Using the Network Security Toolkit

Paul Blankenbaker

Copyright © 2003 - 2008 Respective Authors

This document provides guidelines for using the Network Security Toolkit within a network computing environment.


Table of Contents

1. Getting Started
Check the System Requirements
Downloading And Burning The ISO Image
On A Linux System
On A Windows System
Examine the Boot Options
Booting
Booting Without a DHCP Server
Using A Serial Console At Boot
Choose a Access Method
Console Access
Serial Port Access
Access Via ssh/putty
Use the Web User Interface
Bring Up a X Desktop on the Local System
Run a X Desktop Remotely (VNC)
Setting the Password (nstpasswd)
Text Editors (vim, jed)
Determine or Set the IP Address
Automating Your Setup with lnstcustom
Preparing a Thumb Drive for lnstcustom
Using lnstcustom With a Web Server
2. The Web User Interface (WUI)
Initial Connection
Snort In Two Clicks
Examining Snort Results
Probing With Nessus
Traffic Monitoring With bandwidthd
3. NST Scripts
Network Time Protocol (NTP)
RAM Disk Creation
MySQL
Snort (NST v1.2.0)
Setup Snort Example: Standalone Configuration (NST v1.2.0)
Setup Snort Example: Backend MySQL Snort Database With Remote IDS Snort Probes (NST v1.2.0)
Snort (NST v1.2.1 and Above)
Setup Snort Example: Standalone Configuration
Alternate Way to Start Snort
Status Listing For Configured Snort Instances
Stopping (Killing) One or More Snort Instances
HOWTO Update a Running Snort Instance By Reloading the Snort Configuration
HOWTO Dump Statitical Information For a Running Snort Instance
Setup Snort Example: Backend MySQL Snort Database With Remote IDS Snort Probes
ettercap
IFGraph
Kismet
BandwidthD
Nikto
NTop
Nessus (NST v1.2.0)
Nessus (NST v1.2.1 and Above)
setup_sendmail
Checking sendmail Status
Becoming a SMTP Server
Enabling Smart Host
4. File Systems
Finding Mounted File Systems
Finding Unmounted Disks
Using File Systems
Making Use of Swap Space
Mounting Local Hard Disks
Mounting USB Thumb Drives
Making SMB (Windows Shares)
Mounting NFS Drives
Loopback Tricks
Mounting A File As A Filesystem
Mounting a ISO Image
Mounting a Initial RAM Disk
Mounting A Encrypted Filesystem
5. System Recovery
Windows XP Recovery
Using a DVD+RW Drive
6. Using NST In The Wild
Overview
Basic Simple: 1
Basic Simple: 2
Mobile Wireless Monitoring
Small Business Configuration
Enterprise Configuration
7. Using VPNs With NST
Overview
The VPN PPP Tunneled Over SSH Script: vpn-pppssh
VPN: PPP Tunneled Over SSH
VPN: Tunnelling Multiple PPP Links Over SSH
VPN: PPP Tunneled Over SSH Overhead Discussion
VPN: PPP Tunneled Over SSH Effective Throughput Rate Discussion
Effective Throughput Rate: NST Probe - NST Probe Same Fast Ethernet LAN Segment
Effective Throughput Rate: NST Probe - NST Probe On Different Fast Ethernet LAN Segments (2 VLANs)
Effective Throughput Rate: NST Probe - NST Probe On Different Fast Ethernet LAN Segments (2 VLANs) Using a PPP Tunneled Over SSH VPN
VPN: IPSEC
8. Virtual Computing
Secure Virtual Computing
Secure Virtual Computing With Microsoft Remote Desktop (RDP)
9. Ntop NetFlow Collector Traffic Monitoring
Ntop NetFlow Background
Ntop NetFlow with a WRT54GS Firewall/Router and NST Probe
WRT54GS IPTables Table and Chain Listings
10. LDAP
LDAP search example
11. Serial Traffic Monitoring
Cable Construction
Monitoring Session - Using Basic Linux Utility Programs
Monitoring Session - Using NST Utility Program: "monitor_serial"
12. Global Positioning System (GPS)
GPSD
GpsDrive
13. Networking
Ethernet/Fast Ethernet/Gigabit Ethernet Network Cabling
14. Linux Software RAID
RAID1

