You are previewing Secure Your Network for Free: Using Nmap, Wireshark, Snort, Nessus, and MRTG.
O'Reilly logo
Secure Your Network for Free: Using Nmap, Wireshark, Snort, Nessus, and MRTG

Book Description

If you believe that an intrusion detection system, regular vulnerability scanning, automated network device inventory, or firewall usage statistics are not in the IT budget, they are. All of these features and many more are available for free. A wide variety of quality security products are out there and available for use absolutely free of charge. All one needs is a little know how, some helpful examples like the ones in this book, and a desire to have a secure network.

This book shows you how to secure your network from top to bottom without spending a penny on security software using best of breed open source software including Snort, Nessus, and Ethereal. This book is a comprehensive step-by-step guide to securing your network using freely available software. It discusses the pros and cons of using some of the free software and also demonstrate the installation, configuration, and use of the software to secure your network. It is intended as a one-stop manual for network security for those on a budget, or those simply wanting to increase their network knowledge. This book covers all aspects of securing your network. It discusses the business case for using open source and free software security solutions. It also touches upon the various free options to cover a given security concern, and then walk through an actual implementation using the best of breed product, providing actual real-world examples.

Table of Contents

  1. Copyright
  2. Visit us at
  3. Lead Author
  4. Technical Editors
  5. Companion Web Site
  6. 1. Presenting the Business Case for Free Solutions
    1. Introduction
    2. The Costs of Using Free Security Solutions
      1. Training Costs
      2. Hardware Costs
      3. Consulting Costs
      4. Hidden Costs
    3. The Savings of Using Free Security Solutions
      1. Purchase Costs
      2. Maintenance Costs
      3. Customization Costs
    4. Comparing Free Solutions with Commercial Solutions
      1. Strengths of Free Solutions
      2. Weaknesses of Free Solutions
      3. Evaluating Individual Solutions
    5. “Selling” a Free Solution
      1. Selling by Doing
      2. Presenting a Proposal
    6. Summary
    7. Solutions Fast Track
      1. The Costs of Using Free Security Solutions
      2. The Savings of Using Free Security Solutions
      3. Comparing Free Solutions with Commercial Solutions
      4. “Selling” a Free Solution
    8. Frequently Asked Questions
  7. 2. Protecting Your Perimeter
    1. Introduction
    2. Firewall Types
    3. Firewall Architectures
      1. Screened Subnet
      2. One-Legged
      3. True DMZ
    4. Implementing Firewalls
      1. Hardware versus Software Firewalls
      2. Configuring netfilter
        1. Choosing a Linux Version
        2. Choosing Installation Media
          1. Full Install
          2. CD-ROM
          3. USB Drive
          4. Floppy Disk
        3. Linux Firewall Operation
        4. Configuration Examples
          1. Deleting Rules and Chains
          2. Permitting Traffic to and from the Firewall
          3. Simulating the Windows Firewall
          4. Simulating a Home Network Router
          5. Additional Commands
          6. Command Summary
          7. Option Summary
        5. GUIs
          1. Security Level Configuration
          2. Lokkit
          3. Firestarter
          4. Easy Firewall Generator
          5. Firewall Builder
          6. Other GUIs
        6. Smoothwall
          1. Installing Smoothwall
          2. Configuring SmoothWall
      3. Configuring Windows Firewall
    5. Providing Secure Remote Access
      1. Providing VPN Access
        1. Using Windows as a VPN Concentrator
        2. iPig
          1. Installing the iPig Server Express Edition
          2. Installing the iPig VPN Client
        3. OpenSSL VPN
          1. Configuring the OpenVPN Server
          2. Configuring the OpenVPN Client
          3. Using PKI Certificates of Authentication
          4. Configuring the OpenVPN GUI
      2. Providing a Remote Desktop
        1. Windows Terminal Services
        2. VNC
        3. Using the X Window System
      3. Providing a Remote Shell
        1. Using Secure Shell
        2. Using a Secure Shell GUI Client
    6. Summary
    7. Solutions Fast Track
      1. Firewall Types
      2. Firewall Architectures
      3. Implementing Firewalls
      4. Providing Secure Remote Access
    8. Frequently Asked Questions
  8. 3. Protecting Network Resources
    1. Introduction
    2. Performing Basic Hardening
      1. Defining Policy
      2. Access Controls
      3. Authentication
      4. Authorization
      5. Auditing
    3. Hardening Windows Systems
      1. General Hardening Steps
        1. Users and Groups
        2. File-Level Access Controls
        3. Additional Steps
      2. Using Microsoft Group Policy Objects
        1. Account Lockout Policy
        2. Audit Policy
        3. User Rights Assignment
          1. Security Options
    4. Hardening Linux Systems
      1. General Hardening Steps
        1. Users and Groups
        2. File-Level Access Controls
      2. Using the Bastille Hardening Script
      3. Using SELinux
    5. Hardening Infrastructure Devices
    6. Patching Systems
      1. Patching Windows Systems
      2. Patching Linux Systems
    7. Personal Firewalls
      1. Windows Firewall
      2. Netfilter Firewall
      3. Configuring TCP Wrappers
    8. Providing Antivirus and Antispyware Protection
      1. Antivirus Software
        1. Clam AntiVirus
          1. Installing Clam AntiVirus on Linux
