Network Security Toolkit (NST)

Some of the older news - which has manually scrolled off the front page.

Old News

2014-Feb-20

We are pleased to announce the latest NST release: "NST 20 SVN:5663". This release is based on Fedora 20 using Linux Kernel: "3.13.3-201.fc20". Significant effort has been devoted to bringing this release on par with Fedora 20. Starting with NST 20, the "Mate" Desktop is now the preferred desktop.

Here are some of the highlights for this release:

• Added a new drag zoom feature to the "NST Ntopng IPv4 Hosts" application. Ntopng is a network traffic probe used for high-speed web-based traffic analysis and flow collection. This drag zoom feature implements a traditional method for zooming in on a particular area of interest on Google Maps by positioning and sizing a zoom rectangle with the mouse. One can easily use this feature to zoom into an area of clustered Ntopng IPv4 Hosts for further investigation which is depicted in the Annotated Image shown below.
• Integration of the "Mate Desktop" and the "LightDM GTK Desktop" login screen greeter are now the preferred defaults for NST.
• Added a new NST WUI page for the network utility script: "getipaddr".
• Added a new "Network Interface Renaming" mode to the NST script: "nstnetcfg" that creates Predictable Network Interface Names which will survive each system reboot. This capability is beneficial to an NST system equipped with multiple Network Interface adapters.
• Integration of "IPv4 Alias Address Management" into the NST script: "nstnetcfg" that allows for the creation and removal of IPv4 Alias Addresses.
• A number of new articles on getting NST 20 up and running on a system have been written at the NST Wiki site:
  • Upgrade to NST 20
  • NST 20 Getting Started
  • NST 20 Hard Disk Installation
  • Copying ISO Images To USB
• As always, the networking and security applications included have been updated to their latest version which can be found in the manifest.
• For more details related to the code changes for this release, refer to the "Change Log" page.

2015-Feb-09

We are pleased to announce the latest NST release: "NST 20 SVN:6535". This is an interim release which includes all of the NST and Fedora 20 package updates since 2014-Feb-20 rolled into a fresh ISO image. This release is based on Fedora 20 using Linux Kernel: "3.18.5-101.fc20". If you are building your own NST YUM repository or have a subscription to the NST PRO YUM repository, you do not need this ISO image. You can simply yum update your NST system(s).

A major effort was put forth in this release in the development of NST Mapping Tools to aid the end-user when working with geolocated network entities on Google Maps (See the NST Wiki article on: "NST Mapping Tools" for additional information).

Here are some of the highlights for this release:

• Development of the NST Mapping Tools which includes the following overlays and widgets (The Image below depicts some of the mapping tools.):
  • The display of a dynamic Latitude/Longitude grid overlay on the Google Maps.
  • A widget for displaying one or more Distance Measurement Tool Rulers. Units can be displayed in Km, Mi, NM, px, coordinates and round-trip times (msecs).
  • A Distance Measurement Tool Ruler Editor is provided for manual ruler endpoint positioning with precision vernier controls.
  • An NST Ruler Tool widget for map and web page distance and area measurements.
  • A Drawing Manager widget for creating basic geometric shape overlays and markers.
  • A Drawing Manager Editor widget for overlay characteristic management and displaying distance and area calculations.
  • A Vertex Editor for precise Polyline and Polygon overlay shape creation and placement.
  • A grid of shape overlay positioning controls for geolocation network entity placement.
  • A Drawing Overlay Storage Manager for saving and restoring overlays on each NST integrated geolocation map.
  • A Map Label Editor widget for the creation and management of labeling network entities on NST maps.
  • Creation of Marker Overlay Waypoints for inventorying network entity geolocations.
  • Integration of Google Place Search for correlation with geolocated network entities.
• Ntopng geolocation integration with the Mercator Map and Google Earth.
• nstnetcfg enhancements including Network Bonding Management (See the NST article on: "Managing a 'Bonding' Network Interface").
• Creation of an Import/Export Management tool for saving and restoring NST specific configuration and settings between different NST systems. This tool can be advantageous when migrating to a new NST release.
• As always, the networking and security applications included have been updated to their latest version which can be found in the manifest.
• For more details related to the code changes for this release, refer to the "Change Log" page.

2014-Apr-11

See the NST Wiki page: NST Heartbleed Detection on how to use NST and Nmap to detect this vulnerability on a remote server.

2013-Nov-18

We are pleased to announce the latest NST release: "NST 18 SVN:5413". This is an interim release which includes all of the NST and Fedora 18 package updates since 2013-Apr-13 rolled into a fresh ISO image. If you are building your own NST YUM repository or have a subscription to the NST PRO YUM repository, you do not need this ISO image. You can simply yum update your NST system(s).

