- Vulnerability Assessment with Nessus
- Traffic Security with Ethereal
- Web Proxying with Squid
Vulnerability Assessment with Nessus
- Nessus is a vulnerability assessment tool
- Comes built-in with most distros
- More than just a port scanner
- Ability to scan a sytem for open ports and services, applications, and vulnerabilities associated with system
- Useful to help find your systems’s
- Can be run against local host or networked systems
- Requires root privileges to be effective
- Two major pieces:
- Server(nessusd)
- Client(nessus)
- Server is run on host to be canned, client is for viewing scan results
- Requires a username and password or certificate to be setup
- Use ‘nessus’ command with options to configure program
- Nessus uses port 1241 by default to listen, but can be changed
- GUI can be used to configure scans and view them
- Many scan options can cause DOS attack against target – use with caution!
- Scan results can tell you about vulnerabilities, possible effetcs, and how to correct them
- Nessus uses updateable database of Vulnerabilities
- Usually kept very current
- Ensure you check website for latst database updates
- Nessus Demonstration
Traffic Security with Ethereal
- Ethereal (now Wireshark) most popular network sniffer
- Open source and commercial versions
- De facto sniffer used with Linux
- Uses libcap library
- Enables “promiscuous mode” NIC opeartion
- Can intercept any raw traffic NIC receives
- Use to ensure communications security of your network:
- Determine if integrity of packets are assured
- Determine if/when encryption in needed
- Determine if paswords are secured
- Can capture real-time traffic or saved traffic for later analysis
- Saves to a file that is readable by different programs
- Breaks out capture by time, protocol, source, and destination IP addresses/MAC addresses
- Ethereal Demonstration
Web Proxying with Squid
- A proxy runs on a server beween two networks
- Client establishes connection through proxy to destination server/network
- Client negotiates with proxy server establish connection on behalf of client between proxy server and destination
- Proxy then receives and forwards traffic to and from the client and destination on behalf of client
- Effectively masquuerades client for security purposes
- Squid is the most popular open-source Web proxy for Linux
- Uses rules to determin if requests are valid or allowed
- Checks web responses for validity
- Can cache web pages to enhance performance
- Can use plug-ins to perform additional rule checking and validate content
- Configured using command line or Webmin grapical interface
- Denies outgoing requests by default – must be configured to allow requests
- Squid Configuration Demostration
Mentor for DevOps - DevSecOps - SRE - Cloud - Container & Micorservices at Software AG
Join my following certification courses...
- DevOps Certified Professionals (DCP)
- Site Reliability Engineering Certified Professionals (SRECP)
- Master in DevOps Engineering (MDE)
- DevSecOps Certified Professionals (DSOCP)
URL - https://www.devopsschool.com/certification/
My Linkedin - https://www.linkedin.com/in/rajeshkumarin
- DevOps Certified Professionals (DCP)
- Site Reliability Engineering Certified Professionals (SRECP)
- Master in DevOps Engineering (MDE)
- DevSecOps Certified Professionals (DSOCP)
URL - https://www.devopsschool.com/certification/
My Linkedin - https://www.linkedin.com/in/rajeshkumarin
Latest posts by Rajesh Kumar (see all)
- What is ZooKeeper? - April 29, 2024
- What is Mobile Virtual Network Operator? - April 18, 2024
- What is Solr? - April 17, 2024
