 |
| Secure Your Network for Free |
USING NMAP, WIRESHARK ,SNORT, NESSUS, AND MRTG
Eric Seagren
Wesley J. Noonan Technical Editor
Eric S. Seagren (CISA, CISSP-ISSAP, SCNP, CCNA, CNE-4,
MCP+I, MCSE-NT) has 10 years of experience in the computer
industry, with the last eight years spent in the financial services
industry working for a Fortune 100 company. Eric started his computer
career working on Novell servers and performing general network
troubleshooting for a small Houston-based company. Since he
has been working in the financial services industry, his position and
responsibilities have advanced steadily. His duties have included
server administration, disaster recovery responsibilities, business continuity
coordinator,Y2K remediation, network vulnerability assessment,
and risk management responsibilities. He has spent the last
few years as an IT architect and risk analyst, designing and evaluating
secure, scalable, and redundant networks.
Eric has worked on several books as a contributing author or
technical editor.These include Hardening Network Security (McGraw-
Hill), Hardening Network Infrastructure (McGraw-Hill), Hacking
Exposed: Cisco Networks (McGraw-Hill), Configuring Check Point
NGX VPN-1/FireWall-1 (Syngress), Firewall Fundamentals (Cisco
Press), and Designing and Building Enterprise DMZs (Syngress). He has
also received a CTM from Toastmasters of America.
I would like to express my gratitude to several people who have
helped me make this book a reality. First and foremost I would like
to say thank you to Sandra and Angela, for their support, patience,
and understanding during the entire process. I would like to thank
Wes, for the quality and consistency of his constructive feedback. I
would also like to thank Holla, for providing the original spark of
an idea that eventually evolved into this book (specifically Chapters
2 and 7), and Moe, for being supportive when the opportunity presented itself.
Technical Editors
Wesley J. Noonan (Houston,Texas) has worked in the computer
industry for more than 12 years, specializing in Windows-based networks
and network infrastructure security design and implementation.
He is a Staff Quality Engineer for NetIQ, working on the
company’s security solutions product line.Wes was the author of
Hardening Network Infrastructure (McGraw-Hill) and was a contributing/
coauthor for The CISSP Training Guide (Que Publishing),
Hardening Network Security (McGraw-Hill), Designing and Building
Enterprise DMZs (Syngress), and Firewall Fundamentals (Cisco Press).
Wes was also the technical editor for Hacking Exposed: Cisco
Networks (McGraw-Hill). He contributes to Redmond magazine,
writing on the subjects of network infrastructure and security, and
he maintains a Windows Network Security section called “Ask the
Experts” for Techtarget.com (http://searchwindowssecurity.
techtarget.com/ateAnswers/0,289620,sid45_tax298206,00.html).
Wes has also presented at TechMentor 2004.
Wes lives in Houston,Texas.
Stephen Watkins (CISSP) is an Information Security Professional
with more than 10 years of relevant technology experience,
devoting eight of these years to the security field. He currently
serves as Information Assurance Analyst at Regent University in
southeastern Virginia. Before coming to Regent, he led a team of
security professionals providing in-depth analysis for a global-scale
government network. Over the last eight years, he has cultivated his
expertise with regard to perimeter security and multilevel security
architecture. His Check Point experience dates back to 1998 with
FireWall-1 version 3.0b. He has earned his B.S. in Computer
Science from Old Dominion University and M.S. in Computer
Science, with Concentration in Infosec, from James Madison
University. He is nearly a lifelong resident of Virginia Beach, where
he and his family remain active in their church and the local Little League.
Stephen was the technical editor for Chapter 3.