Here are some of the highlights for this release:

• The next generation NST WUI Network Interface Bandwidth Monitor 2 application is available. It includes the following new features and enhancements:
  • Graph Zoom & Pan - Allows for different graph monitor views and fine-grain data rate measurements.
  • Selectable Sample Buffer Size - Allows for the generation of very long duration (i.e., days) monitoring graphs.
  • Data Rate Buffering - Allows for data rate capture while a monitor is paused.
  • Archive & Loading - Allows for historical review or data analysis from a monitor collected on a different NST system.
  • Monitor Snapshotting - Generate a Read-Only bandwidth monitoring graph clone for quick data rate measurements.
  • Trigger Event Graph Color - Create a Visual Alarm Display when a defined trigger event occurs.
  • Trigger Event Snapshot - Create a Monitor Snapshot each time a defined trigger event occurs.
  • Monitor Appearance - Customize the look of each monitoring graph.
  • An NST WUI Network Interface Bandwidth Monitor 2 screenshot is shown below monitoring Network Interface: "p1p1" with the Ruler Measurement Tool enabled.
• Integrated the next generation ntop application: "ntopng" into the NST WUI. Ntopng is a network traffic probe used for high-speed web-based traffic analysis and flow collection.
• A new NST WUI Geolocation Application: "Ntopng IPv4 Hosts" is available using host information derived from ntopng. This application includes the following features:
  • Periodically query the ntopng server for Host information and then try to Geolocate each Host on a Google Map.
  • Map marker management allows one to extend the Geolocation Lifetime of each Host Marker for a user specified time duration.
  • One can choose from a large collection of transparent Host Markers for the generation of "Geolocated Hosts Heat Maps".
  • Integration of the NST IPv4 Address Tools widget and the ntopng Web-Based GUI to perform additional Network Surveillance with each ntopng detected Host.
  • An IPv4 Host Simulator is available to generate Random World-Wide Host Geolocations.
  • An IPv4 Host Simulator Mode using the GeoIPgen tool with the MaxMind Country WhoIs Database is available to produce Country Level Geolocation Isolation.
  • Use the IPv4 Host Simulator to expose Networks and Hosts for Global Network Exploration with the vast collection of integrated NST tools.
  • An NST Ntopng IPv4 Hosts screenshot is shown below with integrated NST tools focusing on host: "lga15s28-in-f4.1e100.net".
• Several new tools were added to the NST WUI that allow you to convert files to different formats. These tools can be found under the 'Tools|Convert' menu and include the following abilities:
  • Convert from PostScript to PDF
  • Download a URL and render a PDF
  • Convert ASCII source code files to colorized HTML
  • Convert image files from one type to another
• A new tool was added to the NST WUI that allows you to easily browse the RPM packages installed on the system. To bring up the index of all RPM packages, select 'Tools|WUI Widgets|NST RPM Index' from the menu. If the RPM index was not recently generated it will take a few moments for the system to determine the list of installed RPM packages. Once the index is displayed, you can click on any entry to easily examine information about each installed package.
• As always, the networking and security applications included have been updated to their latest version which can be found in the manifest.
• For more details related to the code changes for this release, refer to the "Change Log" page.

2013-Apr-13

We are pleased to announce the latest NST release: "NST 18 SVN:4509". This release is based on Fedora 18 using Linux Kernel: "3.8.6-203.fc18". This is the most robust and stable release of NST to date. Significant effort has been devoted to integrate "systemd" service control support with all network services applications thus providing enhanced management and flexibility when using the NST WUI.

Here are some of the highlights for this release:

• Created a more friendly and intuitive user experience when booting NST Live and performing a Hard Disk installation.
• Added a new NST script: "nstipconf" (NST Pro users: "nstnetcfg") which provides management to easily setup IPv4 Address and stealth network configurations in an NST system equipped with multiple network interface adapters for performing network surveillance tasks. See HowTo Setup A Server With Multiple Network Interface Adapters Using: "nstnetcfg" for additional information.
• Many new NST WUI enhancements and refinements including:
  • The NST WUI network monitoring management pages (i.e., Nagios Core, Zabbix and Argus Monitor) have been refactored for ease of use, enhanced management and setup capability.
  • The "Snort" network Intrusion Detection System (IDS) page now uses Barnyard2 integration for Unified2 IDS event data storage to the MySQL database.
  • A new system SCSI storage device information page was added.
  • SSH access using the Google Chrome Secure Shell has now been integrated into the NST IPv4 Tools widget. This allows SSH access using the Google Chrome Browser on any OS platform without the need to install a native SSH client.
• Many new NST Network Interface Bandwidth Monitor features including:
  • Added a Query Update Rate Monitor.
  • Significantly increased the query update rate performance.
  • Added the ability to create two Custom Bandwith Monitors. This will allow one to simultaneously display network bandwidth rate graphs from two different network interfaces. This can be quite useful for displaying bandwidth network traffic at full line rates when using a non-aggregational network TAP (See the example network diagram below.).
  • Each Bandwidth Monitor can now have its appearance customized using a NST Options Widget popup. One can adjust the background color and the color of each monitor graph. The opacity levels can also be adjusted on a per graph basis. These controls use to be global and applied to all monitors, but now they can be applied individually.
  • Now optionally collecting Bandwidth Monitor Data Rates when the monitor is hidden from view.
  • Added clearer Threshold Pause State Change information in each status area.
  • A Threshold Pause Session can now be automatically enabled upon page load.
  • The Bandwidth Monitor Background Color can change when a Threshold Pause Trigger Event occurs. This can be used in conjunction with the "Auto ReArm" option for a Visual Alarm Display when a Threshold Pause Trigger Event occurs.
  • You can now download or export Bandwidth Monitor Data Rates as a CSV formatted file which can then be used by most data analysis applications.
  • A new Threshold Pause Trigger Event Action has been added: The Bandwidth Monitor Data Rates can now be exported as a CSV formatted file to the NST system when a Threshold Pause Trigger Event occurs. A selection of Pause NICs and their associated data rate values can be included in the file.
• As always, the networking and security applications included have been updated to their latest version which can be found in the manifest.
• For more details related to the code changes for this release, refer to the Change Log page.

