Network Security Toolkit (NST)

Some of the older news - which has manually scrolled off the front page.

Old News

2007-May-30

A new stable update for the NST WUI management interface is now available for the NST v1.5.0 release. This update includes many enhancements to the Network Packet Capture Interface and bug fixes to the NST WUI. See the README associated with the update for further details. Use the "System" => "NST WUI Update Management" page for installation.

2007-Mar-15

A stable update for the NST WUI management interface is now available for the NST v1.5.0 release. This update include many enhancements and bug fixes to the NST WUI. See the README associated with the update for further details. Use the "System" => "NST WUI Update Management" page for installation.

2007-Feb-25

We have just added an NST Wiki site. NST users please feel free to setup an account and share your experiences, advice and/or interesting topics associated with the NST distribution.

2007-Feb-23

The shell services at SourceForge have been down for the past 11 days. Unfortunately this occurred right in the middle of the NST 1.5.0 release. While we have been unable to update the web server during this time period, we were able to upload the files associated with the 1.5.0 release. These files, as many of you have already discovered, have been available for the past 11 days. We will finalize the release today by updating the on-line documentation files at the web server (what you are reading now).

2007-Feb-12

We are pleased to announce the latest NST release: "v1.5.0". This release is based on Fedora Core 5 using the Linux Kernel: "2.6.18-1.2257.fc5". Here are some of the highlights for this release:

• The NST Web User Interface (WUI), has been greatly enhanced and cleaned up. Some note worthy enhancements include:
  • Extensive additions to managing and analyzing network packet captures. This includes packet capture uploading to a probe and comprehensive HTML reports generated from PDML output.
  • The ability to setup and manage printers (you can easily turn a NST system into print server). This was accomplished by adding a CUPS Management NST WUI page.
  • The ability to easily mount many different supported file system types.
  • The ability to manage the NST as a file server (both NFS and CIFS).
  • The ability to upload files to the NST system.
  • The ability to edit All ASCII files on the NST probe.
• The addition of the Inprotect package (a Nessus manager), the nstinprotect supporting script and a WUI front end to help walk one through the setup. A new article: "Inprotect Setup Guide", will help guide you through the Inprotect setup process.
• The addition of the Zabbix package (another network resource monitoring tool - similar to Nagios), the nstzabbix supporting script and a WUI front end to help walk one through the setup.
• We transitioned from Fedora Core 4 to Fedora Core 5 as the underlying base of the NST.
• As always, most networking and security applications included have been updated to their latest version (See the "Change Log" for individual package updates).

2007-Feb-1

We're closing in on the v1.5.0 release. We are currently in the testing and review stage and anticipate finishing up in a few weeks.

2006-Dec-2

Finished up the first revision of the "Inprotect Setup Guide" document. Hopefully this will be useful to those that are interested in using Inprotect (a really nice front end to Nessus) which will be bundled with the 1.5.0 release of the NST.

2006-Aug-17

We are pleased to announce the latest NST release: v1.4.2. This release is based on Fedora Core 4 using the Linux Kernel: 2.6.17-1.2142_FC4 or 2.6.17-1.2142_FC4smp. Many new NST WUI features and capabilities have been included with this distribution:

• The addition of fruity, fruity templates and the nstfruity script to simplify the management of nagios.
• The addition of sguil and the nstsguil script to simplify the setup and use of sguil (sorry - no NST WUI interface page yet).
• The addition of the barnyard link package (primarily to support sguil).
• The addition of niktorat reports and a NST WUI management page to simplify the use of nikto.
• The addition of the tidy plugin for firefox to aid one in validating the HTML produced by web servers.
• The addition of p0f and a NST WUI management page to allow one to passively determine the host OS from captured network data.
• Cleaned up DHCP configuration so that it should work cleanly even if one sets up DHCP on a interfaces other than eth0.
• We have transitioned from the network protocol analyzer: Ethereal to the new Wireshark.
• The Network Packet Capture web-based front-end has again been enhanced with more filters and XML processing.
• The removal of the "@" character from the default password (this was causing issues for people with non-US keyboards).
• Added the THC-secure_delete package.
• This marks the first release where both a ISO and Virtual Machine version of the NST will be available.
• As always, most networking and security applications included have been updated to their latest version and continued refinement of the NST WUI.

2006-July-18

NST has transitioned from the network protocol analyzer: Ethereal to the new Wireshark version: 0.99.2. This will be available in the pending NST v1.4.2 release.

