NSM Console (Network Security Monitoring Console) is a framework for performing analysis on packat capture files. It implements a modular structure to allow for an analyst to quickly write modules of their own without any programming language experience. Using these modules a large amount of pcap analysis can be performed quickly using a set of global (as well as per-module) options.

For more information, visit http://thnetos.wordpress.com/nsm-console

NSM Console (Network Security Monitoring Console) is a framework for performing analysis on packat capture files. It implements a modular structure to allow for an analyst to quickly write modules of their own without any programming language experience. Using these modules a large amount of pcap analysis can be performed quickly using a set of global (as well as per-module) options.
<br><br>
For more information visit: http://thnetos.wordpress.com/nsm-console

by: Brian Blankenship

This article is a quick example of how you can boot Backtrack 2  and Vista on the same machine.  I wanted a laptop primarily for use with Backtrack 2 , but since Vista came with it I figured why not have it dual-boot?

The laptop I chose is a Compaq Presario C500 (C501NR). I picked it up for $450 at a popular retailer and added 2GB of RAM for good measure. It has a 1.73Mhz Celeron M 430 processor, 80GB HDD, and a 15.4” 1280x800 resolution display. This procedure was written around this particular laptop, but of course could be adapted for use on other machines.

Recovery


First off, be sure that you have backed up any data you care about, and be sure that you have the means to restore Vista in case things go south for some reason. This system didn’t come with a OS restore disk, so I used the utility built into Vista to create the seven recovery CDs (couldn’t they spend an extra $1.00 and include an OS DVD?).

I strongly suggest that you actually boot the recovery disks and verify that they will restore (without actually doing it). In my case the recovery process booted fine, but I then got a message saying “These CD’s can not be used with this system”. Argh! I went to the on-line chat with HP/Compaq support and explained the situation. They mailed me a DVD after I explained that I was attempting them to restore them to the same machine that they were created on and not trying to pirate Vista. I just wouldn’t want to find that I needed to restore later when the warranty was out, and have to go through this sometime down the road. The OS DVD arrived a few days later, and I was ready to continue with the dual boot config.

Side Note:  HP/Compaq Bloatware

All of the ‘bloatware’ as I call it (free trials, annoying pop-up utilities, etc.) that come with new Windows systems can drive a person insane. Restoring from the recovery partition (or DVD in my case) kindly re-installs these useless applications that slow your system down, get in the way, and do who knows what else. While restoring my system I was getting really annoyed at how slow these programs install, combined with the fact that I didn’t want them anyway. The system was going through what seemed like an endless cycle of install, reboot, repeat. More than a couple of hours into it, I decided that there must be a better way.

In short, I let it go through the initial couple of reboots until Vista came up for the first real time. As soon as it did, I immediately launched task manager…

Before we start:

1. Do you have Xcode installed?

2. Do you have Macports installed?

  1. sudo port selfupdate
  2. sudo port sync

**note: You may need to add the following to your Bash user profile like so:

  1. # Your previous .profile (if any) is saved as .profile.mpsaved
  2. # Setting the path for MacPorts.
  3. export PATH=/opt/local/bin:/opt/local/sbin:$PATH
  4. PATH=/opt/local/bin:$PATH
  5. PATH=/opt/local/bin:$PATH
  6. PATH=/opt/local:$PATH

3. Do you have Subversion installed?

Download Subversion 1.4.4 For Mac OS X or install subversion With Macports:

  1. sudo port install subversion

Lets begin. . .

1. Install the latest development release of Kismet! Type the following commands in the terminal:

2. Now we have to configure, make and then install kismet:

  1. ./configure
  2. sudo make
  3. sudo make install

3. Kismet should not be installed however, we still need to configure and verify the settings are correct:

  1. vi /usr/local/etc/kismet.conf


**note: Also make sure the suid user is you Mac OS X user name! Line: 13 - This is very important. In the above screen capture you can see mine says “mephux”.
Starting at line 27 we need to verify the airport settings are entered and correct. You should see the following and if not please add:

  1. source=darwin,en1,OS X

 

Now safe this file by pressing the ‘esc’ key and typing ‘:wq!’.

4. Start kismet and lets see if its working:

  1. sudo kismet

You’re Done!

 

AUTHOR: Paul Cunningham

REQUIREMENTS:
•    Windows XP SP2 or Windows Server 2003 SP2 computer
•    .NET Framework 2.0
•     GFI LANguard

INTRODUCTION

A typical business network is made up of many computers each of which represents a potential security hole for the network.  As networks grow the effort to manage these security risks grows as well.  Although different vendors provide management tools specific to their products these do little to reduce the administrative burden of managing all of the different elements of the network.