Contents
Chapter 1 Presenting the Business
Case for Free Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
The Costs of Using Free Security Solutions . . . . . . . . . . . . . .2
Training Costs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
Hardware Costs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
Consulting Costs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
Hidden Costs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
The Savings of Using Free Security Solutions . . . . . . . . . . . .6
Purchase Costs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6
Maintenance Costs . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
Customization Costs . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
Comparing Free Solutions with Commercial Solutions . . . . .8
Strengths of Free Solutions . . . . . . . . . . . . . . . . . . . . . . .9
Weaknesses of Free Solutions . . . . . . . . . . . . . . . . . . . . .10
Evaluating Individual Solutions . . . . . . . . . . . . . . . . . . .12
“Selling” a Free Solution . . . . . . . . . . . . . . . . . . . . . . . . . . .16
Selling by Doing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Presenting a Proposal . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . .21
Chapter 2 Protecting Your Perimeter
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
Firewall Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
Firewall Architectures . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27
Screened Subnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27
One-Legged . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28
True DMZ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
Implementing Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . .31
Hardware versus Software Firewalls . . . . . . . . . . . . . . . .32
Configuring netfilter . . . . . . . . . . . . . . . . . . . . . . . . . . .32
Choosing a Linux Version . . . . . . . . . . . . . . . . . . . . .32
Choosing Installation Media . . . . . . . . . . . . . . . . . . .33
Linux Firewall Operation . . . . . . . . . . . . . . . . . . . . .36
Configuration Examples . . . . . . . . . . . . . . . . . . . . . .42
GUIs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .55
Smoothwall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .76
Configuring Windows Firewall . . . . . . . . . . . . . . . . . . .85
Providing Secure Remote Access . . . . . . . . . . . . . . . . . . . . .86
Providing VPN Access . . . . . . . . . . . . . . . . . . . . . . . . . .87
Using Windows as a VPN Concentrator . . . . . . . . . .89
iPig . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .93
OpenSSL VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98
Providing a Remote Desktop . . . . . . . . . . . . . . . . . . . .108
Windows Terminal Services . . . . . . . . . . . . . . . . . . .109
VNC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .113
Using the X Window System . . . . . . . . . . . . . . . . .119
Providing a Remote Shell . . . . . . . . . . . . . . . . . . . . . .125
Using Secure Shell . . . . . . . . . . . . . . . . . . . . . . . . .126
Using a Secure Shell GUI Client . . . . . . . . . . . . . . .128
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .130
Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . .131
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . .132
Chapter 3 Protecting Network Resources
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .134
Performing Basic Hardening . . . . . . . . . . . . . . . . . . . . . . .134
Defining Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135
Access Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .137
Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .137
Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138
Auditing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138
Hardening Windows Systems . . . . . . . . . . . . . . . . . . . . . . .139
General Hardening Steps . . . . . . . . . . . . . . . . . . . . . . .139
Users and Groups . . . . . . . . . . . . . . . . . . . . . . . . . .142
File-Level Access Controls . . . . . . . . . . . . . . . . . . . .147
Additional Steps . . . . . . . . . . . . . . . . . . . . . . . . . . .152
Using Microsoft Group Policy Objects . . . . . . . . . . . . .153
Account Lockout Policy . . . . . . . . . . . . . . . . . . . . .159
Audit Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160
User Rights Assignment . . . . . . . . . . . . . . . . . . . . .160
Hardening Linux Systems . . . . . . . . . . . . . . . . . . . . . . . . .164
General Hardening Steps . . . . . . . . . . . . . . . . . . . . . . .164
Users and Groups . . . . . . . . . . . . . . . . . . . . . . . . . .165
File-Level Access Controls . . . . . . . . . . . . . . . . . . . .168
Using the Bastille Hardening Script . . . . . . . . . . . . . . .172