2006-July-13

We've moved the web site to a new web hosting service. The site may be temporarily unreachable during the 13th-14th as we make the move.

2006-June-22

We've made it possible to download the Network Security Toolkit (NST) Virtual Machine v1.4.1 using a normal browser from the SourceForge Files Page as well as using the Torrent method provided at the VMware website.

Download NST Virtual Machine

2006-June-5

The latest NST release: v1.4.1 is now available as a VMware virtual machine download. See the Network Security Toolkit (NST) Virtual Machine page at the VMware website to download.

This release is based on Fedora Core 4 using the Linux Kernel: 2.6.16-1.2108_FC4 or 2.6.16-1.2108_FC4smp. Some of the highlights for the new release include:

• A enterprise class patch management system for NST WUI updates and system file patches and updates.
• A new nstvmware script to facilitate the use of NST within a VMware virtual machine.
• The inclusion of the VMware Tools and modules to optimize the NST performance within a VMware virtual machine.
• Some nice 'look-and-feel' enhancements to the X and NST WUI interface.
• Many new enhancements to the NST WUI database management pages for both the MySQL and PostgreSQL database servers.
• Replaced the NST WUI network protocol anaylzer capture engine: "tethereal" with the new light-weight "dumpcap" application which is part of the new "ethereal" v0.99.0 protocol analyzer suite.
• Many networking and security applications have been updated to their latest version.
• We've decided to wait until the v1.4.2 release to do a SourceForge Live CD release.

2006-Apr-30

It had taken awhile, but we have a much better understanding of what is required to make the NST run well within a VMware virtual machine. We will be including a new nstvmware script in the 1.4.1 release as well as the necessary VMware modules and tools to enhance the performance of the NST when run from within VMware.

2006-Mar-01

We are pleased to announce the latest NST release: v1.4.0. This release is based on Fedora Core 4 using the Linux Kernel: 2.6.15-1.1831_FC4 or 2.6.15-1.1831_FC4smp. Many new NST WUI features and capabilities have been included with this distribution:

• Time Management - NTP, hardware clock and system clock management.
• Network Packet Capture - An enhanced NST WUI web-based front-end to the tethereal network protocol anaylzer.
• Network Packet Capture Manager - Provides a means to manage network packet capture files on a NST probe.
• An enhanced NST WUI web-based file system mounting page.
• PDF rendering for most output including network packet capture decoding.
• Enhanced directory and file viewing pages with auto refresh.
• Introduced browser session saving for many NST WUI pages.
• Add a simpilfied front-end to the NST WUI for beginner users.
• Network Monitoring - integrated the Nagios networking tool into the NST WUI.
• Better navigation and flow when using the NST WUI pages.

Most networking and security applications have been updated to their latest version.

2006-Feb-07

We are still testing the 1.4.0 release. Things are progressing well.

2006-Jan-11

Before we finished the 1.4.0 release, we decided that we would update the source code to support the x86_64 architecture as well as the i386 architecture. This has resulted in a considerable delay in finishing the 1.4.0 release. This is due to the fact that Ron and have been going through what we call dog days where we update and test hundreds of scripts to support non-Intel architectures. We had hoped to finish by the end of January, but this is optimistic.

2005-Nov-06

We are closing in the 1.4.0 release of the NST (maybe within the next 30 days). It took us awhile to get everything up and running under Fedora Core 4, but we are satisfied that it was worth the effort. Ron is really excited about his enhancements to the network capture page in the NST WUI (its a really good sign when Ron gets excited about a network tool).

2005-Sep-09

We have started the process of moving the NST to Fedora Core 4 from Fedora Core 2. We are not certain how long the transition will take. Please be advised that the manifest for the NST under development (1.4.0) will be in a state of flux. Please refer to the 1.2.3 manifest for a list of tools available on the released ISO image.

2005-Sep-05

We are pleased to announce the 1.2.3 release of the NST. We have spent a considerable amount of time enhancing the management capabilities of the NST probe in addition to bringing the security tools up to date. In particular:

• Snort rules management and configuration.
• Remote File/Directory browsing.
• VNC Session Management.
• Simplified Virus Scanning.
• And many additions to the NST web-based interface.

2005-Aug-10

We are steadily closing in on the 1.2.3 release and expect it to occur in roughly three weeks. In addition to the normal freshening and adding of packages, we've been spending a lot of time enhancing the management features of the NST with custom scripts and a lot of new web based management pages. Review the change log for more details.

