnortSam supports a "white list" of addresses that it will never block, time-driven rule-making, and support for several databases such as Microsoft SQL Server and MySQL. You can download a copy of SnortSam and the source code at the SnortSam Web site.
Another interesting tool, DCPC, lets you change the local Administrator account passwords on numerous machines across your network from one workstation. Version 1.0 of the tool is available as freeware. The tool's maker, DC Danish-Company, intends to develop a DCPC Pro version of the tool and is seeking comments from interested users about any new features or product improvements. Be sure to check it out.
The Forum of Incident Response and Security Teams (FIRST) is holding its 14th annual Computer Security Incident Handling Conference in Hawaii June 24 through 28, 2002. FIRST has issued a call for papers from people interested in delivering a tutorial during the 5-day event. Conference topics include incident response, operation and tools, cooperation and legal issues, new vulnerabilities, ISP security, intruder profiling, and secure programming techniques. If you're interested in delivering a tutorial or attending the conference, be sure to visit the FIRST Web site.