How to Use the Net­work Se­cu­rity Toolkit

Net­work Se­cu­rity Toolkit (NST) is an anal­y­sis and val­i­da­tion tool which can be used on en­ter­prise vir­tual servers that host vir­tual ma­chines. Get ac­quainted with NST in this ar­ti­cle.

OpenSource For You - - Contents - By: Pr­erna Ma­hesh­wari The au­thor has a masters in com­merce and is a tech­nol­ogy en­thu­si­ast. Writ­ing is her hobby. She can be con­tacted at ca.pre­rnama­hesh­wari@gmail.com.

NST pro­vides a se­cu­rity toolkit for net­work ad­min­is­tra­tors. It comes with a com­plete set of open source net­work se­cu­rity tools and an ad­vanced Web user in­ter­face (WUI).

Sys­tem re­quire­ments

The Net­work Se­cu­rity Toolkit is de­signed to pro­vide many tools that run en­tirely in the RAM. Hence, it re­quires a large amount of RAM. Ta­ble 1 lists the min­i­mum sys­tem re­quire­ments.

Down­load­ing and burn­ing the ISO im­age

We can read how to down­load NST Linux and burn the ISO im­age from the NST in­struc­tional ex­er­cise. When it is done, restart the PC and be­gin the in­stal­la­tion. NST in­stalls eas­ily on Linux sys­tems.

Log­ging in

When the in­stal­la­tion is done, NST Linux cre­ates a client named ‘NST user’. You can log in with this user name and no pass­word.

NST is in­te­grated with dif­fer­ent types of tools. You can see them when you ac­cess ap­pli­ca­tions from the Ac­tiv­i­ties menu on the top left.

NST Web user in­ter­face (WUI)

The tools that ap­pear on the desk­top are just a small part of the NST ar­moury. The orig­i­nal­ity of NST Linux is the NST WUI, which is the con­trol panel or sys­tem man­age­ment tool for all that you have to do with NST. This fea­ture can't be ac­cessed un­less you fix a pass­word for the cur­rent client. To fix or change the se­cret pass­word, dou­ble-click on the ‘Set the NST sys­tem pass­words’

sym­bol. You will be prompted for a new pass­word, or to change the last se­cret pass­word that you had.

Once logged in, you can get to NST WUI. Open the Mozilla Fire­fox browser, and type http://192.0.0.1/un­twist in the ad­dress bar. You will be asked for a lo­gin pass­word.

Since it is a Web tool, you can also get it through an­other ma­chine. The dif­fer­ence is that you need to use the HTTPS pro­to­col to get to NST WUI via the Web.

The NST Start page

On the NST WUI page you will see the fol­low­ing:

▪ A menu on the up­per left

▪ The NST IP ad­dress and to what ex­tent it has been run­ning

▪ The NST Pro Reg­is­tra­tion

Code screen

NST Linux: Set­ting up Band­widthD

Band­widthD is a net­work traf­fic test that shows an out­line of sys­tem use. To en­able this fea­ture, go to the menu and fol­low Net­work > Mon­i­tors > Band­widthD UI.

Next, pick the net­work in­ter­face that we need to mon­i­tor, ar­range the pa­ram­e­ter and its sub­net. Click the Start Band­widthD but­ton.

NST pro­vides two dif­fer­ent in­ter­faces for ver­i­fy­ing Band­widthD. The first is the im­por­tant Band­widthD

in­ter­face (see Fig­ure 8).

The sec­ond is the NST WUI Band­widthD in­ter­face, for real-time mon­i­tor­ing with a graph (Fig­ure 9).

Mon­i­tor CPU util­i­sa­tion

When one or more ac­tiv­i­ties are run­ning si­mul­ta­ne­ously, we may want to know about the CPU util­i­sa­tion. NST pro­vides us a tool to do that. To use this tool, go to Sys­tem > Pro­cesses > CPU Us­age Mon­i­tor. You need to wait for a few sec­onds to get the graph.

SSH to the server

When you need to carry out a re­mote ac­tiv­ity through the shell, you can do it via the Web. NST Linux pro­vides this func­tion. Sim­ply go to Sys­tem > Con­trol Man­age­ment > Run com­mand

At that point, you will have a SSH client on the Web.

