Linux Security Tools

Posted by

  • Vulnerability Assessment with Nessus
  • Traffic Security with Ethereal
  • Web Proxying with Squid

Vulnerability Assessment with Nessus

  • Nessus is a vulnerability assessment tool
  • Comes built-in with most distros
  • More than just a port scanner
  • Ability to scan a sytem for open ports and services, applications, and vulnerabilities associated with system
  • Useful to help find your systems’s
  • Can be run against local host or networked systems
  • Requires root privileges to be effective
  • Two major pieces:
  • Server(nessusd)
  • Client(nessus)
  • Server is run on host to be canned, client is for viewing scan results
  • Requires a username and password or certificate to be setup
  • Use ‘nessus’ command with options to configure program
  • Nessus uses port 1241 by default to listen, but can be changed
  • GUI can be used to configure scans and view them
  • Many scan options can cause DOS attack against target – use with caution!
  • Scan results can tell you about vulnerabilities, possible effetcs, and how to correct them
  • Nessus uses updateable database of Vulnerabilities
  • Usually kept very current
  • Ensure you check website for latst database updates
  • Nessus Demonstration

Traffic Security with Ethereal

  • Ethereal (now Wireshark) most popular network sniffer
  • Open source and commercial versions
  • De facto sniffer used with Linux
  • Uses libcap library
  • Enables “promiscuous mode” NIC opeartion
  • Can intercept any raw traffic NIC receives
  • Use to ensure communications security of your network:
  • Determine if integrity of packets are assured
  • Determine if/when encryption in needed
  • Determine if paswords are secured
  • Can capture real-time traffic or saved traffic for later analysis
  • Saves to a file that is readable by different programs
  • Breaks out capture by time, protocol, source, and destination IP addresses/MAC addresses
  • Ethereal Demonstration

Web Proxying with Squid

  • A proxy runs on a server beween two networks
  • Client establishes connection through proxy to destination server/network
  • Client negotiates with proxy server establish connection on behalf of client between proxy server and destination
  • Proxy then receives and forwards traffic to and from the client and destination on behalf of client
  • Effectively masquuerades client for security purposes
  • Squid is the most popular open-source Web proxy for Linux
  • Uses rules to determin if requests are valid or allowed
  • Checks web responses for validity
  • Can cache web pages to enhance performance
  • Can use plug-ins to perform additional rule checking and validate content
  • Configured using command line or Webmin grapical interface
  • Denies outgoing requests by default – must be configured to allow requests
  • Squid Configuration Demostration