2012-Sep-03

We are pleased to announce the latest NST release: "v2.16.0-4104". This release is based on Fedora 16 using Linux Kernel: "3.4.9-2.fc16". This is a interim release which includes all of the NST and Fedora 16 package updates since 2012-Feb-27 rolled into a fresh ISO image. If you are building your own NST yum repository or have a subscription to the NST PRO yum repository, you may not need this ISO image as you should be able to simply yum update you NST system(s).

Here are some of the highlights for this release:

• The NST project team has worked with the CloudShark folks to facilitate uploading and viewing network packet captures generated by an NST system to either "CloudShark.org" or a "CloudShark Appliance". A new CloudShark Upload Manager tool was created and embedded within the NST WUI to accomplish this. See the graphic below for the many CloudShark features and an example use case for CloudShark with Multi-Tap Network Packet Capturing. See also the HowTo Use The NST CloudShark Upload Manager NST Wiki page for more information.
• The NST WUI ARP Scan page, which utilizes the arp-scan utility, has been completed. This allows you to quickly scan and inventory each attached network segment throughout your network infrastructure and also perform additional security auditing on each discovered host. See the article: HowTo Use The NST WUI arp-scan Page To Quickly Locate Hosts for additional information.
• A separate NST WUI ARP Scan monitoring page was added. This web page is designed to periodically run the arp-scan command. Results are accumulated from each run allowing you to keep track of what systems enter and leave your network throughout the day.
• Many new NST WUI enhancements and refinements including:
  • Most NST WUI pages have been enhanced to use an NST Shell Command Console for resultant output. This allows for extreme flexibility when using the results for analysis or reports. See the NST Shell Command Console Reference Page for additional information.
  • New pop-up network tools widgets have been created for IPv4, IPv6, Host Names, and MAC addresses. NST WUI pages which display network addresses or host names will allow you to click on the network entity to bring up the appropriate tools widget. Once the widget is displayed, you can perform a variety of related actions using the network entity. Each widget has an integrated NST Shell Command Console for results. See the NST Network Tools Widgets Reference Page for additional information.
  • Both the Single and Multi-Tap Network Packet Capture pages now support the new PCAP Next Generation Dump File Format.
  • The NST Network Interface Bandwidth Monitor Ruler Measurement Tool has been enhanced with Peak/Trough Detection and a Ruler Guide Movement Control feature. This feature helps during bandwidth rate analysis by making it easier to position the left and right ruler tool guides when performing data rate measurements. See the NST Bandwidth Monitor Reference Diagram for more information.
• As always, the networking and security applications included have been updated to their latest version which can be found in the manifest.
• For more details related to the code changes for this release, refer to the Change Log page.

2012-Feb-27

We are pleased to announce the latest NST release: "v42". This release is based on Fedora 16 using Linux Kernel: "3.2.7-1.fc16" .

Here are some of the highlights for this release:

• Major enhancements to the Network Interface Bandwidth Monitor application including a Threshold Pause feature with bandwidth rate state notifications.
• Developed a new NST WUI ARP Scan AJAX application which utilizes the arp-scan network tool. One can quickly scan and inventory each attached network segment throughout your network infrastructure and also perform additional security auditing on each discovered host. See the graphic below for an example output from the application or the HowTo Use The NST WUI arp-scan Page To Quickly Locate Hosts.
• Integrated the w3af (Web Application Attack and Audit Framework) into the NST distribution for searching and exploiting web application vulnerabilities.
• Added the netsniff-ng high performance Linux network analyzer and networking toolkit. It is featured in the NST Wiki article: LAN Ethernet Maximum Rates, Generation, Capturing & Monitoring.
• The NST WUI is now touch device friendly and now works well with the Apple iPad. See the NST Wiki article: HowTo Use A Touch Device (iPad) with NST.
• Developed many new systemd service controls and improved NST boot management with GRUB2 integration.
• Many new NST WUI enhancements and refinements including a new CPU usage monitor and DNS name resolver popup widget.
• As always, the networking and security applications included have been updated to their latest version which can be found in the manifest.
• For more details related to the code changes for this release, refer to the Change Log page.

2011-Aug-09

We are pleased to announce the latest NST release: "v42". This release is based on Fedora 15 using Linux Kernel: "2.6.40-4.fc15 - Rebased from latest Linux Kernel: 3.0" .

Here are some of the highlights for this release:

• Developed a new interactive dynamic SVG/AJAX enabled Network Interface Bandwidth Monitor application that is integrated into the NST WUI for monitoring pseudo real-time network bandwidth rates. See example graphic below.
• Added NST RPM packages and NST WUI integration for the Open Vulnerability Assessment Scanner (OpenVAS) and Greenbone Security tools.
• Added an NST RPM package for IPv6 network security investigation: The THC IPv6 ATTACK TOOLKIT.
• Now supporting the GNOME 3.0 desktop for NST integrated network security applications.
• Refactored all NST integrated services for transistion to the new systemd System and Service Manager for service control.
• By default, now supporting the new Fedora Network Device Naming convention (e.g., eth0 => p2p1 or eth0 => em1).
• Many new NST WUI enhancements and refinements.
• As always, the networking and security applications included have been updated to their latest version (See the "Change Log" page for individual package updates).

2011-Jan-22

The NST project team is excited about a offering new enhancement service for NST users called NST Pro. NST is a large distribution which requires signifcant effort to maintain and develop. We have offered free maintenance and new feature development since 2003. This will continue, but access to NST updates and the introduction of features and application integration will be delayed for the general public NST user. We feel that the best way to continue to enrich NST and and keep the project current is to offer NST Pro as a subscription based service.

