USB Canary alternatives

USBGuard would be used to define what devices are welcome and lock out the others. It uses a whitelist to define which devices are allowed and defines what they can do.

This type of tooling could be used to attack a system via the hardware itself. It can be used to disable authentication mechanisms or implant nefarious software components.

This toolkit is useful for automatic auditing certificates and retrieving information from them. It can be used for monitoring certificates. These certificates could be stored in a local file or remotely on a system. In the latter case, the tool will be able to connect to the system and retrieve the related information.

The primary goal of K8Guard is monitoring the environment. Instead of focusing on availability, K8Guard helps to detect misbehaving resources. These resources could be Deployments, DaemonSets, Ingresses, Jobs/CronJobs, Namespaces, Pods, and ResourceQuotas.

Similar to arpwatch, this tool addrwatch will monitor the pairing between ethernet and IP addresses.

Main features:

• IPv4 and IPv6 address monitoring
• Monitoring multiple network interfaces with one daemon
• Monitoring of VLAN tagged (802.1Q) packets
• Output to stdout, plain text files, syslog, sqlite3, MySQL
• IP address usage history preserving output and logging

Malware regularly uses USB sticks to infect victims. This solution can convert documents with potentially harmful code into disarmed data formats. This converted data is then stored on a trusted device.

USBleach disarms potential threats like USB Rubber Ducky (keystroke injection) and the BadUSB attack (man-in-the-middle), which can result in a compromised system. This toolkit decreases the risks involved of accepting untrusted USB devices.