Copyright © 2003 - 2008 Respective Authors
2006-Nov-23
This article takes one through the process of setting up Inprotect (a web based front end to the Nessus network vulnerability scanner) and the associated services using the Web User Interface (WUI) included with the Network Security Toolkit (NST).
Table of Contents
Setting up a system to perform network vulnerability scans can be a time consuming task. The Network Security Toolkit (NST) greatly simplifies the task of setting up a system to run Inprotect.
This article has the following goals:
To "walk" one through the steps of quickly setting up a NST system to run Inprotect.
To "walk" one through initial steps of configuring Inprotect.
To show a few network security vulnerability reports that can be generated using the setup.
To demonstrate how one can backup and restore their Inprotect setup.
Before attempting the procedures outlined in this document, the reader is expected to:
Download a compressed ISO image, uncompress it and burn it to a CD (creating a bootable CD). Or, download a ZIP file containing a VMware virtual machine and extract its contents. Links to these downloads can be found at the NST website (http://www.networksecuritytoolkit.org/).
You will need version 1.5.0 of the NST (versions after 1.5.0 will probably work as well).
Have a basic understanding of using a Linux based system.
Have a system capable of booting the NST Live CD, or running the NST Virtual Machine (VMware Server and VMware Player were both free at the time of this writing). This system should be connected to a network with a DHCP server (or one needs to be familiar enough with the NST distribution that they are able configure the network information by hand).
If you plan on using a Live CD plan on using a system with at least 512MB of RAM.
Eventually, if you decide that you would like a permanent solution, we recommend that you perform a hard disk installation of the NST distribution using the nsthdinstall script.
Have access to a web browser on a different system which is on the same network (or able to reach) the NST system.
Nessus and Inprotect require a considerable amount of system resources (disk and memory usage). While it is possible to "try" the Nessus and Inprotect setup outlined in this article using a "Live CD" boot of the NST it is not realistic to expect to run from a "Live CD" boot for an extended period of time. A hard disk installation of the NST should be performed when a permanent solution is required. The nsthdinstall command makes the hard disk installation of a NST distribution a relatively simple task.
By using VMware Server, it is possible to do everything in this article on a Windows box without rebooting your system or burning a CD. You'll just need to download the NST Virtual Machine and run it on your Windows system. However, this is only recommended if your system has a least 1GB of RAM.
The following tools were used when creating this article.
A development release of the 1.5.0 NST ISO image was used.
Because this article was written as software was being developed, it is likely that there will be slight differences between the screen shots shown in this article and what one will find on the final 1.5.0 release of the NST.
A DHCP server was running on the network. This simplifies the booting/configuration of the NST (we didn't need to configure network settings by hand).
This laptop was used to run two Operating Systems simultaneously. The host Operating System is Fedora Core 6 and was used to run Firefox and write this article. The NST Virtual Machine was also running under VMware Server. The laptop is from the year 2003, but since it has been upgraded to 1GB of RAM, running the two Operating Systems simultaneously was not too much of an issue.
This laptop is from 1999 and has 386MB of RAM and a 466MHz Celeron CPU. It was used to test the Inprotect setup after installing the NST distribution to a partition on the hard disk. It was left running Inprotect for a two week period (while writing this article). It faithfully ran its scheduled Nessus scans each night and logged the collected information to the database.
This is a MONSTER system on loan from Sun™ which we had access to for a few weeks. It is an 8 way SMP box (4 dual core Opteron CPUs running at 2.61GHz) and has 16GB of RAM installed. We did a hard disk install of a custom x86_64 build of the NST onto this beast. We then setup Inprotect as described in this article. This allowed us to verify that these settings would work on a high end system.