Using SELinux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173
Hardening Infrastructure Devices . . . . . . . . . . . . . . . . . . . .175
Patching Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .176
Patching Windows Systems . . . . . . . . . . . . . . . . . . . . .177
Patching Linux Systems . . . . . . . . . . . . . . . . . . . . . . . .179
Personal Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .180
Windows Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . .180
Netfilter Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . .187
Configuring TCP Wrappers . . . . . . . . . . . . . . . . . . . . .187
Providing Antivirus and Antispyware Protection . . . . . . . . .188
Antivirus Software . . . . . . . . . . . . . . . . . . . . . . . . . . . .189
Clam AntiVirus . . . . . . . . . . . . . . . . . . . . . . . . . . .189
Using Online Virus Scanners . . . . . . . . . . . . . . . . . .196
Antispyware Software . . . . . . . . . . . . . . . . . . . . . . . . .196
Microsoft Windows Defender . . . . . . . . . . . . . . . . .197
Microsoft Malicious Software Removal Tool . . . . . .200
Encrypting Sensitive Data . . . . . . . . . . . . . . . . . . . . . . . . .201
EFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .202
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .209
Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . .209
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . .212
Chapter 4 Configuring an Intrusion Detection System
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .216
Intrusion Detection Systems . . . . . . . . . . . . . . . . . . . . . . .216
Configuring an Intrusion Detection System . . . . . . . . . . . .217
Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . .218
Placing Your NIDS . . . . . . . . . . . . . . . . . . . . . . . . . . .218
Configuring Snort on a Windows System . . . . . . . . . . . . .221
Installing Snort . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .222
Configuring Snort Options . . . . . . . . . . . . . . . . . . . . .225
Using a Snort GUI Front End . . . . . . . . . . . . . . . . . . .231
Configuring IDS Policy Manager . . . . . . . . . . . . . .232
Configuring Snort on a Linux System . . . . . . . . . . . . . . . .240
Configuring Snort Options . . . . . . . . . . . . . . . . . . . . .240
Using a GUI Front End for Snort . . . . . . . . . . . . . . . .246
Basic Analysis and Security Engine . . . . . . . . . . . . .246
Other Snort Add-Ons . . . . . . . . . . . . . . . . . . . . . . . . . . . .254
Using Oinkmaster . . . . . . . . . . . . . . . . . . . . . . . . . . . .254
Additional Research . . . . . . . . . . . . . . . . . . . . . . . . . .256
Demonstrating Effectiveness . . . . . . . . . . . . . . . . . . . . . . .257
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .258
Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . .259
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . .261
Chapter 5 Managing Event Logs
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .264
Generating Windows Event Logs . . . . . . . . . . . . . . . . . . . .264
Using Group Policy to Generate Windows Events Logs 267
Generating Custom Windows Event Log Entries . . . . .274
Collecting Windows Event Logs . . . . . . . . . . . . . . . . .275
Analyzing Windows Event Logs . . . . . . . . . . . . . . . . . .277
Generating Syslog Event Logs . . . . . . . . . . . . . . . . . . . . . .279
Windows Syslog . . . . . . . . . . . . . . . . . . . . . . . . . . . . .282
Generating Syslog Events . . . . . . . . . . . . . . . . . . . .282
Receiving Syslog Events . . . . . . . . . . . . . . . . . . . . .295
Linux Syslog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .297
Generating Syslog Events . . . . . . . . . . . . . . . . . . . .297
Encrypting Syslog Traffic . . . . . . . . . . . . . . . . . . . . .298
Receiving Syslog Events on a Linux Host . . . . . . . .311
Analyzing Syslog Logs on Windows and Linux . . . . . . .312
Windows Log Analysis . . . . . . . . . . . . . . . . . . . . . .313
Linux Log Analysis . . . . . . . . . . . . . . . . . . . . . . . . .321
Securing Your Event Logs . . . . . . . . . . . . . . . . . . . . . . . . .327
Ensuring Chain of Custody . . . . . . . . . . . . . . . . . . . . .328
Ensuring Log Integrity . . . . . . . . . . . . . . . . . . . . . . . .329
Applying Your Knowledge . . . . . . . . . . . . . . . . . . . . . . . . .331
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .333
Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . .333
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . .335
Chapter 6 Testing and Auditing Your Systems
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .338
Taking Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .338
Locating and Identifying Systems . . . . . . . . . . . . . . . . .339
