General discussion


Linux Zeitgeist

By spector ·
Tags: Off Topic
blog root

This conversation is currently closed to new comments.

14 total posts (Page 2 of 2)   Prev   01 | 02
Thread display: Collapse - | Expand +

All Comments

Collapse -

NMap - A Security Scanner

by spector In reply to Linux Zeitgeist

<a href="">
<img src="" style="border-style: none"></a><p>

<a href="">NMap Image gallery</a><p>
<h2>NMap - A Security Scanner</h2>

<P>Back in the old days of nobody much cared (or often even knew!)
what services were running on machines on the Internet. In fact,
supporting a lot of services was almost required given that mainframes
and large minicomputers were expensive and needed to pay for
themselves every second they were running, so runing lots of services
and squeezing every possible use out of a machine was imperitive.</p>

<p>In fact, <em>back in the day</em> when I was a systems programmer
at New York University's Courant Institute, it was common to be able
to see all sorts of services open and available for public use on
far-flung machines all of over the Internet (well, truth be told, it
was called the <a
href="">ARPAnet</a> back then --
the same network protocols, different scale :-) .</p> <br> In fact, it
was common to actually look around for available services (such as
remote printers) by just poking around someone else's network until you
found what you were looking for. Clearly, we're living in a very
different time.

<p>The Internet as we know it today is a far cry from the almost
folksy-seeming ARPAnet of 20 years ago. Beyond the ubiquitiy of the
Internet itself is the incredible power of even the cheapest computer
and the incredible number of services that come with every O/S -- and
for the purposes of this discussion -- the incredible number of
services that are turned on by default on those computers. </p>

<p>These days, security is the name of the game: everywhere, in every
context and at all possible levels of hardware, operating system and
application. It's estimated that for Windows XP machines that are put
onto the Internet unpatched, it can take less than 20 minutes for the
system to be attacked, compromised, and under control of some
not-very-nice people.. Ensuring your systems and your applications
are not exposed is a requirement for staying in business.</p>

<p>With all these <em>"evil-doers"</em> on the loose, under every
rock, one can't be too careful!</p>

<h2>The Tool</h2>

<p>Today I'd like to introduce <a
href="">NMAP</a>. NMap is an application
that is designed to probe systems at the network layer to determine
what services they're exposing to the networks to which they're
connected, and if possible to tell the user anything that is known
about vulnerabilities of those services or about the system
itself. </p>

<p>NMap was origally written for Unix type machines but can be
compiled for almost any currently available OS. It has principally a
command line application, but it ships with a GUI front end that will
compile on most platforms (screen shots are available in the
<a href="">NMap Image gallery</a&gt.<p>

<p>It may not be obvious is you're not a networking expert, but every
computer that has a TCP/IP protocol stack and even implementation of
the protocols that ride on top of it, such as FTP or SSH, can be
identified by some of the design choices that the programmers made
when they wrote the software. The ability to identify systems and services by
their specific characterisistcs is called "fingerprinting" and like
its namesake in the physical world it allows experts to determine
which system is which in a networked environment.</p>

<p>Fingerprinting a TCP/IP stack for example may look at the way sequence numbers are
generated for TCP packets, or look at specific features that are implemented in a
the IP protocol, and in almost all cases the results of this fingerprinting
can identify what OS is being used on the system without ever having to log in to it. </p>

<p>Higher level protocols occasionally have bugs that can be exploited
remotely through number of techniques, or they may have non-critical
characteristcs that can be used to identify them. Some protocols
even, as part of their very desgn, give out a lot of useful
identifying information when you connect to them that will help
someone looking to break in. Sendmail mail servers for example
usually announce the OS it's running on, the OS version along with its
own when a connection is make to port 25 on a machine running the

<p>NMap's mail goal is to sniff out what services are running on a system,
identify them and tell you if it knows of any potential vulnerabilites
in what it finds.</p>

<h2>Putting NMap to the Test</h2>

<p>First, a word to the wise: <br>
<p><center><b>NMap is a not a tool for "hacking into
networks," it is an analysis tool.</b></center></p>
<p><em>However</em>, in the age we
live in, running an analysis tool that can poke at machines on a
network and get them to reveal their potential vulnerabilities is not
something to ever, ever do on a network that your are not the owner
of. In fact, in most juristictions in the US such probing (or
"doorknob-twisting" as its referred to in security circles) is
tantemount under the law to attempted breaking and entering. In some
countries tools like NMap are actually illegal (there's a geat
discussion to be had on the studpidy of such laws, but that's a topic
for another venue). Suffice it to say, any time NMap is run it must
be done with the explicit consent of the network/system owners.</p>