Summary of NST changes with the release of the NST Pro service:

• A new NST 32 bit ISO maintenance release: NST13 (v2.13.0-1713) is available for Download to both the general public NST user and the NST Pro subscriber user.
• Future NST 32 bit ISOs will be delayed for the general public NST user.
• NST source code will always be available for all users to build NST from scratch. Instruction can be found here: HowTo Build NST 2.13.0
• NST Pro subscriber users will have full access to the NST RPM YUM repository for current updates and new features. All non subscribers will be able to build and maintain their own RPM YUM repositories using the source code.
• NST Pro subscriber users will have access to all NST Pro ISO and virtual machine images including 64 bit builds.

Thank you for your support and consideration in purchasing an NST Pro subscription.

Summary for the NST13 (v2.13.0-1713) maintenance release:

• All NST packages that require libpcap have been recompiled using libpcap v1.1.1.
• Most major network security applications have been updated to their latest version.
• Many NST WUI performance improvements and browser consistency across all OSs.
• NST Pro registration code and repository access have been integrated into NST.

2010-Oct-06

We are pleased to announce the latest NST release: NST13 (v2.13.0) which is based on Fedora13 using Linux Kernel: 2.6.34.7-56.fc13. The release has focused on building a framework for the geolocation and rendering of network entities including the management and configuration of back-end geolocation methods and database repositories.

Here are some of the highlights for this release:

• Created a framework for geolocating network entities with NST.
• Manage and configure the geolocation methods and database repositories.
• Geolocate hosts discovered by ntop. These hosts can be plotted on a world map as a bitmap image or viewed in Google Earth with supporting network traffic information for each host detected.
• Geolocate IPv4 Address Conversations from a network packet capture. These conversations can be displayed on a world map as a bitmap image or viewed in Google Earth. This can be done from the NST WUI Single or Multi-Tap Network Packet Capture decode page.
• Manage, view and schedule geolocated information using the NST WUI.
• The NST WUI can be used to geolocate traceroute information. The results can be viewed using Google Earth.
• The NST WUI can be used to geolocate data collected by Kismet and the results can be viewed in Google Earth.
• The NST WUI can be used to quickly setup and manage Subversion (SVN) repositories. Each with a corresponding Trac Wiki.
• This release includes both NST 32 bit (i686) and 64 bit (x86_64) builds as well as an NST 32 bit and 64 bit RPM repository.
• Many new applications have been added to this distribution release. Previous existing networking and security applications have been updated to their latest revision.

2010-Aug-05

Finalizing NST Release:13 (v2.13.0) is proceeding at a slower pace than we had anticipated. This release will include many geolocation enhancements for both Wireshark and Ntop. One can now geolocate Wireshark IPv4 Address conversations or Ntop hosts on a Mercator World Map projection or on an Earth Browser (i.e., Google Earth). See the Overview page on the NST Wiki Site for hourly generated maps demonstrating the Ntop hosts geolocation implementation.

Another major enhancement will be the inclusion of a Subversion (SVN) Manager. From the NST WUI one can easily generate and manage an SVN repository. Administrative tasks for backing up all repositories and configuring users are also provided.

2009-Sep-22

We are pleased to announce the latest NST release: "v2.11.0". This release is based on Fedora 11 using Linux Kernel: "2.6.30.5-43.fc11". The architecture for building an NST distribution has been completely redesigned and engineered. Starting with this release, All system, network and security applications are now included as RPM packages. This allowed us to take advantage of the Fedora Live CD Project for spinning off an "NST Live" distribution. This project will also help make it easier to develop future releases of NST.

We have created redundant repository sites for NST built RPM packages so that an NST system may be upgraded and revisioned via the internet. These capabilities continue to move NST towards being classified as an enterprise grade distribution that is both extensible and maintainable. With previous NST releases, it was difficult for users to add features and scope by compiling source code or adding new applications. Now one can simply YUM install their favorite applications (e.g., compilers, editors, X Window managers, etc...) via the command line or through the NST WUI.

For information on quickly using this new NST release, see the "Getting Started" page on the "NST Wiki".

Here are some of the highlights for this release:

• The entire NST distribution is RPM based and an NST system can be maintained using reduntant RPM repositories.
• NST is now extensible. Add new applications with YUM install.
• "NST Live" allows for read/write rootfs file system access so that new applications can be installed even though it was booted from a DVD device.
• "NST Live" can be installed to a USB device for creation of a "NST Live USB Disk". One can then boot the "NST Live USB Disk" from a system capable of booting from USB devices.
• An "NST Live USB Disk" may contain data persistence allowing session information to be maintained across system reboots and/or system moves.
• For systems that lack a DVD device or can not boot from USB devices, the following solution was created for installation of NST to the system hard disk. The "NST Live" distribution is too big to fit on a CD. An "NST Minimal" ISO is provided and was designed to fit on CD media. One can boot the "NST Minimal" ISO, perform a hard disk installation using the NST script: "nstliveinst" and then YUM install the "nst-live" RPM package to completely build out the full NST distribution.
• A new NST script: "nsttraceroute" has been created that Geocodes output from the traceroute utility in KML format for rendering with Google Earth.
• Added 2 network content capture applications: "driftnet" and "@tcpxtractLink("tcpxtract")". Driftnet is used to capture and display graphic images (i.e., GIF, JPEG and PNG). @tcpxtractLink("TCPxTract") is used to capture complete documents including PDF or Microsoft Word docs.
• The Multi-Tap Network Packet Capture page has been enhanced with the integration of ngrep and dsniff.
• Many new applications have been added to this distribution release. Previous existing networking and security applications have been updated to their latest revision.

