No doubt, you already have a network security toolkit, and that toolkit probably changes as your network environment changes. One item that you might want to consider adding to your toolkit is the Network Security Toolkit (NST), which is a project developed and maintained by Ron Henderson and Paul Blankenbaker. The NST is available as a bootable CD-ROM or an International Organization for Standardization (ISO) downloadable im-age. It contains a variety of popular security tools, some of which you might already use and some of which you might not yet know about.

When you reboot a system with the NST CD-ROM loaded, a trimmed-down version of Redhat Linux 9 opens. After the OS is running, you can access the tools on the CD-ROM through the local console, through a serial connection, via the network from another system, or through a Web browser.

The tools included with NST are for the most part taken from a list of security tools that a group of security professionals voted as most popular. If you're familiar with Insecure.Org's Nmap Security Scanner, then you might have heard of Fyodor, the tool's creator. In June 2003, Fyodor surveyed Nmap users to determine their favorite security tools. Based on the feedback, Fyodor published "The Top 75 Security Tools," which you can find at http://www.insecure.org/tools.html. NST includes most of these tools.

Toolkit Contents
NST contains five native Windows applications that you can download via the NST Web UI and run on the Windows desktop. They are the Nessus scanner client, PuTTY (a Secure Shell—SSH—client), PuTTY Secure Copy (PSCP—a secure file-copying program), PuTTY Secure FTP (PSFtp—a secure FTP client), and TightVNC (a remote-desktop-control client).

In addition to those Windows-based tools, NST has dozens of Linux-based tools and tools that you can operate from a Web browser. I can't list every tool, but Table 1 shows some of the most popular ones. For a complete list of NST tools, see the NST 1.0.6 manifest at http://www.networksecuritytoolkit.org/nst/log/manifest-1.0.6.html. Note that by the time you read this article, NST 1.20 might be available, offering more tools and more functionality, such as the ability to install NST to a hard disk, Java runtime support, Basic Analysis and Security Engine (BASE) for Snort, and more.

Getting Started
To begin using NST, you'll first need to download a copy of the toolkit. The NST Web site (http://www.network securitytoolkit.org) contains a link to the Sourceforge download site, as well as links to technical information about NST, instructions for using the toolkit, an FAQ, and other useful information.

NST is available as an ISO file and as source code. Unless you know how to build the source code into executable files, you should download the ISO file. You can use any CD-ROM burning software to create a bootable CD-ROM from the ISO file. If you don't have CD-ROM burning software, you can use a shareware package such as Apollo Technology's Apollo. The trial version will let you burn CD-ROMs, data disks, music CDs, and video CDs. Another good CD-ROM-burning package is Ahead Software's Nero, which is also available as a fully functional trial version.

Boot the system with the NST CD-ROM you just created. NST ran fast and with no problems on my 350MHz Pentium II test system with 128MB of RAM and an Intel EtherExpress 10 NIC.

Each time you boot the system, you'll see a prompt to change the root password. After you change the root password, the system displays a logon prompt. Log on with the username root and the password you defined during the boot sequence. If you didn't change the root password (maybe you simply pressed Enter at the prompt), then use the default password nst123.

After you log on, you need to define an IP address for your network card unless you don't plan to connect the system to a network. If you have a DHCP server on your network, it should assign an address automatically. If you don't use DHCP, then you can either use the Ifconfig and Route commands to configure the IP address and gateway address manually or use NST's built-in scripts.

To configure your Ethernet parameters manually, use the following commands to deactivate the network interface, define the IP address as 192.168.0.100 with a 24-bit netmask of 255.255.255.0, and reactivate the interface:

ifconfig eth0 down

ifconfig eth0 192.168.0.100

 netmask 255.255.255.0

ifconfig eth0 up

You'll need to define a gateway address if you intend to route traffic to and from the system. To add a default gateway, you need to change the routing table. To do so, enter

route add -net 0.0.0.0 netmask 0.0.0.0
 gw 192.168.x.x.

where 192.168.x.x is the gateway address.

To use the built-in scripts to define an IP address and gateway address, open a command prompt and enter

cdnet

to change the current directory to a script directory. Next, enter

jed nst-eth0.192net

This command starts the jed text editor and opens the file nst-eth0.192net, in which you can define your IP address, netmask, and gateway. Save the file to disk and exit the editor. Next, enter the command

auto_config_net192

which will configure your network card with the parameters you entered in the nst-eth0.192net file and open the Ethernet interface. Your system should now be active on the network.

   Prev. page   [1] 2 3     next page



You must log on before posting a comment.

If you don't have a username & password, please register now.

Reader Comments

This is a great way to evaluate many tools for network troubleshooting without hurting a production machine. Thank you!

tarmstrong- December 17, 2004

Article Rating 4 out of 5