<p>Okay, now that I've scared you... what can we do with NMap?</p>

<h3>NMap has several modes of operation</h3>
<li>TCP/UDP Probe Mode - most useful for finding running services and open ports</li>
<li>Host Sweep Mode - most useful for finding out what's on a subnet and identifying O/S versions</li>
<li>SYN/FIN Probe Mode - most useful for finding well-known flaws in IP stacks</li>

<p>The most common use for NMap is the first one -- the TCP/UDP probe
-- using NMap in this mode you can find any and all open ports on a
general. This is useful because it first and formost tells you what
you should be turning off to help secure your system(s). Secondly it
can also so you what ports are actaully enabled (i.e., have a live
network socket) but don't seem to be running a known protocol. This
can be use to find out is someone is running some kind of stealth
services on your network. I once used this to catch a rougue employee
who had set up an illegal file sharing network (doh!!) at a large bank
I consulted for. Got me a nice pat on the back; got the employee a trip
to the unemployment line. </p>

<p>NMap's second most common mode is the ping sweep mode. This is a
really useful too because it can allow you to audit a network very
quickly and find every device on the network. Hosts, serves, routers,
printers, you name it. Most network tools, like network analyzers are
passive -- they wait for devices to talk, then they can identify and
enumerate them. NMap in this mode pings an entire network and then
figures out, using its fingerprinting system -- all the vital stats on
the devices it finds. There are a few examples of this in the
screenshot gallery.</p>

<p>The last major mode allows you to probe devices to determine if
they're vulnerable to fundamental flaws in their IP protocol
implementations having to do with the ability to compromise half-open
network connections. A very esoteric way to break into system that's
beyond the scope of this article.</p>

<p>Whether you're using NMap from the command line or through it's
GUI, there are a large number of fine tunable options that allow you
to modify the operations of the scans. You can throw data at a port
to see how a service responds, you can try to overload a service to
see if the underlying server can hadle various loads, you can even
narrow down the ports you're testing to just a select port of
interest, or have NMap continuously test all possible ports.</p>

<h2>The Right Tool for the Right Job</h2>

<p>NMap is a very powerful tool for exploring networks and helping to
secure systems and the services the deliver. It can quickly identify
not only every machine and devices on the network, but what O/S it's
running, what services it is making available, and even what ports are
running but are not what they appear to be (for example, if someone
were runing a file-sharing system over the port usually reserved for
another service).</p>

<p>NMap it quite useful by itself, but like many tools it has a whole
ecosystem surrounding it that can enahce it's utility. In the resouces
section at the end of this article are a number of add-ons and
supporting tools that make NMap an even more potent security analysis

<p>MNap is clearly the right tool for ensuring that only the services
you want on your network are actually there, however, as indicated
above, it's also a tool whose use can be miscostrued because of the
infomation it can collect, so it needs to be used only in ways that 1)
are with the permission of the system owner(s) and 2) in ways that
will not inflict any kind of damage or denial of service to the system
and networks it's aimed at.</p>


<li><a href="">NMap Audit<a/> is a set of Perl scripts that will automate scans and generat niceley formatted reports detailing the results</li>
<li><a href="">Remote NMap</a> is a client/server program that allows scans to be run from a centralized server</li>
<li><a href="">PHP NMap</a> is a Web-based front end for the NMap scanner</li>
<li><a href="">Qpenmapfe</a> is a version of NMap that can be run on Linux based hand-helds like the HP (Compaq) Ipaq or the Sharp Zaurus; this could be useful for running NMap against hosts on wireless networks to see what services are being presented "over the air" via their wireless interfaces.</li>

<b>Write your own review</b></br>
<p>If you've found the perfect tool for the job, we want to hear about
it. <a href="">Send us an
e-mail</a> describing the product and the job you're using it for. If
we feature the product in The Right Tool for the Job? blog, you'll
earn a little cash and be featured across the TechRepublic Web site
and in our newsletters.</p>

Collapse -

Security Auditing with Live CDs

by spector In reply to Linux Zeitgeist

<a href="">
<img src="" style="border-style: none"></a><p>

<a href="**.html">Auditing Live CD Image gallery</a><p>

<h2>Security Auditing with Linux Live CDs</h2>

<p>Did you ever want to see what was really happening on your networks
and systems but thought to yourself "<em>Ugh... I don't have the time to
find and install lots of auditing tools...</em>"? Well, if you've ever
needed to do a little deep-dive into the state of your network,
systems or applications, there is a way to get access to all the tools
you could possibly need, and not even install a single peace of
software. "<em>Huh?!?!</em>" I hear you say... "<em>How could that actually be

