• Complain

Dr. Hidaia Mahmood Alassouli - Overview of Some Windows and Linux Intrusion Detection Tools

Here you can read online Dr. Hidaia Mahmood Alassouli - Overview of Some Windows and Linux Intrusion Detection Tools full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. genre: Home and family. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:

Romance novel Science fiction Adventure Detective Science History Home and family Prose Art Politics Computer Non-fiction Religion Business Children Humor

Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.

Dr. Hidaia Mahmood Alassouli Overview of Some Windows and Linux Intrusion Detection Tools

Overview of Some Windows and Linux Intrusion Detection Tools: summary, description and annotation

We offer to read an annotation, description, summary or preface (depends on what the author of the book "Overview of Some Windows and Linux Intrusion Detection Tools" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.

Dr. Hidaia Mahmood Alassouli: author's other books


Who wrote Overview of Some Windows and Linux Intrusion Detection Tools? Find out the surname, the name of the author of the book and a list of all author's works by series.

Overview of Some Windows and Linux Intrusion Detection Tools — read online for free the complete book (whole text) full work

Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Overview of Some Windows and Linux Intrusion Detection Tools" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.

Light

Font size:

Reset

Interval:

Bookmark:

Make
Evaluation of Some Windows and Linux Intrusion Detection Tools

By

Dr. Hidaia Mahmood Alassouli


Evaluation of Some Windows and Linux Security Tools
GFI LANguard, Nessus, Snort, Base, ACID, Rman, SnortCenter, OSSEC, Sguil
1.Abstract:

The paper evaluates some the security tools. Top security tools can be found in http://sectools.org/. Most important vulnerabilities in Windows and Linux can be found in www.sans.org/top20/ . The paper covers the installation and configuration of the following security tools:

  • LANguard
  • Nessus
  • Snort
  • BASE
  • ACID
  • Rman
  • SnortCenter.
  • OSSEC
  • Sguil

Keywords: Vulnerability Assessment Tools, Intrusion Detection Tools, LANguard, Nessus, Snort, BASE, Rman, OSSEC, Sguil.


2.What it Does:

In this paper I will evaluate some the security tools. Among my work in this area, I found the best site that lists the security tools is http://sectools.org/. Most important vulnerabilities in Windows and Linux can be found in www.sans.org/top20/ . There is a good course that covers most of the hacking and security issues, the Certified Ethical Hacking course.

The paper covers the installation and configuration of the following security tools:

  • LANguard
  • Nessus
  • Snort
  • BASE
  • Rman
  • OSSEC
  • Sguil

3.Vulnerability Assessment Tools:

The following vulnerability assessment tools were tested in order to look for the main differences between them when scanning Linux and Windows machine:

LANguard in Microsoft Windows

Nessuss in Windows and Linux

Some other that can be tried also: Tenable NeWT , Shadow Security Scanner, Microsoft Baseline Security Analyzer.


3.1 GFI LANguard :

GFI GuardLAN and Microsoft Base Line Security Scanner are mostly same. Download GFI GuardLAN from http://www.gfi.com/lannetscan/. After installation, you can start scanning any machine with the administrative privilege.


3.2. Nessus:

Download the nessus from http://www.nessus.org and install it.

a) Installation on Windows:

The installation is straight forward. Download the software after registration, and install the package after providing the activation code (you shall get it through email), and the necessary plugins will be downloaded automatically upon the installation. You can use the Nessus Client that installed with the package. You can also create users, download and run NessusWX Client as its output is clearer.

b) Installation on Linux

Installation in Linux needs some preparation.

1- Download the latest version of Nessus from http://www.nessus.org/download/

Install it with the following command depending on your version

# rpm ivh Nessus-*.rpm

2- Create a Nessus User. At minimum, one Nessus user should be created so client utilities can log into Nessus to initiate scans and retrieve results.