2009-Jan-08

We are pleased to announce the latest NST release: "v1.8.1". This release is based on Fedora 8 using Linux Kernel: "2.6.26.8-57.fc8".

Here are some of the highlights for this release:

• Enhanced the management of snort IDS systems via the NST WUI. It is much easier to setup a federation of snort IDS sensors with backend MySQL IDS collector(s).
• The addition of the "WebDAV Resources" packages. This allows interacting with devices such as the Apple iPod touch using the Air Sharing application.
• Major updates to nmap and its related tools including better support in the NST WUI for managing nmap results.
• Added access terminal server functionality using minicom from the NST WUI. This allows one to manage and connect to many serial ports remotely.
• Enhanced the monitoring of serial data streams using the NST WUI. This includes detailed documentation and diagram.
• Support for saving and loading packet capture and display filters in the single and multi-tap network packet capture sections of the NST WUI.
• Added support scripts for using a USB modem to connect to the Sprint PCS Mobile Broadband service.
• Updated the NST WUI with support for taking GPS enhanced @kismetLink() capture files and producing KML output files which can be viewed in Google Earth or Google Maps.
• Many clean ups and minor enhancements have been made to the NST WUI.
• As always, the networking and security applications included have been updated to their latest version (See the "Change Log" page for individual package updates).

2008-Jun-27

We are pleased to announce the latest NST release: "v1.8.0". This release is based on Fedora 8 using the Linux Kernel: "2.6.25.6-27.fc8". Here are some of the highlights for this release:

• The NST Web User Interface (WUI), has been greatly enhanced and cleaned up. Some note worthy enhancements include:
  • Multi-Tap Network Packet Capture and Management. Simultaneous network packet capture on up to 4 network interfaces per Multi-Tap session is supported. For example, one can capture network packets from the clean and dirty side of a firewall device and have the results automatically merged into a single capture file for analysis. See the "Multi-Tap Network Packet Capturing" page at the "NST Wiki" for further information.
  • An enhanced Network Packet Capture Mangement and Status Interface.
  • The use of AJAX and JSON to provide a more dynamic and interactive NST WUI. For example, the network interface label on the NST Start page can be clicked on to monitor that interface in real-time.
  • Support for WPA-PSK wireless connections.
  • Extensive tooltips and a new menu bar allowing one to quickly navigate the NST WUI.
  • A "NST JavaScript Console" has been added. This is an interactive interface and library of JavaScript objects, functions, methods and properties designed to help software engineers diagnosis and develop "JavaScript Code" for building dynamic web pages. It is located on the bottom footer of every page including the one you are on.
• We transitioned from Fedora Core 5 to Fedora 8 as the underlying base of the NST.
• The addition of wireless firmware packages to support several new wireless chipsets.
• One should be able to boot the NST CD from SATA attached CD drives.
• As always, most networking and security applications included have been updated to their latest version (See the "Change Log" for individual package updates).

2008-Jun-12

Its been a long haul, be we have finally completed most of work on the new additions and enhancements to the NST WUI. We encourage NST v1.5.0 users to give it a spin (look for the: "NST WUI Update Management" link on the NST WUI index page).
While we will continue to clean up and refine the NST WUI, we are now concentrating on nailing down the v1.8.0 release.

2008-Mar-01

Our revamp of the NST Web User Interface (WUI) is still on going. We have added a new menu based navigation system to both the NST WUI and Web Site. We are thinking two months until the next release (which will be based on Fedora 8). Here are some of the things you may be interested in:

• We are continuing to make progress at adding extensive DOM Tooltips throughout the NST WUI (examples of some of these tool tips can be found on the header and footer bars used throughout the web site).
• We have added a DOM Menu to both the NST WUI and this Web Site to simplify the navigation process.
• A development release of the NST WUI is available for installation. If you have a 1.5.0 release of the NST you can update it's NST WUI (from the NST WUI index page, go to the 'NST WUI Update Management' link in the 'Downloads & Updates' row of the 'System' table).
• We have found ourselves making more and more use of JavaScript in our development. We've found that having the ability to turn on a 'JavaScript Console' at the bottom of any page under development to be particularily useful (try clicking on the JC icon at the bottom of this page as an example). It allows us to perform diagnostic tests in a consistent manner regardless of what browser we are currently testing. Use the "Tools" => "JavaScript" => "Browser JavaScript Information" page for additional information.

2007-Nov-13

Our revamp of the NST Web User Interface (WUI) is taking a long time (We are greatly enhancing the documentation via the use of DOM Tooltips). We still don't have an estimate for the next release (which will be based on Fedora 7), but we have had several users build there own ISO images via notes found on the: "NST Wiki".

2007-May-30

There have been two NST development tracks currently underway over the last few months:

1. Enhancements to the NST WUI which is complete.
2. Porting NST to FC6 which is now almost complete.

2007-May-30

A new stable update for the NST WUI management interface is now available for the NST v1.5.0 release. This update includes many enhancements to the Network Packet Capture Interface and bug fixes to the NST WUI. See the README associated with the update for further details. Use the "System" => "NST WUI Update Management" page for installation.