<p>Well, there's a really interesting class of Linux (and BSD and
occasionally Windows) distributions out there that are collectively
known as "<a href="">Live
CDs</a>." Live CDs are OS distributions on a CD- or DVD-ROM that can
be booted up on a desktop or laptop system in such a way that you can
run a live copy of the OS and all the tools on the CD-ROM out of RAM
instead of off the hard disk.</p>

<p>Live CDs are used for all sorts of things these days, principally as
demos -- kind of a try-before-you-buy approach to software
distribution. There are Live CDs for Linux desktop distributions
like <a href="">Ubuntu</a>, for <a href="">Arcade Games</a>, <a
href="">Parallel Computing and Clusters</a> and
<a href="">Grids</a>, <a href="">Scientific/Mathematical Computing</a>, <a
href="">Bio-informatics</a>... and of course,
system security testing and auditing (there's a resource list at the end of
this article that highlights some of the better known Auditing
Live CDs).</p>

<h2>The Tool</h2>

<p>In this installment of <em>The Right Tool for the Right Job</em>, we'll take
a look at a Linux Live CD for System Auditing. There are many, many
Live CDs for security; it seems that everyone has a different idea on
what tools people might need, or how a security tool set should look.
We're going to look at is <a href="">Backtrack</a>, which is one
of the better presented systems in terms of both its tool-set and its
overall presentation.</p>

<h2>Putting Live Auditing CDs to the Test</h2>

<P>First, (some more) words to the wise: <br>

<p>NMap, covered in my last article, was a another very powerful tool
-- Linux Auditing Live CDs are hundreds of times more powerful as they
contains hundred of more tools. NMap was a system for scanning hosts
for known vulnerabilities and open ports that might otherwise go
unnoticed ... most of these Live CD Auditing/Security suites have that
digital equivalent of lock-picks and system cracking tools on them;
they are very useful for helping to secure your network. However, like
NMap, Baktrack has even more powerful tools can get you into a lot of
hot water should they be used in an inappropriate way. (As they say,
<em>You Have Been Warned.)</em> </p>

<h3>More Tools Than You Can Shake A Stick At</h3>

Backtrack, like most Auditing Live CDs, comes with dozens and dozens of
tools; the creators have tried to break the large selection of tools
that Backtrack makes available into manageable chunks of functionality
(this section uses the names that BackTrack uses, other Live CDs may
use different terminology):

<li>"Exploit Archives" - This includes links to databases/sites of listings of known exploits, vulnerabilities as well as links to patches</li>
<li>"Enumeration" - DNS and directory services type tools useful in examining what kinds of services a host or network is presenting on the network and using those services to acquire information. </li>
<li>"Scanners" - These are tools like <a href="">NMap</a> that help an auditor discover systems on a network, or probe a given host(or set of hosts) to find open ports or known vulnerabilities</li>
<li>"Password Crackers" - These are, literally, password cracking systems. These are used not to break in to systems but to see if users have password that are vulnerable to being broken into.</li>
<li>"Spoofing" - These are tools that allow the auditor's machine to masquerade are a number of different kinds of systems or services to see who well other network services or systems can code with a variety of security situations.</li>
<li>"Sniffers" - Sniffers comprise a wide variety of tools, from network analyzers like <a href="">WireShark</a> (formerly know as "Ethereal"), to protocol analyzers that look at high-level protocols like AOL Instant Messenger, IRC, and Jabber or even database transaction sniffers.</li>
<li>"Wireless Tools" - A collection of 802.11 wireless network scanners and other tools for monitoring, analyzing and testing WiFi networks
<li>"BlueTooth" - A similar set of tools for examining BlueTooth networks and devices
<li>"CISCO Tools" - A collection of tools for probing and connecting to CISCO Routers
<li>"Database Tools" - A collection of tools that will allow you to analyze database connections and traffic for a number of common databases</li>
<li>"Forensic Tools" - A collection of tools that are very useful in systematically documenting data discovered during an audit; some of these tools save data into databases, others are systems that allow an investigator to make a pristine copy of a hard drive in order to secure a disk image for examination.</li>

<p>The Backtrack system also includes a large number of servers (i.e.,
web servers, etc) that can be run locally and other systems like "honey
pot" tools that can be used to attract attackers on a network for the
purpose of seeing what tools <em>they</em> are using to attack or
survey your systems and networks. </p>