GFI LANguard offers a single, centralized solution for IT administrators to scan the computers and servers on the network to detect and resolve security threats.  GFI LANguard is available both as a licensed product for larger networks, and also as a free, full featured version for scanning up to 5 IP addresses.

INSTALLING GFI LANGUARD

In this demonstration I will walk through the installation of GFI LANguard on an administrator’s Windows XP desktop.
To install GFI LANguard download the free trial from http://www.gfi.com/lannetscan to the computer.  Launch setup and step through the installation wizard.  If your computer is missing the required .NET Framework 2.0 it will automatically be downloaded and installed by GFI LANguard setup.



SCANNING THE NETWORK FOR VULNERABILITIES
To scan the network for security vulnerabilities launch the GFI LANguard console and click on Full Scan on the start page.



You can choose to scan the local computer, a single remote computer, or the entire domain/workgroup.  In this example I will scan the entire domain/workgroup.  Click the Scan button to begin scanning the network.



When the scan has finished click on Analyze to see details of the vulnerabilities that were discovered.



Examine any of the scanned computers to see a summary and statistics of the vulnerabilities that were discovered.



Scroll to the bottom of the results and click Remediate to begin fixing the security vulnerabilities.

FIXING SECURITY VULNERABILITIES

A remediation task that you can perform is the deployment of missing Microsoft security patches.  Select the computers that you wish to deploy patches to and then click the Start button to launch the deployment.



CUSTOMIZING GFI LANGUARD SETTINGS FOR AUTOMATIC REMEDIATION OF SECURITY VULNERABILITIES

While deploying patches in the previous task you may have noticed that the patch files needed to first be downloaded from Microsoft before they could be deployed to computers on the network.  You may also have noticed that after the patches were deployed nothing else happened, such as the computers restarting.  This is because of the default patch deployment settings in GFI LANguard.

GFI LANguard can be configured to perform scheduled scans and automatic remediation of missing security patches, including restarting computers to complete the installation of security updates.  To achieve this we must first modify some of the default settings for GFI LANguard.

Up and Running with LabRat
The OWASP LiveCD Education Project

Author: Brian Shumate


Table of Contents

A1   Introduction  
A2   Downloading LabRat  
A3   Booting the ISO   2
A4   Using the Included Tools  
A5   Installing LabRat to Hard Disk  
A6   Booting the New Image from the Hard Disk  
A7   Updating LabRat Software  
A8   Wrapping Up  
A9   References  
A10   About the Author  
 

A1   Introduction


Just when you thought you’d seen all of the finest Linux based Live CD security distros available, a clean, comprehensive, and very usable solution pops into the scene from the fine folks at the Open Web Application Security Project (OWASP).
In conjunction with some sponsoring security organizations, OWASP has produced a strong offering in the OWASP AOC LiveCD distribution, version 0.10 (known also as "LabRat") that is worth a serious look if you are seeking a fantastic LiveCD security-oriented distribution.
 


The OWASP LiveCD is a Debian-flavored distro based on Morphix built around a rich assemblage of applications and documentation, and with a goal of providing security professionals and students an ideal platform for structured and standardized application security testing. The system even offers a series of tests which can be performed by "hacking" the included WebGoat J2EE application simulator according to the well-structured guides.

  Some of the major security testing applications available in LabRat include:

  • nmap” title=”<a href=”/tools/5/Nmap.php” class=“simply_link”>Nmap articles, videos, and tutorials.” class=“simply_intern”>Nmap
  • TCPDUMP
  • Paros
  • JBroFuzzer
  • WireShark
  • WebGoat
  • webscarab” title=”<a href=”/tools/24/WebScarab.php” class=“simply_link”>WebScarab tutorials, videos, and articles.” class=“simply_intern”>WebScarab


Scope of this Guide


This guide further introduces the OWASP LiveCD (LabRat) distribution, details installing to a hard disk drive, and updating included the included applications, and operating system components. If you’re ready to try this excellent security distribution, grab a machine, a bit of bandwidth, and let’s go!

A2   Downloading LabRat


Once you’ve provisioned a test machine, you need to download the LabRat ISO from the OWASP project website.
Retrieve the ISO from the following URL:


http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project


Note: This disk image is approximately 790MB, so you’ll need to write the image to a DVD, or consider using a virtual machine environment, such as VMware for your testing.