List of Figures

1.1. Burning CDRW From ISO On Linux
1.2. NST Serial Boot Screen <^F-1>
1.3. NST Kernel Boot Configurations <^F-2>
1.4. NST Kernel Boot Options <^F-3>
1.5. NST Kernel Boot Help <^F-4>
1.6. NST Kernel Boot Specifications <^F-5>
1.7. Using ssh
1.8. X Screenshot (Linux Desktop)
1.9. VNC Screenshot (Linux Desktop)
1.10. VNC Screenshot (Windows XP Professional Desktop)
1.11. Changing All of the NST Passwords
1.12. Using vim to Edit .bashrc
1.13. Using jed to Edit httpd.conf
1.14. Setting A IP Address By Hand
2.1. Selecting nessus
2.2. Starting nessus daemon
2.3. Waiting for nessus daemon to start
2.4. nessus ready to scan
2.5. nessus ready to scan
2.6. nessus Scan Starting
2.7. nessus Scan Progress
2.8. nessus Scan Complete
2.9. Nessus Report
2.10. Nessus Results, by host
2.11. Nessus Finds Hole On Printer Port 80
2.12. Nessus Reports CGI Source Code Found
2.13. Selecting bandwidthd
2.14. Setting the bandwidthd Interface
2.15. Starting bandwidthd daemon
2.16. Checking bandwidthd daemon
2.17. Accessing the bandwidthd Interface
2.18. bandwidthd Collecting Data
2.19. bandwidthd Traffic Table
2.20. Investigating IP 69.44.123.39
2.21. bandwidthd Graph
3.1. Kismet - NST 802.11b Wireless Network Monitoring Configuration
3.2. Kismet - Wireless Network Power Distribution Topology and Track Map
3.3. NTop Network Load
3.4. NTop All Protocol Data
3.5. NTop Packet Rate Graphs (RRD)
3.6. Nessus X Client (NST v1.2.0)
3.7. Nessus X Client (NST v1.2.1 and Above)
3.8. setup_sendmail Typical Usage
3.9. setup_sendmail Help Output
3.10. Stopping sendmail
3.11. Starting sendmail
3.12. setup_sendmail Removal Of Service
3.13. Using test_sendmail to Check sendmail Configuration.
3.14. setup_sendmail as SMTP Server
3.15. setup_sendmail as SMTP Server
4.1. Finding Mounted File Systems
4.2. Using fdisk -l To Find Disks
4.3. Using laddswap To Find/Use Swap Partitions
4.4. Finding IDE Partitions
4.5. Mounting a Thumb Drive (Memory Stick)
4.6. Mounting a Shared Windows Folder
4.7. Looking For Windows Shares
4.8. Mounting a NFS Drive
4.9. Preparing a ext3 File System on a FAT Thumb Drive.
4.10. Mounting a Virtual ext3 File System on a FAT Thumb Drive.
4.11. Preparing a Encrypted ext3 File System on a Windows Shared Folder.
4.12. Mounting a Encrypted ext3 File System.
5.1. DVD Burner in USB 2.0 Enclosure
5.2. Burning a DVD with growisofs
5.3. Formatting a DVD+RW Disk
6.1. Basic Simple Configuration: 1
6.2. Basic Simple Configuration: 2
6.3. Mobile Wireless Monitoring
6.4. Small Business Diagram
6.5. Network Enterprise Diagram
7.1. VPN: PPP tunneled over SSH
7.2. Multiple VPN PPP tunnels over SSH
7.3. VPN: PPP tunneled over SSH: packet flow through the IP stacks (Network Diagram)
7.4. VPN: PPP tunneled over SSH: packet flow through the IP stacks
7.5. Ethereal capture: interface ppp0
7.6. Ethereal capture: interface eth0
7.7. VPN: PPP tunneled over SSH: Fast Ethernet Maximum Throughput Rates
7.8. VPN: PPP tunneled over SSH: Effective data rate: NST Probe - NST Probe same LAN segment
7.9. VPN: PPP tunneled over SSH: Ethereal capture summary view
7.10. VPN: PPP tunneled over SSH: Throughput Rate: NST Probe - NST Probe Different LAN Segments (2 VLANs)
7.11. VPN: PPP tunneled over SSH: Effective data Rate: NST Probe - NST Probe different LAN segments (2 VLANs) over the VPN
7.12. VPN: PPP tunneled over SSH: Effective data Rate: NST Probe - NST Probe different LAN segments (2 VLANs) over the VPN for SMB file services
7.13. VPN: PPP tunneled over SSH: Effective data Rate: NST Probe - NST Probe different LAN segments (2 VLANs) over the VPN for SMB file services - Ethereal capture summary: 1
7.14. VPN: PPP tunneled over SSH: Effective data Rate: NST Probe - NST Probe different LAN segments (2 VLANs) over the VPN for SMB file services - Ethereal capture summary: 2
8.1. Secure Virtual Computing
8.2. Secure Virtual Computing With Microsoft Remote Desktop (RDP)
9.1. Ntop, NetFlow, WRT54GS LINKSYS Router - network flow monitoring
9.2. Ntop NetFlow plugin configuration
9.3. Ntop NetFlow Global Traffic Statistics
9.4. Ntop NetFlow Traffic
9.5. Ntop NetFlow packet detail using the Wireshark protocol analyzer
11.1. Serial tap monitor cable
12.1. NetCat - (nc) TCP/IP Network Utility Interrogating the GPSD Daemon
12.2. GpsDrive Navigation Application
13.1. Networking Cable Configuration for Ethernet LAN Standards
14.1. Linux Software RAID1

List of Tables

1.1. Minimum Requirements
1.2. Serial Port Settings
5.1. DVD Burning Equipment
13.1. Ethernet LAN Standards and Cable Type