2007-Mar-15

A stable update for the NST WUI management interface is now available for the NST v1.5.0 release. This update include many enhancements and bug fixes to the NST WUI. See the README associated with the update for further details. Use the "System" => "NST WUI Update Management" page for installation.

2007-Feb-25

We have just added an NST Wiki site. NST users please feel free to setup an account and share your experiences, advice and/or interesting topics associated with the NST distribution.

2007-Feb-23

The shell services at SourceForge have been down for the past 11 days. Unfortunately this occurred right in the middle of the NST 1.5.0 release. While we have been unable to update the web server during this time period, we were able to upload the files associated with the 1.5.0 release. These files, as many of you have already discovered, have been available for the past 11 days. We will finalize the release today by updating the on-line documentation files at the web server (what you are reading now).

2007-Feb-12

We are pleased to announce the latest NST release: "v1.5.0". This release is based on Fedora Core 5 using the Linux Kernel: "2.6.18-1.2257.fc5". Here are some of the highlights for this release:

• The NST Web User Interface (WUI), has been greatly enhanced and cleaned up. Some note worthy enhancements include:
  • Extensive additions to managing and analyzing network packet captures. This includes packet capture uploading to a probe and comprehensive HTML reports generated from PDML output.
  • The ability to setup and manage printers (you can easily turn a NST system into print server). This was accomplished by adding a CUPS Management NST WUI page.
  • The ability to easily mount many different supported file system types.
  • The ability to manage the NST as a file server (both NFS and CIFS).
  • The ability to upload files to the NST system.
  • The ability to edit All ASCII files on the NST probe.
• The addition of the Zabbix package (another network resource monitoring tool - similar to Nagios), the nstzabbix supporting script and a WUI front end to help walk one through the setup.
• We transitioned from Fedora Core 4 to Fedora Core 5 as the underlying base of the NST.
• As always, most networking and security applications included have been updated to their latest version (See the "Change Log" for individual package updates).

2007-Feb-1

We're closing in on the v1.5.0 release. We are currently in the testing and review stage and anticipate finishing up in a few weeks.

2006-Aug-17

We are pleased to announce the latest NST release: v1.4.2. This release is based on Fedora Core 4 using the Linux Kernel: 2.6.17-1.2142_FC4 or 2.6.17-1.2142_FC4smp. Many new NST WUI features and capabilities have been included with this distribution:

• The addition of fruity, fruity templates and the nstfruity script to simplify the management of nagios.
• The addition of the barnyard link package (primarily to support sguil).
• The addition of niktorat reports and a NST WUI management page to simplify the use of nikto.
• The addition of the HTML Validator plugin for firefox to aid one in validating the HTML produced by web servers.
• The addition of p0f and a NST WUI management page to allow one to passively determine the host OS from captured network data.
• Cleaned up DHCP configuration so that it should work cleanly even if one sets up DHCP on a interfaces other than eth0.
• We have transitioned from the network protocol analyzer: Ethereal to the new Wireshark.
• The Network Packet Capture web-based front-end has again been enhanced with more filters and XML processing.
• The removal of the "@" character from the default password (this was causing issues for people with non-US keyboards).
• Added the THC-secure_delete package.
• This marks the first release where both a ISO and Virtual Machine version of the NST will be available.
• As always, most networking and security applications included have been updated to their latest version and continued refinement of the NST WUI.

2006-July-18

NST has transitioned from the network protocol analyzer: Ethereal to the new Wireshark version: 0.99.2. This will be available in the pending NST v1.4.2 release.

2006-July-13

We've moved the web site to a new web hosting service. The site may be temporarily unreachable during the 13th-14th as we make the move.

2006-Apr-30

It had taken awhile, but we have a much better understanding of what is required to make the NST run well within a VMware virtual machine. We will be including a new nstvmware script in the 1.4.1 release as well as the necessary VMware modules and tools to enhance the performance of the NST when run from within VMware.

2006-Mar-01

We are pleased to announce the latest NST release: v1.4.0. This release is based on Fedora Core 4 using the Linux Kernel: 2.6.15-1.1831_FC4 or 2.6.15-1.1831_FC4smp. Many new NST WUI features and capabilities have been included with this distribution:

• Time Management - NTP, hardware clock and system clock management.
• Network Packet Capture - An enhanced NST WUI web-based front-end to the tethereal network protocol anaylzer.
• Network Packet Capture Manager - Provides a means to manage network packet capture files on a NST probe.
• An enhanced NST WUI web-based file system mounting page.
• PDF rendering for most output including network packet capture decoding.
• Enhanced directory and file viewing pages with auto refresh.
• Introduced browser session saving for many NST WUI pages.
• Add a simpilfied front-end to the NST WUI for beginner users.
• Network Monitoring - integrated the Nagios networking tool into the NST WUI.
• Better navigation and flow when using the NST WUI pages.

Most networking and security applications have been updated to their latest version.

2006-Feb-07

We are still testing the 1.4.0 release. Things are progressing well.

2006-Jan-11

Before we finished the 1.4.0 release, we decided that we would update the source code to support the x86_64 architecture as well as the i386 architecture. This has resulted in a considerable delay in finishing the 1.4.0 release. This is due to the fact that Ron and have been going through what we call dog days where we update and test hundreds of scripts to support non-Intel architectures. We had hoped to finish by the end of January, but this is optimistic.

2005-Nov-06

We are closing in the 1.4.0 release of the NST (maybe within the next 30 days). It took us awhile to get everything up and running under Fedora Core 4, but we are satisfied that it was worth the effort. Ron is really excited about his enhancements to the network capture page in the NST WUI (its a really good sign when Ron gets excited about a network tool).

