Using the Network Security Toolkit

Ronald W. Henderson

CTO
UNIVERSAL Technologies


        
      

Paul Blankenbaker


        
      

Copyright © 2003 - 2009 Respective Authors

Abstract

This document provides guidelines for using the Network Security Toolkit within a network computing environment.


Table of Contents

1. Getting Started
2. NST Scripts
Network Time Protocol (NTP)
RAM Disk Creation
MySQL
Snort (NST v1.2.0)
Setup Snort Example: Standalone Configuration (NST v1.2.0)
Setup Snort Example: Backend MySQL Snort Database With Remote IDS Snort Probes (NST v1.2.0)
Snort (NST v1.2.1 and Above)
Setup Snort Example: Standalone Configuration
Alternate Way to Start Snort
Status Listing For Configured Snort Instances
Stopping (Killing) One or More Snort Instances
HOWTO Update a Running Snort Instance By Reloading the Snort Configuration
HOWTO Dump Statitical Information For a Running Snort Instance
Setup Snort Example: Backend MySQL Snort Database With Remote IDS Snort Probes
ettercap
IFGraph
Kismet
BandwidthD
Nikto
NTop
3. File Systems
Finding Mounted File Systems
Finding Unmounted Disks
Using File Systems
Making Use of Swap Space
Mounting Local Hard Disks
Mounting USB Thumb Drives
Making SMB (Windows Shares)
Mounting NFS Drives
Loopback Tricks
Mounting A File As A Filesystem
Mounting a ISO Image
Mounting a Initial RAM Disk
Mounting A Encrypted Filesystem
4. System Recovery
Windows XP Recovery
Using a DVD+RW Drive
5. Using NST In The Wild
Overview
Basic Simple: 1
Basic Simple: 2
Mobile Wireless Monitoring
Small Business Configuration
Enterprise Configuration
6. Using VPNs With NST
Overview
The VPN PPP Tunneled Over SSH Script: vpn-pppssh
VPN: PPP Tunneled Over SSH
VPN: Tunnelling Multiple PPP Links Over SSH
VPN: PPP Tunneled Over SSH Overhead Discussion
VPN: PPP Tunneled Over SSH Effective Throughput Rate Discussion
Effective Throughput Rate: NST Probe - NST Probe Same Fast Ethernet LAN Segment
Effective Throughput Rate: NST Probe - NST Probe On Different Fast Ethernet LAN Segments (2 VLANs)
Effective Throughput Rate: NST Probe - NST Probe On Different Fast Ethernet LAN Segments (2 VLANs) Using a PPP Tunneled Over SSH VPN
VPN: IPSEC
7. Virtual Computing
Secure Virtual Computing
Secure Virtual Computing With Microsoft Remote Desktop (RDP)
8. Ntop NetFlow Collector Traffic Monitoring
Ntop NetFlow Background
Ntop NetFlow with a WRT54GS Firewall/Router and NST Probe
WRT54GS IPTables Table and Chain Listings
9. LDAP
LDAP search example
10. Serial Traffic Monitoring
Cable Construction
Monitoring Session - Using Basic Linux Utility Programs
Monitoring Session - Using NST Utility Program: "monitor_serial"
11. Global Positioning System (GPS)
GPSD
GpsDrive
12. Networking
Ethernet/Fast Ethernet/Gigabit Ethernet Network Cabling
13. Linux Software RAID
RAID1

List of Figures

2.1. Kismet - NST 802.11b Wireless Network Monitoring Configuration
2.2. Kismet - Wireless Network Power Distribution Topology and Track Map
2.3. NTop Network Load
2.4. NTop All Protocol Data
2.5. NTop Packet Rate Graphs (RRD)
3.1. Finding Mounted File Systems
3.2. Using fdisk -l To Find Disks
3.3. Using laddswap To Find/Use Swap Partitions
3.4. Finding IDE Partitions
3.5. Mounting a Thumb Drive (Memory Stick)
3.6. Mounting a Shared Windows Folder
3.7. Looking For Windows Shares
3.8. Mounting a NFS Drive
3.9. Preparing a ext3 File System on a FAT Thumb Drive.
3.10. Mounting a Virtual ext3 File System on a FAT Thumb Drive.
3.11. Preparing a Encrypted ext3 File System on a Windows Shared Folder.
3.12. Mounting a Encrypted ext3 File System.
4.1. DVD Burner in USB 2.0 Enclosure
4.2. Burning a DVD with growisofs
4.3. Formatting a DVD+RW Disk
5.1. Basic Simple Configuration: 1
5.2. Basic Simple Configuration: 2
5.3. Mobile Wireless Monitoring
5.4. Small Business Diagram
5.5. Network Enterprise Diagram
6.1. VPN: PPP tunneled over SSH
6.2. Multiple VPN PPP tunnels over SSH
6.3. VPN: PPP tunneled over SSH: packet flow through the IP stacks (Network Diagram)
6.4. VPN: PPP tunneled over SSH: packet flow through the IP stacks
6.5. Ethereal capture: interface ppp0
6.6. Ethereal capture: interface eth0
6.7. VPN: PPP tunneled over SSH: Fast Ethernet Maximum Throughput Rates
6.8. VPN: PPP tunneled over SSH: Effective data rate: NST Probe - NST Probe same LAN segment
6.9. VPN: PPP tunneled over SSH: Ethereal capture summary view
6.10. VPN: PPP tunneled over SSH: Throughput Rate: NST Probe - NST Probe Different LAN Segments (2 VLANs)
6.11. VPN: PPP tunneled over SSH: Effective data Rate: NST Probe - NST Probe different LAN segments (2 VLANs) over the VPN
6.12. VPN: PPP tunneled over SSH: Effective data Rate: NST Probe - NST Probe different LAN segments (2 VLANs) over the VPN for SMB file services
6.13. VPN: PPP tunneled over SSH: Effective data Rate: NST Probe - NST Probe different LAN segments (2 VLANs) over the VPN for SMB file services - Ethereal capture summary: 1
6.14. VPN: PPP tunneled over SSH: Effective data Rate: NST Probe - NST Probe different LAN segments (2 VLANs) over the VPN for SMB file services - Ethereal capture summary: 2
7.1. Secure Virtual Computing
7.2. Secure Virtual Computing With Microsoft Remote Desktop (RDP)
8.1. Ntop, NetFlow, WRT54GS LINKSYS Router - network flow monitoring
8.2. Ntop NetFlow plugin configuration
8.3. Ntop NetFlow Global Traffic Statistics
8.4. Ntop NetFlow Traffic
8.5. Ntop NetFlow packet detail using the Wireshark protocol analyzer
10.1. Serial tap monitor cable
11.1. NetCat - (nc) TCP/IP Network Utility Interrogating the GPSD Daemon
11.2. GpsDrive Navigation Application
12.1. Networking Cable Configuration for Ethernet LAN Standards
13.1. Linux Software RAID1

List of Tables

4.1. DVD Burning Equipment
12.1. Ethernet LAN Standards and Cable Type