Network SecurityManagement Tools

MCNS—Network Security Management Tools—17-2Copyright 1998, Cisco Systems, Inc.

Objectives

• Describe security vulnerability testing, detection, and auditing tools useful in the Cisco network security environment

Upon completion of this chapter, you will be able to:

MCNS—Network Security Management Tools—17-3Copyright 1998, Cisco Systems, Inc.

Integrity Testing Tools

MCNS—Network Security Management Tools—17-4Copyright 1998, Cisco Systems, Inc.

Managing the Secure XYZ Network

Campus

CiscoSecure ACS ServerTACACS+, RADIUS

PerimeterRouter

Firewall

Bastion Host: Web ServerFTP Server

Web Surfer

DialupInternet

Dialup Client

Network AccessServer

Remote Branch

Sales Engineering

PSTN/ISDN

CampusClient

TokenServer

MCNS—Network Security Management Tools—17-5Copyright 1998, Cisco Systems, Inc.

Scanners

• ISS SafeSuite (UNIX and NT)

Top commercial scanner

Suite of several scanners with GUI

• SATAN (UNIX)Security Administrator’s Tool for Analyzing Networks

Scans remote hosts for most known security holes

MCNS—Network Security Management Tools—17-6Copyright 1998, Cisco Systems, Inc.

Scanners (cont.)

• NSS (UNIX)

• Strobe (UNIX)

• Jackal (UNIX)

• IdentTCPScan (UNIX)

• CONNECT (UNIX)

• FSPScan (Windows, OS/2)

• XSCAN (UNIX)

MCNS—Network Security Management Tools—17-7Copyright 1998, Cisco Systems, Inc.

Sniffers

• Network General Sniffer

• Network General XRay

• Gobbler (DOS/Windows)

• ETHLOAD

• Netman suite (Etherman)

• Esniff.c

• Network Monitor (Microsoft)

MCNS—Network Security Management Tools—17-8Copyright 1998, Cisco Systems, Inc.

Password Crackers/Checkers

• Passwd+

• Crack (UNIX)

CrackerJack (UNIX)

PaceCrack95 (Windows 95)

Qcrack (DOS/Windows)

John the Ripper (UNIX)

Pcrack (UNIX Perl script)

Hades (UNIX)

Star Cracker (DOS)

Killer Cracker (UNIX, others)

MCNS—Network Security Management Tools—17-9Copyright 1998, Cisco Systems, Inc.

Network Utilities (UNIX)

• host

• traceroute

• rusers

• finger/sfingerd

• showmount

• WHOIS

• smrsh

• ssh

MCNS—Network Security Management Tools—17-10Copyright 1998, Cisco Systems, Inc.

Logging Tools

• TCP_Wrapper

• swatch

• trimlog

• logdaemon (UNIX)

MCNS—Network Security Management Tools—17-11Copyright 1998, Cisco Systems, Inc.

Tool Suites

• Merlin by CIAC (UNIX)

• Tiger (TAMU)

MCNS—Network Security Management Tools—17-12Copyright 1998, Cisco Systems, Inc.

File/System Integrity Checkers

Used to guard against Trojan horses:

• MD5

• COPS (UNIX)

• Tripwire

• ATP (Anti-Tampering Program)

• Hobgoblin

MCNS—Network Security Management Tools—17-13Copyright 1998, Cisco Systems, Inc.

System Monitors

• Windows/NT

• Cinco NeTXray for Win 95 and NT

• UltraScan v1.2 Port Scanner for NT

• Kane Security Analyst for NT

• Microsoft EP Dump for NT

• MicrosoftC2CERT

MCNS—Network Security Management Tools—17-14Copyright 1998, Cisco Systems, Inc.

Windows 95 Tools

• NetScan Tools

• Network Toolbox

• TCP/IP Surveyor

MCNS—Network Security Management Tools—17-15Copyright 1998, Cisco Systems, Inc.

Macintosh Tools

• MacTCP Watcher

• Query It!

• WhatRoute

MCNS—Network Security Management Tools—17-16Copyright 1998, Cisco Systems, Inc.

Cisco IOS Software Commands

• traceroute

• show ip route

• debug ip packet

• rmon

• show ip ?

MCNS—Network Security Management Tools—17-17Copyright 1998, Cisco Systems, Inc.

Chapter References

The following sites contain security tools:

• ftp://ciac.llnl.gov/pub/ciac/sectools/unix/

• ftp://coast.cs.purdue.edu/pub/tools/

• ftp://ftp.cert.org/pub/tools/

• ftp://ftp.win.tue.nl/pub/security/

• ftp://ftp.funet.fi/pub/unix/security/

• http://www.rootshell.com/

• http://filepile.com/

• http://www.iss.net/

MCNS—Network Security Management Tools—17-18Copyright 1998, Cisco Systems, Inc.

Summary• Scanners automatically detect security weaknesses

• ISS and SATAN are two of the most popular scanners

• Sniffers capture packet traffic for later analysis

• Password crackers and checkers can be used to detect weak passwords, improving password security

• UNIX is the most powerful operating system for network security, because it has many network utilities

• Network logging tools are useful for detecting intrusions

• Network security tools are also available for Windows NT and 95, DOS, Macintosh, and OS/2

• Cisco IOS software has commands useful for security

MCNS—Network Security Management Tools—17-19Copyright 1998, Cisco Systems, Inc.

Review Questions

Q1. Which network security tool for the Windows NT platform would be useful for automatically detecting security weaknesses as part of managing network security?

A) ISS Safesuite

Q2. What is the Cisco IOS software command that can substitute for a packet sniffer?

A) debug ip packet

MCNS—Network Security Management Tools—17-20Copyright 1998, Cisco Systems, Inc.

Review Questions (Cont’d)

Q3. How can password crackers and checkers be used

in managing network security?A) Password crackers and checkers can be used to detect weak passwords, improving password security

Q4. Which operating system has the largest selection of network security utilities?

A) UNIX is the most powerful operating system for network security, because it has many network utilities