ADDITIONAL SECURITY TOOLS

Figure 2.3 PuTTY Main ScreenHowlett_CH02.fm Page 50 Wednesday, June 23, 2004 2:58 PMConsiderations for Hardening Windows 51you if it is attempting to connect to a SSH server that uses one of the weak versions ofSSH that may be vulnerable to cracking. When connecting to a server for the first time, P[r]

you can decide if it is appropriate to your installation. There is also a More detail buttonthat has additional information. Bastille takes the novel approach of trying to educate theadministrator while it is locking down the system. The more information you have, thebetter armed you will be[r]

Open Source Security Tools Index xxiTool Name On CD?Linux/UNIX?Windows? Page NumberSwatch Yes Yes No 236Tcpdump Yes Yes No 167Traceroute No Yes Yes 32Tripwire Yes Yes No 226Turtle Firewall Yes Yes No 71Whois No Yes Yes 35Windump Yes No Yes 181HowlettTOC.fm Page xxi Tuesday, June 29, 20[r]

Ethereal is so useful as a networking tool that it has been rated as number two amongthe most popular network security tools available by the security Web site Insecure.org.Ethereal has many uses beyond just security; in fact, you can also use it as a general net-work ana[r]

Advanced: Several miscellaneous network settings such as Universal Plug andPlay (UpnP) support are found here.•VPN: Here is where you configure the SmoothWall to act as a VPN for secureremote access from another network. The details are covered later in this chapter.•Logs: Access to all the log file[r]

educating the rank-and-file system managers and giving them the tools to get the job done,we can make the Internet more secure, one network at a time.AudienceThe audience for this book is intended to be the average network or system administratorwhose job duties are not specifically securi[r]

don’t know where to start. For many overwhelmed technical managers, the solution is todo nothing at all, or to put the security issues on the back burner until they have time todeal with them. Of course, that time never seems to come.Chapter OverviewConcepts you will learn:•Managing server lo[r]

Official name registrars, 36One-way functions, 282Open ports and security, 2Open Source Initiative Web site, 384Open source movementbug finder/beta tester, 385discussion groups and supporting other users, 385–386joining, 384–387providing resources to project, 386–387Open source operating syst[r]

Rapid Application Development with MozillaNigel McFarlane ◆The Linux Development Platform: Configuring, Using, and Maintaining a Complete Programming EnvironmentRafeeq Ur Rehman, Christopher Paul◆Intrusion Detection with SNORT: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACIDRafeeq U[r]

also allows other operating systems to be supported via different clients. There arecurrently UNIX and Windows clients available, with projects to create additional onesongoing. There is also now a Web client interface available, which makes Nessus trulyplatform independent (at least on the c[r]

that accompanies this book, or download the binary RPM. To download the files from theWeb, type this at the command line:rpm -vhU http://download.insecure.org/nmap/dist/ nmap-3.50-1.i386.rpmrpm -vhU http://download.insecure.org/nmap/dist/ nmap-frontend-3.50-1.i386.rpmYou will need two packages: the[r]

buffer overflows have been found in just about every major program and are used fre-quently by those seeking unauthorized access to systems.How do you protect yourself from buffer overflows? Well, unless you feel like debug-ging every piece of software you have (which assumes you have access to the[r]

Occasionally, something will come up that it doesn’t know, and then it prints out the TCP response at the bottom of the report. If you find one of these unidentified signatures, you can help build the OS fingerprint database when you get an unidentified TCP signature. If you know what it is for sure[r]

TABLE 4.4 NMAP SCAN TYPES AND COMMAND LINE PARAMETERS continued SCAN TYPES COMMAND LINE TRANG 7 Bounce Scan –n FTP_HOST This tricky scan uses a loophole in the FTP protocol to “bounce” t[r]

Finally, you want to set up logging so you can look at the logs to see what is beingdropped. You will want to view the logs from time to time even if there isn’t aproblem, just to get an idea of the kinds of traffic being dropped. If you seedropped packets from the same network or address repeatedly[r]

(taken from the military term forDemilitarized Zone), which is usually for servers that need to be more exposed to theInternet so that outside users can connect to them. Each packet that tries to pass throughthe machine is passed through a series of filters. If it matches the filter, then some actio[r]

Before your NIDS can be useful at all, you must tune it to your network to eliminate falsepositive alerts. ACID can be invaluable in this effort. When you first turn on your NIDS,all of the alert signatures will be active and your database will begin to fill up with alertactivity. Most of these aler[r]

to determine first if they are alive, or just scan all the IPs in the target range. By default,Nessus tries ICMP and TCP pings on both the Web and secure socket layers ports. If ahost is online, it should respond to one of these polls. This is the setting I recommendusing most of the time, because y[r]

So the command line entry for packet logging mode now looks like this:snort –vde –l /var/log/snort –h 192.168.1.0/24This specifies an internal network in the range of 192.168.1.1–254. You can also use the -b option to log all the data into a single binary file suitable forreading later with a packet[r]

Some of the benefits of this system are: • Form-based access to Snort configuration files • User access levels that allow you to set up different users with different rights • Point-and-[r]