The second is called nessus, you can download from the Web site, on http://www.nessus.org nessus use client/server architecture to work, the source code follows the posix standard, can run on many unix versions-even a client based on win32 .nessus rely on nmap (you know, no nmap, nessus will not be able to run), GUI clients also need GTK library function support.
Nessus is the current version by nessus, 1.06, you can use a command scans the entire network. This command is the network address, for example, in the target box, type 192.168.1.0/24, will scan the entire subnet 255 machine. Although not less than the nessus, nmap complex but it is not only easy to use, features many. for example, it can generate reports that compare the differences in the reports, another feature ... is quite interesting: nessus to port scanning problems discovered in the solution, as long as these machines are unix systems, these proposals generally useful for other operating systems, not so right, but this is not a problem. The following is a very vulnerable machine example nessus there is another great feature is that it can run the plug-ins, so that every time in any place to discover new vulnerabilities, it can quickly upgrade. Nessus is a system management tool that really need and Mr. Deraison Mercibeaucoup do terrific. Both tools in a linux machine and other different operating systems network tested, LinuxRH6.2, Irix6.5.7, Solaris2.6, NeXTStep3.3, QNXRT, BeOS5.0, AmigaOS3.5, NotTerminated4.0. in most of the platform test results impressive, of course, there was no real Amiga system has been certified, (because it looks like a printer or a router!), but who now's network has the operating system yet (other than us)? Anyway, the whole some tools is today the network must have tools. In order to put an end to this chapter, let's mention some other tools like SARA (http://www-arc.com/sara/), or its predecessor SATAN (http://www.porcupine.org/satan/) or AINT (http://www.wwdsi.com). they do not however port scanners and they are very useful to improve network security. Fourth, sniffing system some tools to find a port scan or intrusion. standard systems management can not live without this tool (it's a little paranoid!). The first set of tool set from the abacus project you can get these tools from http://www.psionic.com. contains three tools: portsentry, hostsentry and logcheck. Logcheck version is version 1.1.1, portsentry, hostsentry is 1.0 version is 0.0.2alpa. Portsentry is a port scan found tools, like the name says, if the port is a scan, portsentrt immediately blocking race host, or is using a firewall discards routing (or an unused ip address), or as long as TCPWrapper is installed on your machine, the hacker's IP address to write into the/etc/hosts.deny file, the reaction is fairly efficient! Portsentry relies on one of the main configuration file and some special files, these special files are used to ignore some hosts (that is not blocking them), or is blocking certain ports on some hosts. Through the configuration file, you can define portsentry work. First, you must select a coconut palm to portsentry on port is TCP or UDP, (or both), note that if you use X11, it cannot bind to port 6000! follow the unix system you use, you have two different actions to monitor port, now only linux support advanced mode. The next step is plugging the option either to jam or not blocking scan, or to run an external command. Then select the discard routing, or redirect the attacker to a network does not use the IP address or a port on the firewall. The next step is associated with TCPWrapper, that is, you have to decide is not writing a denial of entry into the/etc/hosts.deny file. Then you can define an external command to run, and finally, you can choose to scan a single trigger value (the default is 0). The above is you have to do, we will assume that you know everything about logging. Because, obviously, all the warning is logged. This means that if you want to put the final warning to/var/log/messages or var/log/syslog or/var/adm/messages etc file somewhere outside, you can modify your syslog.conf file. You can choose to run in the background, portsentry, this option depends on your system, in most unix versions you can use the-tcp, udp option,-linux machine you can use-atcp,-audp options. (A representation of the Advanced) Let's take a look at the scan of a computer running a machine when portsentry. If you are a each week to see a log of the system administrator (you should change the work), the abacus project providesAnother tool: logcheck. If in the journal of abnormal phenomena found, the tool performs a cron task and send an e-mail to the administrator. This suite is the latest tool called hostsentry, looks pretty interesting, but I have not tested. If you want a great, simple and efficient tools, selected portsentry! Thank you Mr. Rowland, his work is very great, by the way, I like his sense of humor. In addition a system administrator is really indispensable tool called snort. Snort is an IDS (intrusion detection system) and very precise lightweight tools-you can download from http://www.snort.org 1.6.3 version of snort. it is said can be and libpcap work platform run-it is best to use the latest versions of libpcap. Incidentally, you can get the win32 version of snort. Snort can analyze ip streams, provides a very robust logging capabilities .snort relies on rules scripts, you can monitor you want to monitor. Even give you a rules database, so that you will have to make an important decision: the place where the detector, or if you ask, well kind of traffic you want to monitor, this, out buildings in firewall external or internal? We prefer to recommend any one place!!! This to me, is a serious problem, if you are a "standard" systems administrator, probes, the more the better. Now you decided to listen to somewhere that you must select the apply rule .snort with lots of basic rules, backdoor, ddos, finger, ftp ... These rules are put in snort-lib file, you can get snort website for new and upgrade rules. You just make a snort set option to run as a background task on it, if you want to run snort as a daemon, option D is-because you can redirect the log, so you can define the log record where, or even another machine. In this article refers to all the features of snort is impossible, this article can only tell you part. regardless of the so to speak. Nort is another you essential tools .snort is very great tool-I would like to thank Mr Roesch. some free tools: for example http://www.cs.tut.fi/~rammer/aide.html introduced AIDE. 5. encryption in this area there are many tools that we can't all said to them, anyway, we at least want to talk about SSH, especially the free version of openSSH from http://www.openssh.com on get it now version is 2.3.0, this great product originally developed on the openbsd, you can now run on many Unix versions. Openssh is telnet and other remote commands such as rsh, rlogin and other alternatives. it contains the scp the ftp and rcp alternatives .openssh can network transmission of data is encrypted, rsh, etc .telnet clear, of course, contains the password for transfer! Therefore, you should no longer use these tools, but should instead use openssh. This was a bit forced, let us little fascist! The problem is that this kind of tools and encryption method, some countries are very strict, does not allow such things are software changes, but in many countries you still can not use the software freely. For example, some time ago, if you are in countries such as France use ssh, you will be deemed to be a spy, (according to the national human rights law) fortunately now is not the case, however, I recommend the use of such tools at the first reading of the relevant provisions. You can found on the Web at http://www2.epic.org/reports/crypto2000/countries.html different countries with regard to the report. After all, the encryption is very concerned about the topic, and there are many tools available to consider, let us mention http://www.openssl.org on openssl (Secure Sockets Layer) or http://www.strongcrypto.com StrongCrypto, an open source code of the VPN tool on Linux. Vpn is another solution that is worthy of a separate article for details. (Like most of the above topics and tools) for this reason, we do not wish to say anything. Obviously, we can't forget to mention the http://www.ietf.org/html.charters/openpgp-charter.html Web page openPGP and GNUpg in http://www.gnupg.org Web site.
No comments:
Post a Comment