network security management tools. mcns—network security management tools—17-2 copyright 1998,...
TRANSCRIPT
Network SecurityManagement Tools
MCNS—Network Security Management Tools—17-2Copyright 1998, Cisco Systems, Inc.
Objectives
• Describe security vulnerability testing, detection, and auditing tools useful in the Cisco network security environment
Upon completion of this chapter, you will be able to:
MCNS—Network Security Management Tools—17-3Copyright 1998, Cisco Systems, Inc.
Integrity Testing Tools
MCNS—Network Security Management Tools—17-4Copyright 1998, Cisco Systems, Inc.
Managing the Secure XYZ Network
Campus
CiscoSecure ACS ServerTACACS+, RADIUS
PerimeterRouter
Firewall
Bastion Host: Web ServerFTP Server
Web Surfer
DialupInternet
Dialup Client
Network AccessServer
Remote Branch
Sales Engineering
PSTN/ISDN
CampusClient
TokenServer
MCNS—Network Security Management Tools—17-5Copyright 1998, Cisco Systems, Inc.
Scanners
• ISS SafeSuite (UNIX and NT)
Top commercial scanner
Suite of several scanners with GUI
• SATAN (UNIX)Security Administrator’s Tool for Analyzing Networks
Scans remote hosts for most known security holes
MCNS—Network Security Management Tools—17-6Copyright 1998, Cisco Systems, Inc.
Scanners (cont.)
• NSS (UNIX)
• Strobe (UNIX)
• Jackal (UNIX)
• IdentTCPScan (UNIX)
• CONNECT (UNIX)
• FSPScan (Windows, OS/2)
• XSCAN (UNIX)
MCNS—Network Security Management Tools—17-7Copyright 1998, Cisco Systems, Inc.
Sniffers
• Network General Sniffer
• Network General XRay
• Gobbler (DOS/Windows)
• ETHLOAD
• Netman suite (Etherman)
• Esniff.c
• Network Monitor (Microsoft)
MCNS—Network Security Management Tools—17-8Copyright 1998, Cisco Systems, Inc.
Password Crackers/Checkers
• Passwd+
• Crack (UNIX)
CrackerJack (UNIX)
PaceCrack95 (Windows 95)
Qcrack (DOS/Windows)
John the Ripper (UNIX)
Pcrack (UNIX Perl script)
Hades (UNIX)
Star Cracker (DOS)
Killer Cracker (UNIX, others)
MCNS—Network Security Management Tools—17-9Copyright 1998, Cisco Systems, Inc.
Network Utilities (UNIX)
• host
• traceroute
• rusers
• finger/sfingerd
• showmount
• WHOIS
• smrsh
• ssh
MCNS—Network Security Management Tools—17-10Copyright 1998, Cisco Systems, Inc.
Logging Tools
• TCP_Wrapper
• swatch
• trimlog
• logdaemon (UNIX)
MCNS—Network Security Management Tools—17-11Copyright 1998, Cisco Systems, Inc.
Tool Suites
• Merlin by CIAC (UNIX)
• Tiger (TAMU)
MCNS—Network Security Management Tools—17-12Copyright 1998, Cisco Systems, Inc.
File/System Integrity Checkers
Used to guard against Trojan horses:
• MD5
• COPS (UNIX)
• Tripwire
• ATP (Anti-Tampering Program)
• Hobgoblin
MCNS—Network Security Management Tools—17-13Copyright 1998, Cisco Systems, Inc.
System Monitors
• Windows/NT
• Cinco NeTXray for Win 95 and NT
• UltraScan v1.2 Port Scanner for NT
• Kane Security Analyst for NT
• Microsoft EP Dump for NT
• MicrosoftC2CERT
MCNS—Network Security Management Tools—17-14Copyright 1998, Cisco Systems, Inc.
Windows 95 Tools
• NetScan Tools
• Network Toolbox
• TCP/IP Surveyor
MCNS—Network Security Management Tools—17-15Copyright 1998, Cisco Systems, Inc.
Macintosh Tools
• MacTCP Watcher
• Query It!
• WhatRoute
MCNS—Network Security Management Tools—17-16Copyright 1998, Cisco Systems, Inc.
Cisco IOS Software Commands
• traceroute
• show ip route
• debug ip packet
• rmon
• show ip ?
MCNS—Network Security Management Tools—17-17Copyright 1998, Cisco Systems, Inc.
Chapter References
The following sites contain security tools:
• ftp://ciac.llnl.gov/pub/ciac/sectools/unix/
• ftp://coast.cs.purdue.edu/pub/tools/
• ftp://ftp.cert.org/pub/tools/
• ftp://ftp.win.tue.nl/pub/security/
• ftp://ftp.funet.fi/pub/unix/security/
• http://www.rootshell.com/
• http://filepile.com/
• http://www.iss.net/
MCNS—Network Security Management Tools—17-18Copyright 1998, Cisco Systems, Inc.
Summary• Scanners automatically detect security weaknesses
• ISS and SATAN are two of the most popular scanners
• Sniffers capture packet traffic for later analysis
• Password crackers and checkers can be used to detect weak passwords, improving password security
• UNIX is the most powerful operating system for network security, because it has many network utilities
• Network logging tools are useful for detecting intrusions
• Network security tools are also available for Windows NT and 95, DOS, Macintosh, and OS/2
• Cisco IOS software has commands useful for security
MCNS—Network Security Management Tools—17-19Copyright 1998, Cisco Systems, Inc.
Review Questions
Q1. Which network security tool for the Windows NT platform would be useful for automatically detecting security weaknesses as part of managing network security?
A) ISS Safesuite
Q2. What is the Cisco IOS software command that can substitute for a packet sniffer?
A) debug ip packet
MCNS—Network Security Management Tools—17-20Copyright 1998, Cisco Systems, Inc.
Review Questions (Cont’d)
Q3. How can password crackers and checkers be used
in managing network security?A) Password crackers and checkers can be used to detect weak passwords, improving password security
Q4. Which operating system has the largest selection of network security utilities?
A) UNIX is the most powerful operating system for network security, because it has many network utilities