Network admins must scan for security vulnerabilities and patch them promptly to prevent attacks and security breaches. Metasploit is an open-source framework for detecting threats and vulnerabilities.
...
Tcpdump is a valuable network utility that can be used for troubleshooting and debugging. This article demystifies tcpdump - examining its options, as well as a real-world use case, for debugging networking issues in your Linux environment.
As a Linux user, you can opt either to allow or restrict network access to some services or IP addresses using the firewalld firewall which is native to CentOS/RHEL 8 and most RHEL based distributions such as Fedora. Learn how to do this in a helpful tutorial.
Capturing network traffic packets provides insight into what's happening on your network - but you don't want just anyone to do it. Learn how to safely capture packets in this article.
OpenVPN is an open-source application that allows you to create a secure private network over the public internet. OpenVPN implements a virtual private network (VPN) to create a secure connection. OpenVPN uses the OpenSSL library to provide the encryption and it provides several authentication mechanisms, such as certificate-based, pre-shared keys, and username/password authentication. Learn how to install OpenVPN with Easy-RSA 3 on CentOS 8:
In 2019, is there anything that the mighty, $35, credit card-sized Raspberry Pi computer can't do? It seems there isn't; recent Raspberry Pi projects include a functional smartphone, a computer vision kit, and even a movie projector for a more traditional home theater experience.
Firewalls are a vital part of network security, so it’s important for a sysadmin to be familiar with how they work. If you understand firewalls, you can keep your network secure by making intelligent choices about the traffic you allow in and out.
Shannon Nelson from the Oracle Linux Kernel Development team offers these tips and tricks to help make host network diagnostics easier. He also includes a recommended playlist for accompanying your debugging!
PriTunl is a fantastic VPN terminator solution that's perfect for small businesses and individuals who want a quick and simple way to access their network privately. It's open source, and the basic free version is more than enough to get you started and cover most simple use cases.
Learning Nagios 3.0 is a comprehensive configuration guide to monitor and maintain your network and systems. It is a practical guide to setting up the Nagios 3.0 open source network monitoring tool, installing and configuring Nagios 3 on various operating systems. It will help understand system monitoring and how Nagios works. Nagios 3 is a system that watches to see whether hosts and services are working properly, and notifies users when problems occur. Nagios allows both the monitoring of services on its own, and the receipt of information about computer and service statuses from other applications. Nagios constantly checks other machines on your network and various services on those machines. It is a modular and flexible solution that uses plug-ins to do its job.
I need some help in writing snort rules for the following, I have never done this before, can someone please help me.
Thanks
1. (1 point) Write a Snort rule that will alert on TCP traffic exiting the 10.0.1.0/24 network with the content "proprietary". I do not care where the traffic is going or what ports it is using. When Snort creates the alert it should read "Proprietary information leaving!"
2. (1 point) Write a Snort rule that will log any TCP traffic entering into the 192.168.100.0/24 and 10.2.2.0/24 networks with destination ports 1 through 1024. I do not care about the source IP addresses or source ports. When Snort logs the traffic it should read "Incoming to low ports".
3. (1 point) Write a Snort rule that will alert on UDP traffic entering the 192.168.10.0/24 network that contains the content "cgi-bin" anywhere between the 5th byte offset to the 25th byte offset. The alert should trigger on both lowercase and uppercase content. I do not care about the source ports or destination ports. When Snort creates the alert it should read "UDP CGI exploit".
So when many people think of Nmap, it is often related to those who are new or learning in the world of scanning and tracking network ports. It's open source. It's easy to use (with a GUI). It has a full community of friendly users, plays well with friends, is good with children and even makes cupcakes at parties (okay maybe not those last few). The point is, the reality may not always be apparent; that Nmap provides some serious, enterprise, #&$#!-kicking functionality. And while we tend to avoid pushing specific papers or How-tos that cost money, this paper we found brought up a nice point considering that Nmap is, in fact, our Open Source Tool of the Month.
So if you were curious as to whether Nmap is serious enough to warrant charging for a how-to, (without shame that is) check this out. Could you find this information elsewhere? Probably. Is it as good? We don't know, we didn't buy it :) Is it easier to understand and follow, especially for someone in a business environment? Just maybe.
Either way, when push comes to shove, it's nice to see an open source tool get some attention. And who knows? If there's some company manager that doesn't trust Nmap's functionality, maybe a paid analysis of its utility could go farther in convincing them than some free how-to you found online (even from such a trustworthy, experienced site such as this :) Fair is fair, and heck, its food for thought.
If you are planning on using FTP and want to use the TLS protocol, here is a simple and effective HowTo on installing it and getting up and running for your system.
The TLS protocol allows applications to communicate across a network in a way designed to prevent eavesdropping, tampering, and message forgery. TLS provides endpoint authentication and communications privacy over the Internet using cryptography.
There are so many network monitoring options for the Open Source user, one might get sick of them. But not likely!
Zabbix has the capability to monitor just a about any event on your network from network traffic to how many papers are left in your printer. It produces really cool graphs.
In this HowTo we install software that has an agent and a server side. The goal is to end up with a setup that has a nice web interface that you can show off to your boss.
It's a great open source tool that lets you know what's out there.
Do you use Snort? Do you want to get more out of it than you already are? Have no fear, James Turnbull will take you through the process of kicking you Intrusion Detection system up a notch. Check it out:
Barnyard improves Snort's speed and efficiency processing outputted data off-loaded by Snort. Barnyard leaves Snort more capacity to perform its key function: scanning and analyzing traffic for anomalies and attacks. We will set Snort to output its alerts and logs to the unified (binary) format, which isn't as processor-intensive as other kinds of output, and then make use of Barnyard to process the resulting output into our required format(s). This tip presumes you already have Snort installed and configured.
Ever wanted to set up a robust, manageable and capable network monitoring system? How about one that is free to download? Look no further than Nagios with this HowTo from Rainer Brunold at Novell. With these basic steps you'll be able to pin down movement on your network in no time:
Server Preparation
Software Download and Extraction
Security Preparation
Software Compilation and Installation
Installation of Plugins
Configuration
Apache Security Preparation
Apache and Nagios Startup
Testing and Next Steps
Take Nagios for a spin and look out for more of the same soon!
