OpenSource For You

How to Use the Network Security Toolkit

Network Security Toolkit (NST) is an analysis and validation tool which can be used on enterprise virtual servers that host virtual machines. Get acquainted with NST in this article.

- By: Prerna Maheshwari The author has a masters in commerce and is a technology enthusiast. Writing is her hobby. She can be contacted at ca.prernamahe­

NST provides a security toolkit for network administra­tors. It comes with a complete set of open source network security tools and an advanced Web user interface (WUI).

System requiremen­ts

The Network Security Toolkit is designed to provide many tools that run entirely in the RAM. Hence, it requires a large amount of RAM. Table 1 lists the minimum system requiremen­ts.

Downloadin­g and burning the ISO image

We can read how to download NST Linux and burn the ISO image from the NST instructio­nal exercise. When it is done, restart the PC and begin the installati­on. NST installs easily on Linux systems.

Logging in

When the installati­on is done, NST Linux creates a client named ‘NST user’. You can log in with this user name and no password.

NST is integrated with different types of tools. You can see them when you access applicatio­ns from the Activities menu on the top left.

NST Web user interface (WUI)

The tools that appear on the desktop are just a small part of the NST armoury. The originalit­y of NST Linux is the NST WUI, which is the control panel or system management tool for all that you have to do with NST. This feature can't be accessed unless you fix a password for the current client. To fix or change the secret password, double-click on the ‘Set the NST system passwords’

symbol. You will be prompted for a new password, or to change the last secret password that you had.

Once logged in, you can get to NST WUI. Open the Mozilla Firefox browser, and type in the address bar. You will be asked for a login password.

Since it is a Web tool, you can also get it through another machine. The difference is that you need to use the HTTPS protocol to get to NST WUI via the Web.

The NST Start page

On the NST WUI page you will see the following:

▪ A menu on the upper left

▪ The NST IP address and to what extent it has been running

▪ The NST Pro Registrati­on

Code screen

NST Linux: Setting up BandwidthD

BandwidthD is a network traffic test that shows an outline of system use. To enable this feature, go to the menu and follow Network > Monitors > BandwidthD UI.

Next, pick the network interface that we need to monitor, arrange the parameter and its subnet. Click the Start BandwidthD button.

NST provides two different interfaces for verifying BandwidthD. The first is the important BandwidthD

interface (see Figure 8).

The second is the NST WUI BandwidthD interface, for real-time monitoring with a graph (Figure 9).

Monitor CPU utilisatio­n

When one or more activities are running simultaneo­usly, we may want to know about the CPU utilisatio­n. NST provides us a tool to do that. To use this tool, go to System > Processes > CPU Usage Monitor. You need to wait for a few seconds to get the graph.

SSH to the server

When you need to carry out a remote activity through the shell, you can do it via the Web. NST Linux provides this function. Simply go to System > Control Management > Run command

At that point, you will have a SSH client on the Web.

Launch the X Window applicatio­n

With this feature, you can dispatch the X Window applicatio­n without a remote to the server. The applicatio­n’s graphical acquaintan­ce will be redirected by the X Server on your client PC. In any case, before doing this, you have to ensure that the X Server on your PC acknowledg­es the TCP connection.

Here is an example. I am using Zorin Linux 7, which is based on Ubuntu, as a client. Here are the steps to be followed. 1. Enable XDMCP as shown below:

$ sudo vi /etc/lightdm/lightdm.conf Add the following lines:

xserver-allow-tcp=true [XDMCPServe­r] enabled=true 2. Restart lightdm, as follows: $ sudo restart lightdm

Note: This command will restart your X Window. Every single open applicatio­n will be shut.

3. Ensure that port 6000 is tuning in. Run netstat to check it, as shown below:

$ netstat -an | grep -F 6000

4. Allow your computer to accept the X Server connection.

For example, if the NST Linux IP address is and the client is, run the xhost command from the customer side to include the NST Linux server in the rundown of permitted hosts to make the connection­s.

$ xhost +

Once you have done this, you can attempt to dispatch the X Window applicatio­n from the NST WUI. For instance, we can attempt dispatchin­g the Wireshark applicatio­n from the NST WUI. Go to the menu and then perform the following steps: X > Network Applicatio­ns > Wireshark (Packet Capture).

At this point, Wireshark will show up.

The status (on probe) at the header reveals to us that it really begins from the server, yet is rendered on the client side. On the off chance that you are running the Microsoft Windows client, you can do the same on it, if you also run Cygwin/X on your Windows client. Reboot or shut down the server.

NST WUI also allows the server administra­tor to restart or shut down the server from the Web. If a server reboot is required, go to System > Control Management > Reboot.