Nmap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .341
Super Scanner . . . . . . . . . . . . . . . . . . . . . . . . . . . .347
Angry IP Scanner . . . . . . . . . . . . . . . . . . . . . . . . . .351
Scanline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .352
Special-Purpose Enumerators . . . . . . . . . . . . . . . . .355
Locating Wireless Systems . . . . . . . . . . . . . . . . . . . . . .357
Network Stumbler . . . . . . . . . . . . . . . . . . . . . . . . .358
Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .361
Network Topology Maps . . . . . . . . . . . . . . . . . . . . .362
Access Request Forms . . . . . . . . . . . . . . . . . . . . . .364
Business Continuity and Disaster Recovery Plans . . .365
IT Security Policies/Standards/Procedures . . . . . . . .365
Vulnerability Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . .366
Nessus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .367
Running Nessus on Windows . . . . . . . . . . . . . . . . .368
Running Nessus on Linux . . . . . . . . . . . . . . . . . . .371
X-Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .375
Microsoft Baseline Security Analyzer . . . . . . . . . . . . . .379
OSSTMM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .382
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .386
Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . .386
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . .387
Chapter 7 Network Reporting and Troubleshooting
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .390
Reporting on Bandwidth Usage and Other Metrics . . . . . .390
Collecting Data for Analysis . . . . . . . . . . . . . . . . . . . . . . . .392
Understanding SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . .394
Configuring Multi Router Traffic Grapher . . . . . . . . . .397
Configuring MZL & Novatech TrafficStatistic . . . . . . .400
Configuring PRTG Traffic Grapher . . . . . . . . . . . . . . .403
Configuring ntop . . . . . . . . . . . . . . . . . . . . . . . . . . . .412
Enabling SNMP on Windows Hosts . . . . . . . . . . . . . .418
Enabling SNMP on Linux Hosts . . . . . . . . . . . . . . . . .421
Troubleshooting Network Problems . . . . . . . . . . . . . . . . . .424
Using a GUI Sniffer . . . . . . . . . . . . . . . . . . . . . . . . . .425
Using a Command-Line Sniffer . . . . . . . . . . . . . . . .433
Additional Troubleshooting Tools . . . . . . . . . . . . . . . . . . . .438
Netcat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .439
Tracetcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .439
Netstat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .440
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .442
Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . .442
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . .444
Chapter 8 Security as an Ongoing Process
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .448
Patch Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .448
Network Infrastructure Devices . . . . . . . . . . . . . . . . . .452
Operating System Patches . . . . . . . . . . . . . . . . . . . . . .453
Application Patches . . . . . . . . . . . . . . . . . . . . . . . . . . .453
Change Management . . . . . . . . . . . . . . . . . . . . . . . . . . . .454
Change Causes Disruption . . . . . . . . . . . . . . . . . . . . . .454
Inadequate Documentation Can Exacerbate Problems . .455
Change Management Strategy . . . . . . . . . . . . . . . . . . .455
Antivirus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .459
Antispyware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .459
Intrusion Detection Systems . . . . . . . . . . . . . . . . . . . . . . .460
Vulnerability Scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . .460
Vulnerability Management Cycle . . . . . . . . . . . . . . . . .461
Roles and Responsibilities . . . . . . . . . . . . . . . . . . . . . .463
Penetration Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .463
Obtaining the Support of Senior Management . . . . . . .464
Clarify What You Are Buying . . . . . . . . . . . . . . . . . . . .464
Policy Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .465
Physical Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .466
CERT Team . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .468
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .470
Solutions Fast Track . . . . . . . . . . . . . . . . . . . . . . . . . . . . .470
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . .472
Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475
● Screenshot ●
Purchase Now !
Just with Paypal
Just with Paypal
Product details
Price
|
|
|---|---|
File Size
| 7,389 KB |
Pages
|
507 p |
File Type
|
PDF format |
ISBN-10
ISBN-13 | 1-59749-123-3 978-1-59749-123-5 |
Copyright
|
2007 by Elsevier
|
●▬▬❂❂▬▬●
●▬❂▬●
●❂●
═════● ●═════
