Network Security Management Tools

Network Security Management Tools... • Describe security vulnerability testing, detection, and auditing tools useful in the Cisco network security environment Upon completion of this c

Network Security Management Tools

• Describe security vulnerability testing,

detection, and auditing tools useful in

the Cisco network security environment

Upon completion of this chapter,

you will be able to:

Integrity Testing Tools

Managing the Secure

XYZ Network

Campus

Perimeter

Router

Firewall

Bastion Host:

Web Server

FTP Server

Web Surfer

Dialup Internet

Dialup Client

Network Access

Server

Remote Branch

PSTN/

ISDN

Campus Client Token

• ISS SafeSuite (UNIX and NT)

Top commercial scanner Suite of several scanners with GUI

• SATAN (UNIX)

Security Administrator’s Tool for Analyzing Networks Scans remote hosts for most known security holes

Scanners (cont.)

• NSS (UNIX)

• Strobe (UNIX)

• Jackal (UNIX)

• IdentTCPScan (UNIX)

• CONNECT (UNIX)

• FSPScan (Windows, OS/2)

• XSCAN (UNIX)

• Network General Sniffer

• Network General XRay

• Gobbler (DOS/Windows)

• ETHLOAD

• Netman suite (Etherman)

• Esniff.c

• Network Monitor (Microsoft)

Password Crackers/Checkers

• Passwd+

• Crack (UNIX)

CrackerJack (UNIX)

PaceCrack95 (Windows 95)

Qcrack (DOS/Windows)

John the Ripper (UNIX)

Pcrack (UNIX Perl script) Hades (UNIX)

Star Cracker (DOS) Killer Cracker (UNIX, others)

Network Utilities (UNIX)

• host

• traceroute

• rusers

• finger/sfingerd

• showmount

• WHOIS

• smrsh

• ssh

Logging Tools

• TCP_Wrapper

• swatch

• trimlog

• logdaemon (UNIX)

Tool Suites

• Merlin by CIAC (UNIX)

• Tiger (TAMU)

File/System Integrity Checkers

Used to guard against Trojan horses:

• Tripwire

System Monitors

• Windows/NT

Windows 95 Tools

Macintosh Tools

• MacTCP Watcher

• Query It!

• WhatRoute

Cisco IOS Software Commands

• traceroute

• show ip route

• debug ip packet

• rmon

• show ip ?

Chapter References

The following sites contain security tools:

• ftp://ciac.llnl.gov/pub/ciac/sectools/unix/

• ftp://coast.cs.purdue.edu/pub/tools/

• ftp://ftp.cert.org/pub/tools/

• ftp://ftp.win.tue.nl/pub/security/

• ftp://ftp.funet.fi/pub/unix/security/

• http://www.rootshell.com/

• http://filepile.com/

• Scanners automatically detect security weaknesses

• ISS and SATAN are two of the most popular scanners

• Sniffers capture packet traffic for later analysis

• Password crackers and checkers can be used to detect

weak passwords, improving password security

• UNIX is the most powerful operating system for network

security, because it has many network utilities

• Network logging tools are useful for detecting intrusions

• Network security tools are also available for Windows NT and 95, DOS, Macintosh, and OS/2

• Cisco IOS software has commands useful for security

Review Questions

Q1 Which network security tool for the Windows NT

platform would be useful for automatically detecting security weaknesses as part of managing network

security?

A) ISS Safesuite

Q2 What is the Cisco IOS software command that can

substitute for a packet sniffer?

A) debug ip packet

Review Questions (Cont’d)

Q3 How can password crackers and checkers be used

in managing network security?

A) Password crackers and checkers can be used to detect weak

passwords, improving password security

Q4 Which operating system has the largest selection

of network security utilities?

A) UNIX is the most powerful operating system for network security,

because it has many network utilities