<p>Linux Auditing Live CDs can be used in any number of modes: As
purely probative tools they can be used to find out what's running on
a network (e.g., with a network analyzer) in terms of services and
information flows (who is talking to whom, and what about). Or, they
can be active in terms of auditing the state of security of a specific
system (e.g., trying to break in using password crackers or testing
for known exploits). And, lastly the forensic data capture tools can
allow you to keep all the data you generate and organize it in a way
that can be used to create a chain of evidence that can be use in a
formal audit or other investigation.</p>

<p>Finally, you might be wondering how you would save any of the data
you are capturing when the system you're running basically exists only
in the RAM of a laptop that will revert to whatever it was running
before at the next reboot? The designers of these Live CD seem to
have thought of everything: You can activate the network interface
and give your temporary auditing station an IP address and then access
your network file systems as you normally would, or you could just pop
a USB flash drive into a free USB port and save your data there. </p>

<h2>The Right Tool for the Right Job</h2>
<p>Obviously in a relatively short article there's no way to do
justice to the scope and breadth of a tool-set like Backtrack (or any
of the other Live CD-based auditing/security systems that are available).
However, it's plain to see that if you need to be able to quickly set
up an auditing suite to be able to satisfy your boss (or yourself) that
all's right with you network you can't go wrong with a tool like
Backtrack. </p>

<h2>Auditing/Security Live CDs</h2>

<p>As stated, Auditing/Security Live CDs come in many, many flavors.
Some are full blown distribution in their own right (i.e., you often
have the option to install them onto the system disk, not just run
them as Live CDs), others are small enough to be run completely from a
USB flash drive.</p>

<li> <a href="">Backtrack</a> </li>
<li><a href=:">Auditor</a></li>
<li><a href="">PHLAK ("Professional Hacker's Linux Assault Kit")</li>
<li><a href="">INSERT ("Inside Security Rescue Kit")</a></li>
<li><a href="">Local Area Security</a></li>
<li><a href="">PLAC</a> ("Portable Linux Auditing CD")</li>

<b>Write your own review</b></br>
<p>If you've found the perfect tool for the job, we want to hear about
it. <a href="">Send us an
e-mail</a> describing the product and the job you're using it for. If
we feature the product in The Right Tool for the Job? blog, you'll
earn a little cash and be featured across the TechRepublic Web site
and in our newsletters.</p>

Collapse -

Security Auditing with Live CDs

by reality In reply to Security Auditing with Li ...

<p>I've just found a link to this article in todays TechRepublic email.</p>
<p>I'm proud to say I'm a member of the remote-exploit team, so am very pleased to see BackTrack being mentioned here!</p>
<p>Also, to see the Auditor Security Collection next in your list of other live cd's.</p>
<p>BackTrack is the product of the Auditor and Whoppix (Whax) live cd's joining together. This is the first public release version of BackTrack, so please keep an eye on it as it will grow in functionality and hardware compatability over the next releases! Auditor always had a reputation for being one of the most frequently maintained, up-to-date lived cd's available. A reputation which will, hopefully, be continued with BackTrack.</p>
<p>I hope many TechRepublic members can make great use of this diverse distro.</p>

Collapse -

?Sim-Business? meets the Real World:

by spector In reply to Linux Zeitgeist

<a href="">
<img src="" style="border-style: none"></a><p>

<h1>?Sim-Business? meets the Real World:</h1>
<a href=""> Gallery</a>
<p>When you?re starting a business there are any number of really important and, honestly, really expensive chores you have to do, and one of the most important is making a decision about how to actually keep track of your customers, your suppliers, sales leads, and so on. If you have a sales team you have to give them tools in order for them to be able to take all of this info and close deals. Oh, and then there?s email. Hmmm? what about promotional tools like mass mailings, advertising, and all of the other bits that help further your business?</p>

<p>Back in the ?dot com? boom Application Service Providers (ASPs) were suppose to fix all these problems by renting us applications and allowing us to outsource all of the nutty gritty of our businesses to them, and somehow we?d all just rake in profits. As we know it didn?t quite work out that way, mostly because the ASPs of the late 1990s were focusing on all the wrong areas. They thought that it was all the desktop applications and other ephemera that needed outsourcing. Well, they were wrong and the ASP industry paid a heavy price for their miscalculation. </p>

<p>In the middle of all of the euphoria over the possibility of no-install software was a <a href="">Sales Force</a> that was founded by a former Orcale exec named Marc Benioff. SalesForce from the outset had figured out something that had eluded most of the other wannabe ASPs which is no one needs an outsourced word-processor or a remote desktop run on a server in Bangalore ? what they need is tools to perform the real nuts and bolt of running a sales-driven business. Not only that, they need to be able to interact with it just like it was software they were running on their own systems, but also it had to be deliverable without the installation of even a single byte of software.</p>