2005-May-10

A new article/tutorial on using the NST on a wireless network is available (click here to view article). This article will be of most interest to those that use the NST in a wireless LAN environment.

2005-Apr-16

We have finished up our testing and are releasing version 1.2.2 of the NST. You should be able to download the newest version once it makes it way out to the SourceForge mirrors.

2005-Apr-11

We are closing in on the 1.2.2 release of the NST. There have been many more enhancements and updates - see the change log for details. The major highlights include:

• Ron added the metasploit package. Its an amazing framework for looking at vulnerabilities on your network. Ron also added a web based front end to make setting up metasploit a snap.
• The snort scripts and web based interface have been greatly enhanced. There have been many additions to allow for the full management/customization of your snort processes.
• There have been many additions and enhancements to the NST WUI (web base user interface).
• As usual, there have been many package updates since 1.2.1.

2005-Mar-25

We are starting to standardize the way in which scripts are written for the NST project. As a result, the documentation for these scripts will be accessible on-line.

2005-Feb-12

We are pleased to announce the release of v1.2.1 of the NST. There have been a lot of package updates and additions since v1.2.0 and you are encouraged to give it a spin.

• Based on 2.6.10-1.12_FC2 or 2.6.10-1.12_FC2smp kernel.
• New NST WUI Look-and-Feel and navigation.
• New NST WUI log viewer with auto-refresh.
• Updated security/networking tools to date.
• Better nessus and snort integration.
• Added the Firewall Builder application.
• Added the clamav anti-virus application.

2005-Feb-05

We are closing in on the 1.2.1 release. There have been many package updates and additions. Feel free to browse the change log for details of what's coming.

2004-November-19

We are pleased to announce the release of v1.2.0 of the NST. This is the first public release of the NST based upon the Fedora Core 2 distribution. You will find many additions in this release. The change log has details about what has changed since v1.0.6. In general:

• Moving from the RedHat 9 base distribution to Fedora Core 2 has increased compatibility with newer hardware (in particular wireless cards and serial ATA drives). You should also be able to boot from USB and SCSI attached CDROM drives now (providing your BIOS supports it).
• Security/Networking applications have been updated to the latest version.
• A lot of work has been done to enhance the graphical desktop.
• One is now able to install the NST distribution to hard disk has been added. You will need to use nsthdinstall --help-long for information until Paul finishes creating a FAQ and/or tutorial.
• The postgresql database has been added and integrated.
• Java programs, applets and Web Start applications can now be run.

2004-October-14

We are getting closer to a Fedora Core 2 NST v1.2.0 release. A significant number of packages have been added to this NST distribution. We are now using the transparent-compression ISO 9660/Rock Ridge filesystem which has allowed us to use almost double the CDROM disk capacity. We've also added a Screen Shots section to the web site. Expect to see things like PostgreSQL, the BASE interface for snort, Java run time support, the ability to install NST to a hard disk partition, and a lot more in the v1.2.0 release.

2004-September-21

A lot of progress has been made towards the v1.2.0 release. We have a pretty solid build going. In addition to the Fedora migration, we have updated the window manager to fluxbox, we have added a nsthdinstall script allowing one to install the NST to a hard disk partion, and have starting looking at several other packages which one might find handy while working on network security.

2004-August-27

This release v1.0.6 is mostly a maintenace distribution. Significant work was done on making the nessus network security scanner application easy to use from both the command line and NST Web User Interface (WUI). The latest versions of snort, ethereal, and nmap are including in the ISO.

2004-July-11

We are releasing the 1.0.5 version of the NST. There have been MANY updates and additions - you can check the change log for details. IMPORTANT: This release starts the 'No Default Password' policy. If you simply fetch ISO image and burn it to disk, you will be prompted to set the password each time you boot the CD. You can avoid this by specifying a custom password PRIOR to burning the ISO image to disk. Refer to the Using the Network Security Toolkit and FAQ for additional details.

2004-May-4

The popularity of the NST and relatively large size of our documentation files, were causing us to hit our bandwidth limit. As a result, we have had to relocate many of the larger documents to the http://nst.sourceforge.net/nst/ mirror. If you have any bookmarks to documentation, you will want to reset them (otherwise the information you view will be dated - and eventually disappear).

2004-Apr-26

Added the ability to create MD5 message digest information for current and future released files. This includes both the NST ISO and source files. The MD5 digests are located under the associated Manifest release.

