Network Security Tools for Newbies

We all have to start somewhere. The question is, where?

The sheer number of tools available can make it difficult to choose a place to start. This is complicated by the fact that most of the tools on the market have a very steep learning curve, and that many of these tools can be hazardous to run on a production network.

There are several pentesting distributions on the market (PentooNodeZeroKali, and BackBox are good examples) loaded with tools and utilities. Unfortunately, these offer so many tools, they don;t help answer the question of where to start. Let’s look at a couple areas that are important and find some tools that cen help get you started on the road to success. Continue reading “Network Security Tools for Newbies”

Monitoring for NDP Spoofing

I have previously posted a blog post describing how to monitor for ARP Spoofing. With IPv6 on everyone’s mind today (It IS on your mind, right?), it would seem that it is a good time to talk about a similar concern for IPv6 networks. IPv6 networks do not support multicast, but they DO have a comparable protocol. Unfortunately, it is also subject to the same exploits using similar techniques. Like ARP however, there are tools available to assist in monitoring and detecting NDP spoofing attempts. Let’s look at how we can proactively monitor this critical function of our network. Continue reading “Monitoring for NDP Spoofing”

Monitoring for ARP Spoofing

Of the many ways that a network can be infiltrated, one of the most difficult to detect and manage is ARP spoofing. This is due to the fact that ARP does not take security into account in its design. Fortunately, there are tools available to assist in monitoring for and detecting ARP spoofing attempts. Obviously, the first steps in addressing a security incident is knowing that there IS an incident, so let’s look at how we can proactively watch for these incidents on our network. Continue reading “Monitoring for ARP Spoofing”

Centralize Your System Logging Using Syslog

System logs are a critical part of system and network maintenance. They are, in fact, one of the key components for managing just about ANY system related incident. Unfortunately these logs are completely inaccessible or untrustable if a system reaches an unbootable state, suffers a catastrophic disk failure, or is compromised by an attacker. For these scenarios, and for general ease of maintenance, one of the best moves that you can make toward converting a group of machines into a manageable network is to set up remote Syslog services. Continue reading “Centralize Your System Logging Using Syslog”

Setting Context Sensitivity in VIM

VIM is one of the kings of the editing world. Built for speed and for flexibility, it is a critical tool for *nix admins. the one thing it lacks for many people, though, is context sensitivity. This is easy enough to fix. Simply create a new document in your home directory named .vimrc (please note the leading period, denoting “hidden”), and add the line “syntax on” to set sensitivity. the first few lines of my .vimrc file are listed below for reference. If you are looking for more info on using, or customizing, VIM you should start at the VIM tips Wiki. Continue reading “Setting Context Sensitivity in VIM”