<p>They started off slow in the early 2000s, but Sales Force has really taken off and it has gotten a lo of traction, a lot of very high visibility customers including Down Jones Newswires, Staples, AOL, Coldwell Banker, Avis, Commerce Bank, and hundreds of others. </p>

<h2>The Tool</h2>
<p>Sales Force (or as most people seem to refer to it ?Sales Force dot Com? or ?S-F-D-C?) is at its core a very generic Customer Relationship Management or ?CRM? System. It consists of a series of modules for managing people (employees), customers, contacts, generating reports, scheduling events, modules for automating the sales work-flow process, email, tools for running marketing campaigns, keeping track of documents and contacts, and a lot more. Of course, all of this is accessible via and run though a plain, vanilla web browser.</p>

<p>SalesForce provides all of this at a variety of price points to meet almost the needs of a large variety and kinds of business. There are editions for ?teams? (for 5 or fewer users), a Professional edition, and Enterprise and an ?unlimited edition.? Many of the differences between the editions center around 1) the number of applications available or 2) the amout of storage per user that is included in the monthly charges. SalesForce has a <a href="">comparison chart</a> but the pricing is typically about $50 per seat per month depending on the edition and any added services/features. </p>

<p>What makes SalesForce special is not the generic components but how many tools they provide on top of the basic system that make it easy to load your existing data into the SalesForce CRM system and then the literally hundreds of tools they provide to help you take advantage of the basic CRM underpinnings. </p>

<h2>Putting to the Test</h2>
<p>SalesForce has put together a very well rounded collection of fields that represent all the major aspects of a generic business ? and you can add more if you need to --- and stocks this basic database with a large number of reports, dashboards, and other tools that take a lot of the pain out of finding basic information about the operating characteristics of your business. </p>

<p>SFDC provides all of the background services your expect beyond the tools themselves: they provide all of the backup and recovery services on could need; they will also back up your data on-to-fly, which is very useful if you are about to make some large change to your data and want a clean way to back out in case something goes wrong. SalesForce also will provide you with a ?test bed? copy of your data and applications if you want to keep your live production data separate from anything you are experimenting with. SalesForce also provide a number of tools to help you bring in data (say from an external database) or even aggregate 3rd party content into your SFDC data. There are also a host of 3rd party software vendors that make tools and utilities for manipulating data stored in SalesForce or for providing access to SalesForce from mobile devices such as Blackberrys and other PDAs. </p>

<p>One of the most interesting aspects of SalesForce?s approach to providing a true hands-off ASP experience is their <a href="">AppExchange</a> service. AppExchange is where 3rd parties (or even other SDFC customers) package up tools and utilities and make them available to SFDC customers. For example, if you needed a compensation system to automatically figure out bonuses for your sales team (something that is not provided out-of-the-box by the SFDC tools) you could find several providers of such a service via the SalesForce AppExchange. </p>

<p>The tools that are available via the AppExchange cross dozens of disciplines and many industries. For the most part, thanks for a clear and well thought our API, all of these tools drop right into and know how to access and manage your data. Of course, if you need something that isn?t even available via the AppExchange, both SalesForce and a whole ecosystem of ISV and VARs stand ready to help you extend the basic SFDC capabilities. Oh, and if your create some new SFDC capability, SalesForce will be happy to help you resell your new tool via the AppExchange as well. </p>

<h2>The Right Tool for the Right Job</h2>
<p>The tools that are available via SalesForce represent a whole new genre of applications -- the truly mobile office. One company I work with, a very high-end boutique personnel/staffing firm has no ?central office,? rather they are completely distributed around the continental US, their work bound together by the Internet and the tools that SalesForce allows them to bring together to run their business. Their recruiters and sales people are out in the field generating business and solving customer needs. In general, they have no need for data centers or a large IT staff.; Salesforce hosts their data 24x7x365, backs it up; they can modify the system?s operations and tools as often as they need by creating reports, dashboard and other tools to help them optimize their efforts. </p>

<p>For an increasing number of agile businesses, the secret to success is not in having the most IT toys, but in having the best services available and being able to use those service wherever and whenever they can best generate and service business. SalesForce is well worth looking into if your company?s business is something other than the business of IT. </p>

<b>Write your own review</b><br />
<p>If you've found the perfect tool for the job, we want to hear about
it. <a href="">Send us an
e-mail</a> describing the product and the job you're using it for. If
we feature the product in The Right Tool for the Job? blog, you'll
earn a little cash and be featured across the TechRepublic Web site
and in our newsletters.</p>

Back to After Hours Forum
14 total posts (Page 2 of 2)   Prev   01 | 02

Related Discussions

Related Forums