2004-Apr-26

In the NST Using documentation, a new section on 'Getting Started' was written by Paul.

2004-Apr-23

In the NST Using documentation, the section: 'NST Scripts: Kismet' was completed.

2004-Apr-18

In the NST Using documentation, the section: 'VPN: PPP Tunneled Over SSH Effective Throughput Rate Discussion' was completed.

2004-Apr-17

The NST project was mentioned on the front page of http://www.snort.org/ - it has triggered quite a bit of interest in the project. I'm sure it's nothing in comparison to what a site like snort experiences - but still, its exciting and encouraging for the developers working on this project.

2004-Apr-06

NST Version: 1.0.4 has been released. A NST ISO image file and the source code for building version 1.0.4 of the NST distribution is now available at SourceForge.net for download. This was released a little bit earlier than planned. We felt that improvements by the ethereal, snort and ntop developers as well as additional security patches from RedHat made the release worthwhile.

2004-Mar-16

NST Version: 1.0.3 has been released. A NST ISO image file and the source code for building version 1.0.3 of the NST distribution is now available at SourceForge.net for download.

2004-Mar-15

Due to a manifest problem that surfaced during the build of NST v1.0.2, we will be re-releasing a new build (NST v1.0.3) shortly. Please be patient and wait for the new release before downloading

2004-Feb-14

Paul finally finished a Getting Started with snort and ACID section in the User's Guide. Ron's been creating scripts and documentation for using two NSTs to build a VPN. He's been busy measuring throughput and creating some beautiful diagrams.

2004-Jan-19

Paul spent a lot of Sunday, setting up a system with Fedora and was excited to see how far he got in the NST build process. He was able to produce a bootable CD image without changing the NST source code, he was even able to log in as root after booting the new CD. However, the sshd and httpd servers did not come (probably missing some shared library).

2004-Jan-07

Added a Internet utility at the main web site (http://nst.sourceforge.net/nst/cgi-bin/ip.cgi) which provides a simple mechanism to allow one to create cron jobs to track the IP address (as seen by the Internet) of hosts which are behind a firewall. See the Check IP page for more information.

2003-Dec-05

NST Version: 1.0.1 has been released. A NST ISO image file and source code for building the NST distribution is available at SourceForge.net for download.

2003-Nov-25

Ron talked Paul into adding a HTML interface for ntop prior to the next release. In addition, Paul came across the firefox browser, which is a bit slow to load, but full featured.

2003-Nov-22

Paul has been working on a simple HTML interface to the snort and MySQL scripts which Ron has prepared (Ron made it trivial to setup both MySQL and snort). Paul is very impressed at the power of Open Source software like MySQL, snort, the phpMyAdmin interface for MySQL and the ACID interface for snort.

2003-Oct-28

Paul has been playing with more HTML for the Web User Interface (and has even tried to document the process in the Technical manual). Has really been fighting with httpd, sudo and xinetd to provide a means to configure a NST probe such that one can use telnet to run minicom and Ron's monitor_serial program. Its working to some degree, but does seem to have issues if the telnet connection is closed (sometimes the underlying process doesn't clean up). However, its at least worth playing with.

2003-Sep-30

The source tree is close to stable now. We are in the process of adding additional security packages and Paul has a decent start at a web based user interface for some of the common NST tasks. He's almost to the point of wanting to have the httpd daemon start up automatically on a default boot.

2003-Sep-25

Ron made the mistake of adding the kismet package to the NST distribution. He's been having too much fun driving around his neighborhoods mapping out all of the 802.11b access points. Its scary to see how few people enable WEP.

2003-Aug-06

Skeleton scripts for automating the building of NST and its associated documents are in place. Now we just need to flesh them out.

2003-Aug-04

The laddswap command was added to scan the hard disk for available Linux swap partitions. The following demonstrates its usage:

[root@probe root]# laddswap
 
*** Swap space prior to adding...
/sbin/swapon -s
Filename                        Type            Size    Used    Priority
 
*** Detecting existing swap areas...
 
*** Swap space after adding...
/sbin/swapon -s
Filename                        Type            Size    Used    Priority
/dev/hda8                       partition       538136  0       -1
[root@probe root]# free
             total       used       free     shared    buffers     cached
Mem:        319792     203220     116572          0       2060     180020
-/+ buffers/cache:      21140     298652
Swap:       538136          0     538136
[root@probe root]#