Launch the X Win­dow ap­pli­ca­tion

With this fea­ture, you can dis­patch the X Win­dow ap­pli­ca­tion with­out a re­mote to the server. The ap­pli­ca­tion’s graph­i­cal ac­quain­tance will be redi­rected by the X Server on your client PC. In any case, be­fore do­ing this, you have to en­sure that the X Server on your PC ac­knowl­edges the TCP con­nec­tion.

Here is an ex­am­ple. I am us­ing Zorin Linux 7, which is based on Ubuntu, as a client. Here are the steps to be fol­lowed. 1. En­able XDMCP as shown be­low:

$ sudo vi /etc/lightdm/lightdm.conf Add the fol­low­ing lines:

xserver-al­low-tcp=true [XDMCPServer] en­abled=true 2. Restart lightdm, as fol­lows: $ sudo restart lightdm

Note: This com­mand will restart your X Win­dow. Ev­ery sin­gle open ap­pli­ca­tion will be shut.

3. En­sure that port 6000 is tun­ing in. Run net­stat to check it, as shown be­low:

$ net­stat -an | grep -F 6000

4. Al­low your com­puter to ac­cept the X Server con­nec­tion.

For ex­am­ple, if the NST Linux IP ad­dress is 192.168.0.105 and the client is 192.168.0.104, run the xhost com­mand from the cus­tomer side to in­clude the NST Linux server in the run­down of per­mit­ted hosts to make the con­nec­tions.

$ xhost +192.168.0.105

Once you have done this, you can at­tempt to dis­patch the X Win­dow ap­pli­ca­tion from the NST WUI. For in­stance, we can at­tempt dis­patch­ing the Wire­shark ap­pli­ca­tion from the NST WUI. Go to the menu and then per­form the fol­low­ing steps: X > Net­work Ap­pli­ca­tions > Wire­shark (Packet Cap­ture).

At this point, Wire­shark will show up.

The sta­tus (on probe) at the header re­veals to us that it re­ally be­gins from the server, yet is ren­dered on the client side. On the off chance that you are run­ning the Mi­crosoft Win­dows client, you can do the same on it, if you also run Cyg­win/X on your Win­dows client. Re­boot or shut down the server.

NST WUI also al­lows the server ad­min­is­tra­tor to restart or shut down the server from the Web. If a server re­boot is re­quired, go to Sys­tem > Con­trol Man­age­ment > Re­boot.

Us­ing NST in the wild

Let’s now look at the dif­fer­ent uses of NST in a wide va­ri­ety of net­work en­vi­ron­ments.

Ba­sic use case 1: This is a sim­ple con­fig­u­ra­tion for NST. A small com­puter like a note­book is at­tached di­rectly to a broad­band ca­ble net­work. This con­fig­u­ra­tion is help­ful for check­ing and ex­plor­ing the In­tru­sion De­tec­tion Sys­tem (IDS).

Ba­sic use case 2: There is an­other ba­sic sim­ple con­fig­u­ra­tion, which in­volves a note­book com­puter run­ning NST be­hind a router, switch, fire­wall or wire­less de­vice that is at­tached to a broad­band ca­ble net­work. This set-up is valu­able for in­ves­ti­gat­ing the NST Linux op­er­at­ing sys­tem and its abil­i­ties.

Mo­bile wire­less mon­i­tor­ing: This in­volves a note­book com­puter run­ning NST to mon­i­tor 802.11 wire­less net­works. This plan is al­lur­ing for run­ning the Kis­met 3 re­mote net­work snif­fers.

Small busi­ness con­fig­u­ra­tion: This is a com­mon­place NST set-up and pro­vides net­work se­cu­rity ob­ser­va­tion in­side a pri­vate busi­ness net­work en­vi­ron­ment that is joined to the pub­lic In­ter­net.

En­ter­prise con­fig­u­ra­tion: This type of con­fig­u­ra­tion gath­ers all the in­for­ma­tion from the net­work. A cor­po­rate en­ter­prise net­work helps con­nect com­put­ers and re­lated de­vices across de­part­ments and work­groups. For se­cur­ing data or in­for­ma­tion, NST can be in­te­grated in the cor­po­rate en­ter­prise net­work en­vi­ron­ment.

