Clik here to view.
ntop: An Introduction
ntop is a network probe that shows network usage. It displays a list of hosts that are currently using the network and reports information concerning the IP and non-IP traffic generated by each host....
View ArticleClik here to view.
ntop Usage
ntop usage potentially can take many forms. You can use ntop as either a stand-alone application (via the web interface) or as a traffic measurement server. ntop can export traffic data in several...
View ArticleClik here to view.
Network Security: Disabling Services
I thought it might be a good idea to do a series of articles on network security, and to kick it off I’m going to cover disabling unnecessary services. This article assumes your network is running...
View ArticleClik here to view.
Port Blocking in Linux
In the previous article, I covered the network security benefit of disabling unused services. In this article, I will cover the concept of port blocking, and how it can be done under Linux. TCP/IP...
View ArticleClik here to view.
Network Hardening with Bastille
Bastille is an open source program that facilitates the network hardening of a system running Linux. It performs many of the tasks discussed in previous articles on this blog such as disabling services...
View ArticleClik here to view.
Implementing Bastille
In the previous article, I covered some of the features of Bastille. In this article, I will cover downloading, installing and running Bastille, and undoing changes. Downloading Bastille Bastille is...
View ArticleClik here to view.
sudo: An Introduction
Invoking sudo at the command line in CentOS. Superuser Do (sudo) is an open source security tool that allows an administrator to give specific users or groups the ability to run certain commands as...
View ArticleClik here to view.
sudo: Options and Configuration
In order to use sudo, the user must have already supplied a username and password. If a user attempts to run the command via sudo and that user is not in the sudoers file (at /etc/sudoers), an e-mail...
View ArticleClik here to view.
Running sudo: Examples
The sudo command in action under CentOS. sudo -l shows the commands user chris is allowed to run as root. In the previous article, we configured sudo to allow user chris root privileges for the...
View ArticleClik here to view.
sudo Logging
Enabling sudo logging in CentOS. As mentioned in the introduction to sudo, the sudo command logs which users run what commands. Logging does not occur automatically. You need to set up sudo and syslogd...
View ArticleClik here to view.
Scanlogd: Port Detection Made Easy
Scanlogd is an open source program that detects and logs TCP-port scanning on your system. A port scan involves an attacker trying many destination ports, usually including some that turn out not to be...
View ArticleClik here to view.
Penetration Testing: Enumeration
Once you have hardened your system and network, it is always a good idea to scan, or penetration test, your own systems for weaknesses that may already exist or may develop. Changes are constantly made...
View ArticleClik here to view.
Port Scanning with nmap
The list of potential targets from the footprinting phase of penetration testing can be expansive. To streamline the port scanning process, it makes sense to first determine if the systems are up and...
View ArticleClik here to view.
Port Enumeration and Fingerprinting
Port Enumeration Port enumeration is based on the ability to gather information from an open port, by either straightforward banner grabbing when connecting to an open port, or by inference from the...
View ArticleClik here to view.
Open Source Tools: Part One (nmap)
Now that we’ve described the concepts of port scanning, enumeration and fingerprinting, it is time to discuss implementing them with open source tools. This article will cover two categories of tools:...
View ArticleClik here to view.
Open Source Tools: Part Two (More nmap options)
In the previous article, we began our look at open source tools, beginning with nmap. In this article, we continue our look at some nmap options. nmap Options: Stealth Scanning For any scanning you...
View ArticleClik here to view.
Open Source Tools: Part Three (Even more nmap options)
When you specify your targets for scanning, nmap will accept specific IP addresses, address ranges in CIDR format, and octet format (i.e. x.x.x.x). If you have a host file, which may have been...
View ArticleClik here to view.
Port Enumeration Tools: Part One
In this article, we’ll begin to discuss the tools that are useful in the enumeration phase of an assessment. These port enumeration tools will scan a list of targets and ports to help determine more...
View ArticleClik here to view.
Intrusion Detection Systems: An Introduction
intrusion detection system An intrusion detection system (IDS) is the high-tech equivalent of a burglar alarm. It is a device or software application that is configured to monitor information gateways,...
View ArticleClik here to view.
Intrusion Detection Systems: How They Work
In this article, we’ll take a look at the elements of an IDS. First, you have to understand what the IDS is watching. The particular kinds of data input will depend on the kind of IDS, but in general...
View Article