          2. Installing Clam AntiVirus on Windows
        2. Using Online Virus Scanners
      2. Antispyware Software
        1. Microsoft Windows Defender
        2. Microsoft Malicious Software Removal Tool
    9. Encrypting Sensitive Data
      1. EFS
    10. Summary
    11. Solutions Fast Track
      1. Performing Basic Hardening
      2. Hardening Windows Systems
      3. Hardening Linux Systems
      4. Hardening Infrastructure Devices
      5. Patching Systems
      6. Personal Firewalls
      7. Providing Antivirus and Antispyware Protection
      8. Encrypting Sensitive Data
    12. Frequently Asked Questions
  9. 4. Configuring an Intrusion Detection System
    1. Introduction
    2. Intrusion Detection Systems
    3. Configuring an Intrusion Detection System
      1. Hardware Requirements
      2. Placing Your NIDS
    4. Configuring Snort on a Windows System
      1. Installing Snort
      2. Configuring Snort Options
      3. Using a Snort GUI Front End
      4. Configuring IDS Policy Manager
    5. Configuring Snort on a Linux System
      1. Configuring Snort Options
      2. Using a GUI Front End for Snort
        1. Basic Analysis and Security Engine
    6. Other Snort Add-Ons
      1. Using Oinkmaster
      2. Additional Research
    7. Demonstrating Effectiveness
    8. Summary
    9. Solutions Fast Track
      1. Intrusion Detection Systems
      2. Configuring an Intrusion Detection System
      3. Configuring Snort on a Windows System
      4. Configuring Snort on a Linux System
      5. Other Snort Add-Ons
      6. Demonstrating Effectiveness
    10. Frequently Asked Questions
  10. 5. Managing Event Logs
    1. Introduction
    2. Generating Windows Event Logs
      1. Using Group Policy to Generate Windows Events Logs
      2. Generating Custom Windows Event Log Entries
      3. Collecting Windows Event Logs
      4. Analyzing Windows Event Logs
    3. Generating Syslog Event Logs
      1. Windows Syslog
        1. Generating Syslog Events
          1. Configuring NTsyslog
          2. Encrypting Syslog Traffic
          3. Encrypting Syslog Traffic Using IPsec
        2. Receiving Syslog Events
      2. Linux Syslog
        1. Generating Syslog Events
        2. Encrypting Syslog Traffic
          1. Configuring Stunnel
          2. Configuring OpenSSH
          3. Configuring IPsec
        3. Receiving Syslog Events on a Linux Host
      3. Analyzing Syslog Logs on Windows and Linux
        1. Windows Log Analysis
        2. Linux Log Analysis
          1. Configuring Swatch
          2. Configuring Logwatch
    4. Securing Your Event Logs
      1. Ensuring Chain of Custody
      2. Ensuring Log Integrity
    5. Applying Your Knowledge
    6. Summary
    7. Solutions Fast Track
      1. Generating Windows Event Logs
      2. Generating Syslog Event Logs
      3. Securing Your Event Logs
      4. Applying Your Knowledge
    8. Frequently Asked Questions
  11. 6. Testing and Auditing Your Systems
    1. Introduction
    2. Taking Inventory
      1. Locating and Identifying Systems
        1. Nmap
        2. Super Scanner
        3. Angry IP Scanner
        4. Scanline
        5. Special-Purpose Enumerators
      2. Locating Wireless Systems
        1. Network Stumbler
      3. Documentation
        1. Network Topology Maps
        2. Access Request Forms
        3. Business Continuity and Disaster Recovery Plans
        4. IT Security Policies/Standards/Procedures
    3. Vulnerability Scanning
      1. Nessus
        1. Running Nessus on Windows
        2. Running Nessus on Linux
      2. X-Scan
      3. Microsoft Baseline Security Analyzer
    4. OSSTMM
    5. Summary
    6. Solutions Fast Track
      1. Taking Inventory
      2. Vulnerability Scanning
      3. OSSTMM
    7. Frequently Asked Questions
  12. 7. Network Reporting and Troubleshooting
    1. Introduction
    2. Reporting on Bandwidth Usage and Other Metrics
    3. Collecting Data for Analysis
    4. Understanding SNMP
      1. Configuring Multi Router Traffic Grapher
      2. Configuring MZL & Novatech TrafficStatistic
      3. Configuring PRTG Traffic Grapher
      4. Configuring ntop
      5. Enabling SNMP on Windows Hosts
      6. Enabling SNMP on Linux Hosts
    5. Troubleshooting Network Problems
      1. Using a GUI Sniffer
      2. Using a Command-Line Sniffer
        1. Windump
        2. ngSniff
        3. Tcpdump
    6. Additional Troubleshooting Tools
      1. Netcat
      2. Tracetcp
      3. Netstat
    7. Summary
    8. Solutions Fast Track
      1. Reporting on Bandwidth Usage and Other Metrics
      2. Collecting Data for Analysis
      3. Understanding SNMP
      4. Troubleshooting Network Problems
    9. Frequently Asked Questions
  13. 8. Security as an Ongoing Process
    1. Introduction
    2. Patch Management
      1. Network Infrastructure Devices
      2. Operating System Patches
      3. Application Patches
    3. Change Management
      1. Change Causes Disruption
      2. Inadequate Documentation Can Exacerbate Problems
      3. Change Management Strategy
    4. Antivirus
    5. Antispyware
    6. Intrusion Detection Systems
    7. Vulnerability Scanning
      1. Vulnerability Management Cycle
      2. Roles and Responsibilities
    8. Penetration Testing
      1. Obtaining the Support of Senior Management
      2. Clarify What You Are Buying
    9. Policy Review
    10. Physical Security
    11. CERT Team
    12. Summary
    13. Solutions Fast Track
      1. Patch Management
      2. Change Management
      3. Antivirus
      4. Antispyware
      5. Intrusion Detection Systems
      6. Vulnerability Scanning
      7. Penetration Testing
      8. Policy Review
      9. Physical Security
      10. CERT Team
    14. Frequently Asked Questions