Us­ing VPNs with NST

VPN tun­nels have for some time been used to se­cure and en­sure the in­tegrity of in­for­ma­tion over un­trusted sys­tems like the In­ter­net. By us­ing dis­tinc­tive VPN con­nec­tion types with NST, what you ac­cess on the Web and any­thing sent from one sys­tem to an­other is en­crypted and di­rected through the VPN. So, data sent to the net­work can't be read by any­one ex­cept the VPN provider. When a con­nec­tion is not en­crypted, an at­tacker could per­form a man-in-themid­dle ex­ploit (MITM), whereby the at­tacker can see all the in­for­ma­tion that is not en­crypted be­ing sent to other net­works—in­clud­ing user names and pass­words.

Let’s now look at an in­stance of us­ing VPN with Point to Point Pro­to­col (PPP) over SSH.

VPN: PPP tun­nelled over SSH

Prob­a­bly the most com­mon VPN so­lu­tions are SSH-Tun­nel, PPP, PPTP and OpenVPN. I per­son­ally think that OpenVPN is the best op­tion since it’s strong and se­cure. The Se­cure Shell (SSH) can like­wise be used to make an en­coded tun­nel be­tween two PCs. PPP over SSH is a fast and speedy VPN so­lu­tion. You can run a PPP con­nec­tion over an SSH con­nec­tion to make a sim­ple, en­crypted VPN. With PPP and SSH tools, you can cre­ate your own VPN within just a few min­utes. Be­fore I get into the de­tails, shown be­low is a sam­ple of PPP over SSH in a net­work.

Here, I will use a Win­dows ma­chine to demon­strate the PPP tun­nel over SSH in a VPN net­work. The steps are as fol­lows. 1. Set up the VPN. The com­mands given be­low should run

on a re­mote NST probe.

Script:”vpn-pppss” Is Run On Re­mote NST probe:”192.168.1.51” SSH Con­fig­u­ra­tion File:/root/.ssh/con­fig

HOST nst­probe

HostName=70.22.33.10

Port=20022

VPN PPP SSH Script: vpn-pppssh

Vpn-ppssh -r nst­probe -s 172.18.2.31 -c 172.18.2.32 -rt -sn \ 172.18.2.0/24 -cn 192.168.1.0/24 -nt -v

2. Once the VPN is set up, you can con­nect the two NST

probes be­tween the two sites by us­ing the point-to­point lay­ered pro­to­col.

3. As a tun­nelling step CIFS share is mapped se­curely over the In­ter­net. This tun­nelling demon­strates the use of ex­tend­ing Cor­po­rate CIFS (SMB) file ser­vices to a re­mote satel­lite of­fice se­curely over the un­trusted pub­lic In­ter­net.

Vir­tual com­put­ing

Vir­tual com­put­ing al­lows PC users re­mote ac­cess to pro­gram­ming ap­pli­ca­tions and pro­ce­dures when they re­quire it. Users gain ac­cess via the In­ter­net through a re­mote or net­work server.

Se­cure vir­tual com­put­ing

Se­cure vir­tual com­put­ing can be ef­fected by tun­nelling ser­vices or ap­pli­ca­tion pro­to­cols within an en­crypted se­cure shell (SSH) ses­sion envelope.

Se­cure vir­tual com­put­ing with Mi­crosoft Re­mote Desk­top Pro­to­col (RDP)

Two NST probes can be ar­ranged for a VPN that tun­nels the Re­mote Desk­top Pro­to­col be­tween a ter­mi­nal ser­vices server and a Mi­crosoft ter­mi­nal ser­vice client (mstsc) across the pub­lic In­ter­net.

Note: The ISO im­age of NST 24 can be found with the bun­dled DVD.

Fig­ure 2: NST tools view

Fig­ure 3: Ac­cess­ing NST WUI

Fig­ure 1: NST lo­gin

Fig­ure 5: NST WUI menu

Fig­ure 4: NST Start page

Fig­ure 8: Band­widthD in­ter­face

Fig­ure 9: Band­widthD in­ter­face with graph

Fig­ure 6: The NST WUI land­ing page

Fig­ure 10: CPU util­i­sa­tion graph

Fig­ure 7: Band­widthD UI

Fig­ure 11: Wire­shark in­ter­face

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.