# /opt/nessus/sbin/nessus-add-first-user

In the file /opt/nessus/etc/nessus/nessusd.conf there are several options that can be configured. For example, this is where the maximum number of checks and hosts being scanned at one time, the resources you want nessusd to use, and the speed at which data should be read is all specified, as well as many other options.

3- Start the Nessus service as root with the following command:

# /opt/nessus/sbin/nessusd D or # / sbin/service nessusd start

To stop Nessus

# killall nessusd

4- Depending on your subscription service, you will have received an activation code which entitles you to either the direct feed of plugins or the registered, seven-day delayed feed of plugins. Users who have downloaded Nessus from the regular download page should have received an email containing an activation code for the registered feed. Otherwise, you can go to http://www.nessus.org/register to register your Nessus scanner in order to receive a plugin activation code for the registered feed. To install the activation code, type the following command on the system running Nessus, where is the registration code that you received:

# /opt/nessus/bin/nessus-fetch -register

5- The following command is used to update the Nessus scanner with the most recent plugins:

# /opt/nessus/sbin/nessus-update-plugins

6- There is a new feature in version 3.0 where Nessus will now fetch the newest plugins on a regular basis automatically. This is done with the auto_update option located in the nessusd.conf file. The default for this option is set to yes. The option auto_update_delay determines how often Nessus will update its plugins in hours, which has a default value of 24. The plugins update will take place the set number of hours after nessusd is started and will continue every N number of hours after that. For this option to work properly, you have to make sure that the scanner has a plugin feed activation code that is correctly registered. Use the following command to verify this:

# /opt/nessus/bin/nessus-fetch --check

7- Now the Nessus server is ready to be connected to with a client. There are multiple ways to connect to the Nessus server depending on your type of system. NessusWX is a client available for Windows platforms and NessusClient is an X11/GTK GUI. Command line operation can also be used instead of a client.

8- You can download NessusClient RPM from http://www.nessus.org/download/ and install it. You can run NessusClient by executing

# NessusClient

9- Users are not required to use a client to connect to the nessusd server and run a scan. They can choose to use command line operation to do this. In order to run a scan using command line operation, you must run the scan in batch mode. To do this, use the following command:

# /opt/nessus/bin/nessus q [-pPS] >

Where, targetsfile will include the hosts that you would like to scan. The host, port are your Nessus server IP address and port number.


3.3 Testing:

I tried to test the GFI LANguard Scanner on

- Windows machine, providing it the administrator privilege
- Linux machine, providing it the root privilege

I tried to test Nessus on

- Windows machine
- Linux machine

It seems that both tools provides some special type of information, so I dont want to tell which tool is better. I just advice to try both tools when checking the vulnerabilities.

You cant scan the machines behind firewall when using GFI LANguard, but Nessus can do.


4. Intrusion Detection Tools:

In windows I tested the BlackICE for intrusion detection and prventation. I downloaded the evaluation version from www.iss.net/issEn/DLC/blackiceevaluation.jhtml. This tool is good; especially it can detect any newly installed programs or any intrusion in your host. But It cant detect intrusion in the whole network.

For Linux , I saw that Snort is good tool for intrusion detection of the whole network. But snort is not easy tool to configure, so I just looked for some graphical interface for it. Out of my search I found that BASE and the rule manager for snort can be helpful. I will show here step by step guide for installing snort, BASE and the rule manager for snort.


4.1 General Information about Snort:

Snort can be configured to run in three modes:

- Sniffer mode, which simply reads the packets off of the network and displays them for you in a continuous stream on the console (screen).
Next page
Light

Font size:

Reset

Interval:

Bookmark:

Make

Similar books «Overview of Some Windows and Linux Intrusion Detection Tools»

Look at similar books to Overview of Some Windows and Linux Intrusion Detection Tools. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.


Reviews about «Overview of Some Windows and Linux Intrusion Detection Tools»

Discussion, reviews of the book Overview of Some Windows and Linux Intrusion Detection Tools and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.