2005-Sep-09

We have started the process of moving the NST to Fedora Core 4 from Fedora Core 2. We are not certain how long the transition will take. Please be advised that the manifest for the NST under development (1.4.0) will be in a state of flux. Please refer to the 1.2.3 manifest for a list of tools available on the released ISO image.

2005-Sep-05

We are pleased to announce the 1.2.3 release of the NST. We have spent a considerable amount of time enhancing the management capabilities of the NST probe in addition to bringing the security tools up to date. In particular:

• Snort rules management and configuration.
• Remote File/Directory browsing.
• VNC Session Management.
• Simplified Virus Scanning.
• And many additions to the NST web-based interface.

2005-Aug-10

We are steadily closing in on the 1.2.3 release and expect it to occur in roughly three weeks. In addition to the normal freshening and adding of packages, we've been spending a lot of time enhancing the management features of the NST with custom scripts and a lot of new web based management pages. Review the change log for more details.

2005-May-10

A new article/tutorial on using the NST on a wireless network is available (click here to view article). This article will be of most interest to those that use the NST in a wireless LAN environment.

2005-Apr-16

We have finished up our testing and are releasing version 1.2.2 of the NST. You should be able to download the newest version once it makes it way out to the SourceForge mirrors.

2005-Apr-11

We are closing in on the 1.2.2 release of the NST. There have been many more enhancements and updates - see the change log for details. The major highlights include:

• Ron added the metasploit package. Its an amazing framework for looking at vulnerabilities on your network. Ron also added a web based front end to make setting up metasploitLink a snap.
• The snort scripts and web based interface have been greatly enhanced. There have been many additions to allow for the full management/customization of your snort processes.
• There have been many additions and enhancements to the NST WUI (web base user interface).
• As usual, there have been many package updates since 1.2.1.

2005-Mar-25

We are starting to standardize the way in which scripts are written for the NST project. As a result, the documentation for these scripts will be accessible on-line.

2005-Feb-12

We are pleased to announce the release of v1.2.1 of the NST. There have been a lot of package updates and additions since v1.2.0 and you are encouraged to give it a spin.

• Based on 2.6.10-1.12_FC2 or 2.6.10-1.12_FC2smp kernel.
• New NST WUI Look-and-Feel and navigation.
• New NST WUI log viewer with auto-refresh.
• Updated security/networking tools to date.
• Better nessus and snort integration.
• Added the Firewall Builder application.
• Added the clamav anti-virus application.

2005-Feb-05

We are closing in on the 1.2.1 release. There have been many package updates and additions. Feel free to browse the change log for details of what's coming.

2004-November-19

We are pleased to announce the release of v1.2.0 of the NST. This is the first public release of the NST based upon the Fedora Core 2 distribution. You will find many additions in this release. The change log has details about what has changed since v1.0.6. In general:

• Moving from the RedHat 9 base distribution to Fedora Core 2 has increased compatibility with newer hardware (in particular wireless cards and serial ATA drives). You should also be able to boot from USB and SCSI attached CDROM drives now (providing your BIOS supports it).
• Security/Networking applications have been updated to the latest version.
• A lot of work has been done to enhance the graphical desktop.
• One is now able to install the NST distribution to hard disk has been added. You will need to use nsthdinstall --help-long for information until Paul finishes creating a FAQ and/or tutorial.
• The postgresql database has been added and integrated.
• Java programs, applets and Web Start applications can now be run.

2004-October-14

We are getting closer to a Fedora Core 2 NST v1.2.0 release. A significant number of packages have been added to this NST distribution. We are now using the transparent-compression ISO 9660/Rock Ridge filesystem which has allowed us to use almost double the CDROM disk capacity. We've also added a Screen Shots section to the web site. Expect to see things like PostgreSQL, the BASE interface for snort, Java run time support, the ability to install NST to a hard disk partition, and a lot more in the v1.2.0 release.

2004-September-21

A lot of progress has been made towards the v1.2.0 release. We have a pretty solid build going. In addition to the Fedora migration, we have updated the window manager to fluxbox, we have added a nsthdinstall script allowing one to install the NST to a hard disk partion, and have starting looking at several other packages which one might find handy while working on network security.

2004-August-27

This release v1.0.6 is mostly a maintenace distribution. Significant work was done on making the nessus network security scanner application easy to use from both the command line and NST Web User Interface (WUI). The latest versions of snort, ethereal, and nmap are including in the ISO.

2004-July-11

We are releasing the 1.0.5 version of the NST. There have been MANY updates and additions - you can check the change log for details. IMPORTANT: This release starts the 'No Default Password' policy. If you simply fetch ISO image and burn it to disk, you will be prompted to set the password each time you boot the CD. You can avoid this by specifying a custom password PRIOR to burning the ISO image to disk. Refer to the Using the Network Security Toolkit and FAQ for additional details.

2004-May-4

The popularity of the NST and relatively large size of our documentation files, were causing us to hit our bandwidth limit. As a result, we have had to relocate many of the larger documents to the http://nst.sourceforge.net/nst/ mirror. If you have any bookmarks to documentation, you will want to reset them (otherwise the information you view will be dated - and eventually disappear).

2004-Apr-26

Added the ability to create MD5 message digest information for current and future released files. This includes both the NST ISO and source files. The MD5 digests are located under the associated Manifest release.