Using NST in the wild

Let’s now look at the different uses of NST in a wide variety of network environmen­ts.

Basic use case 1: This is a simple configurat­ion for NST. A small computer like a notebook is attached directly to a broadband cable network. This configurat­ion is helpful for checking and exploring the Intrusion Detection System (IDS).

Basic use case 2: There is another basic simple configurat­ion, which involves a notebook computer running NST behind a router, switch, firewall or wireless device that is attached to a broadband cable network. This set-up is valuable for investigat­ing the NST Linux operating system and its abilities.

Mobile wireless monitoring: This involves a notebook computer running NST to monitor 802.11 wireless networks. This plan is alluring for running the Kismet 3 remote network sniffers.

Small business configurat­ion: This is a commonplac­e NST set-up and provides network security observatio­n inside a private business network environmen­t that is joined to the public Internet.

Enterprise configurat­ion: This type of configurat­ion gathers all the informatio­n from the network. A corporate enterprise network helps connect computers and related devices across department­s and workgroups. For securing data or informatio­n, NST can be integrated in the corporate enterprise network environmen­t.

Using VPNs with NST

VPN tunnels have for some time been used to secure and ensure the integrity of informatio­n over untrusted systems like the Internet. By using distinctiv­e VPN connection types with NST, what you access on the Web and anything sent from one system to another is encrypted and directed through the VPN. So, data sent to the network can't be read by anyone except the VPN provider. When a connection is not encrypted, an attacker could perform a man-in-themiddle exploit (MITM), whereby the attacker can see all the informatio­n that is not encrypted being sent to other networks—including user names and passwords.

Let’s now look at an instance of using VPN with Point to Point Protocol (PPP) over SSH.

VPN: PPP tunnelled over SSH

Probably the most common VPN solutions are SSH-Tunnel, PPP, PPTP and OpenVPN. I personally think that OpenVPN is the best option since it’s strong and secure. The Secure Shell (SSH) can likewise be used to make an encoded tunnel between two PCs. PPP over SSH is a fast and speedy VPN solution. You can run a PPP connection over an SSH connection to make a simple, encrypted VPN. With PPP and SSH tools, you can create your own VPN within just a few minutes. Before I get into the details, shown below is a sample of PPP over SSH in a network.

Here, I will use a Windows machine to demonstrat­e the PPP tunnel over SSH in a VPN network. The steps are as follows. 1. Set up the VPN. The commands given below should run

on a remote NST probe.

Script:”vpn-pppss” Is Run On Remote NST probe:”” SSH Configurat­ion File:/root/.ssh/config

HOST nstprobe



VPN PPP SSH Script: vpn-pppssh

Vpn-ppssh -r nstprobe -s -c -rt -sn \ -cn -nt -v

2. Once the VPN is set up, you can connect the two NST

probes between the two sites by using the point-topoint layered protocol.

3. As a tunnelling step CIFS share is mapped securely over the Internet. This tunnelling demonstrat­es the use of extending Corporate CIFS (SMB) file services to a remote satellite office securely over the untrusted public Internet.

Virtual computing

Virtual computing allows PC users remote access to programmin­g applicatio­ns and procedures when they require it. Users gain access via the Internet through a remote or network server.

Secure virtual computing

Secure virtual computing can be effected by tunnelling services or applicatio­n protocols within an encrypted secure shell (SSH) session envelope.

Secure virtual computing with Microsoft Remote Desktop Protocol (RDP)

Two NST probes can be arranged for a VPN that tunnels the Remote Desktop Protocol between a terminal services server and a Microsoft terminal service client (mstsc) across the public Internet.

Note: The ISO image of NST 24 can be found with the bundled DVD.

 ??  ?? Figure 11: Wireshark interface
Figure 11: Wireshark interface
 ??  ?? Figure 8: BandwidthD interface
Figure 8: BandwidthD interface
 ??  ?? Figure 9: BandwidthD interface with graph
Figure 9: BandwidthD interface with graph
 ??  ?? Figure 6: The NST WUI landing page
Figure 6: The NST WUI landing page
 ??  ?? Figure 10: CPU utilisatio­n graph
Figure 10: CPU utilisatio­n graph
 ??  ?? Figure 7: BandwidthD UI
Figure 7: BandwidthD UI
 ??  ??
 ??  ?? Figure 2: NST tools view
Figure 2: NST tools view
 ??  ?? Figure 3: Accessing NST WUI
Figure 3: Accessing NST WUI
 ??  ?? Figure 1: NST login
Figure 1: NST login
 ??  ?? Figure 5: NST WUI menu
Figure 5: NST WUI menu
 ??  ?? Figure 4: NST Start page
Figure 4: NST Start page
 ??  ??
 ??  ??

Newspapers in English

Newspapers from India