2004-Apr-26

In the NST Using documentation, a new section on 'Getting Started' was written by Paul.

2004-Apr-23

In the NST Using documentation, the section: 'NST Scripts: Kismet' was completed.

2004-Apr-18

In the NST Using documentation, the section: 'VPN: PPP Tunneled Over SSH Effective Throughput Rate Discussion' was completed.

2004-Apr-17

The NST project was mentioned on the front page of http://www.snort.org/ - it has triggered quite a bit of interest in the project. I'm sure it's nothing in comparison to what a site like snort experiences - but still, its exciting and encouraging for the developers working on this project.

2004-Apr-06

NST Version: 1.0.4 has been released. A NST ISO image file and the source code for building version 1.0.4 of the NST distribution is now available at SourceForge.net for download. This was released a little bit earlier than planned. We felt that improvements by the ethereal, snort and ntop developers as well as additional security patches from RedHat made the release worthwhile.

2004-Mar-16

NST Version: 1.0.3 has been released. A NST ISO image file and the source code for building version 1.0.3 of the NST distribution is now available at SourceForge.net for download.

2004-Mar-15

Due to a manifest problem that surfaced during the build of NST v1.0.2, we will be re-releasing a new build (NST v1.0.3) shortly. Please be patient and wait for the new release before downloading

2004-Feb-14

Paul finally finished a Getting Started with snort and ACID section in the User's Guide. Ron's been creating scripts and documentation for using two NSTs to build a VPN. He's been busy measuring throughput and creating some beautiful diagrams.

2004-Jan-19

Paul spent a lot of Sunday, setting up a system with Fedora and was excited to see how far he got in the NST build process. He was able to produce a bootable CD image without changing the NST source code, he was even able to log in as root after booting the new CD. However, the sshd and httpd servers did not come (probably missing some shared library).

2004-Jan-07

Added a Internet utility at the main web site (https://www.networksecuritytoolkit.org/nst/tools/ip.shtml) which provides a simple mechanism to allow one to create cron jobs to track the IP address (as seen by the Internet) of hosts which are behind a firewall. See the Check IP page for more information.

2003-Dec-05

NST Version: 1.0.1 has been released. A NST ISO image file and source code for building the NST distribution is available at SourceForge.net for download.

2003-Nov-25

Ron talked Paul into adding a HTML interface for ntop prior to the next release. In addition, Paul came across the firefox browser, which is a bit slow to load, but full featured.

2003-Nov-22

Paul has been working on a simple HTML interface to the snort and MySQL scripts which Ron has prepared (Ron made it trivial to setup both MySQL and snort). Paul is very impressed at the power of Open Source software like MySQL, snort, the phpMyAdmin interface for MySQL and the ACID interface for snort.

2003-Oct-28

Paul has been playing with more HTML for the Web User Interface (and has even tried to document the process in the Technical manual). Has really been fighting with httpd, sudo and xinetd to provide a means to configure a NST probe such that one can use telnet to run minicom and Ron's monitor_serial program. Its working to some degree, but does seem to have issues if the telnet connection is closed (sometimes the underlying process doesn't clean up). However, its at least worth playing with.

2003-Sep-30

The source tree is close to stable now. We are in the process of adding additional security packages and Paul has a decent start at a web based user interface for some of the common NST tasks. He's almost to the point of wanting to have the httpd daemon start up automatically on a default boot.

2003-Sep-25

Ron made the mistake of adding the @kismetLink() package to the NST distribution. He's been having too much fun driving around his neighborhoods mapping out all of the 802.11b access points. Its scary to see how few people enable WEP.

2003-Aug-06

Skeleton scripts for automating the building of NST and its associated documents are in place. Now we just need to flesh them out.

2003-Aug-04

The laddswap command was added to scan the hard disk for available Linux swap partitions. The following demonstrates its usage:

[root@probe root]# laddswap
 
*** Swap space prior to adding...
/sbin/swapon -s
Filename                        Type            Size    Used    Priority
 
*** Detecting existing swap areas...
 
*** Swap space after adding...
/sbin/swapon -s
Filename                        Type            Size    Used    Priority
/dev/hda8                       partition       538136  0       -1
[root@probe root]# free
             total       used       free     shared    buffers     cached
Mem:        319792     203220     116572          0       2060     180020
-/+ buffers/cache:      21140     298652
Swap:       538136          0     538136
[root@probe root]#

2023-Jul-22

We are pleased to announce the latest NST release: "NST 38 SVN:13644". This release is based on Fedora 38 using Linux Kernel: "kernel-6.3.12-200.fc38.x86_64". This release brings the NST distribution on par with Fedora 38.

This is mostly a maintenance release with improved NST WUI functionality. Below is a summary of the feature improvements included in this release:

• Access to the Open Vulnerability Assessment Scanner (OpenVAS) and Greenbone Vulnerability Management (Greenbone GVM) has been refactored to run as a docker container providing the full-featured vulnerability scanner. The latest Greenbone Community Edition container is used.
• An acceleration overlay and control was added to the geolocation of Dash Cam videos. See the graphic below: NST Map Data Layer - Dash Cam Track With Acceleration Overlay.
• The NST WUI ARP Scan has been enhanced to support the configured Name Service (NS) switch hosts resolver. An article on NST WUI ARP Scan usage can be found here.
• As always, the networking and security applications included have been updated to their latest version which can be found in the manifest.
• For more details related to the code changes for this release, refer to the "Change Log" page or review the change log for an individual RPM package.