Network Security Toolkit
Encyclopedia
The Network Security Toolkit (NST) is a Linux-based
Live CD
that provides a set of open source
computer security
and networking
tools to perform routine security and networking diagnostic and monitoring tasks. The distribution can be used as a network security analysis, validation and monitoring tool on servers hosting virtual machines. The majority of tools published in the article Top 100 security tools by Insecure.org are available in the toolkit. NST has package management capabilities similar to Fedora
and maintains its own repository (32 bit / 64 bit) of additional packages.
with the vizualization tool ZenMap, ntop
, a Network Interface Bandwidth Monitor, a session manager for VNC, a minicom-based terminal server, serial port
monitoring, and WPA
PSK
management.
Other features include visualization of ntop
, wireshark
, traceroute
, netflow
and kismet data by geolocating
the host addresses, IPv4 Address conversation, traceroute
data and wireless access points
and displaying them via Google Earth
or a Mercator World Map
bit image, a browser-based packet capture and protocol analysis system capable of monitoring up to four network interfaces using Wireshark
, as well as a Snort
-based intrusion detection system with a "collector" backend that stores incidents in a MySQL
database. For web developers, there is also a JavaScript
console with a built-in object library with functions that aid the development of dynamic web page
s.
----
host geolocation images were generated by NST.
----
enabled Network Interface Bandwidth Monitor which is integrated into the NST WUI. Also shown is a Ruler Measurment tool overlay to perform time and bandwidth rate analysis.
Linux distribution
A Linux distribution is a member of the family of Unix-like operating systems built on top of the Linux kernel. Such distributions are operating systems including a large collection of software applications such as word processors, spreadsheets, media players, and database applications...
Live CD
Live CD
A live CD, live DVD, or live disc is a CD or DVD containing a bootable computer operating system. Live CDs are unique in that they have the ability to run a complete, modern operating system on a computer lacking mutable secondary storage, such as a hard disk drive...
that provides a set of open source
Free and open source software
Free and open-source software or free/libre/open-source software is software that is liberally licensed to grant users the right to use, study, change, and improve its design through the availability of its source code...
computer security
Computer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
and networking
Computer network
A computer network, often simply referred to as a network, is a collection of hardware components and computers interconnected by communication channels that allow sharing of resources and information....
tools to perform routine security and networking diagnostic and monitoring tasks. The distribution can be used as a network security analysis, validation and monitoring tool on servers hosting virtual machines. The majority of tools published in the article Top 100 security tools by Insecure.org are available in the toolkit. NST has package management capabilities similar to Fedora
Fedora (operating system)
Fedora is a RPM-based, general purpose collection of software, including an operating system based on the Linux kernel, developed by the community-supported Fedora Project and sponsored by Red Hat...
and maintains its own repository (32 bit / 64 bit) of additional packages.
Features
Many tasks that can be performed within NST are available through a web interface called NST WUI. Among the tools that can be used through this interface are nmapNmap
Nmap is a security scanner originally written by Gordon Lyon used to discover hosts and services on a computer network, thus creating a "map" ofthe network...
with the vizualization tool ZenMap, ntop
Ntop
ntop is a network probe that shows network usage in a way similar to what top does for processes. In interactive mode, it displays the network status on the user's terminal. In Web mode, it acts as a web server, creating a HTML dump of the network status...
, a Network Interface Bandwidth Monitor, a session manager for VNC, a minicom-based terminal server, serial port
RS-232
In telecommunications, RS-232 is the traditional name for a series of standards for serial binary single-ended data and control signals connecting between a DTE and a DCE . It is commonly used in computer serial ports...
monitoring, and WPA
Wi-Fi Protected Access
Wi-Fi Protected Access and Wi-Fi Protected Access II are two security protocols and security certification programs developed by the Wi-Fi Alliance to secure wireless computer networks...
PSK
Pre-shared key
In cryptography, a pre-shared key or PSK is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used. To build a key from shared secret, the key derivation function should be used. Such systems almost always use symmetric key...
management.
Other features include visualization of ntop
Ntop
ntop is a network probe that shows network usage in a way similar to what top does for processes. In interactive mode, it displays the network status on the user's terminal. In Web mode, it acts as a web server, creating a HTML dump of the network status...
, wireshark
Wireshark
Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education...
, traceroute
Traceroute
traceroute is a computer network diagnostic tool for displaying the route and measuring transit delays of packets across an Internet Protocol network. Traceroute is available on most operating systems....
, netflow
Netflow
NetFlow is a network protocol developed by Cisco Systems for collecting IP traffic information. NetFlow has become an industry standard for traffic monitoring and is supported by platforms other than Cisco IOS and NXOS such as Juniper routers, Enterasys Switches, vNetworking in version 5 of...
and kismet data by geolocating
Geolocation
Geolocation is the identification of the real-world geographic location of an object, such as a radar, mobile phone or an Internet-connected computer terminal...
the host addresses, IPv4 Address conversation, traceroute
Traceroute
traceroute is a computer network diagnostic tool for displaying the route and measuring transit delays of packets across an Internet Protocol network. Traceroute is available on most operating systems....
data and wireless access points
Wireless access point
In computer networking, a wireless access point is a device that allows wireless devices to connect to a wired network using Wi-Fi, Bluetooth or related standards...
and displaying them via Google Earth
Google Earth
Google Earth is a virtual globe, map and geographical information program that was originally called EarthViewer 3D, and was created by Keyhole, Inc, a Central Intelligence Agency funded company acquired by Google in 2004 . It maps the Earth by the superimposition of images obtained from satellite...
or a Mercator World Map
Mercator projection
The Mercator projection is a cylindrical map projection presented by the Belgian geographer and cartographer Gerardus Mercator, in 1569. It became the standard map projection for nautical purposes because of its ability to represent lines of constant course, known as rhumb lines or loxodromes, as...
bit image, a browser-based packet capture and protocol analysis system capable of monitoring up to four network interfaces using Wireshark
Wireshark
Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education...
, as well as a Snort
Snort (software)
Snort is a free and open source network intrusion prevention system and network intrusion detection system , created by Martin Roesch in 1998...
-based intrusion detection system with a "collector" backend that stores incidents in a MySQL
MySQL
MySQL officially, but also commonly "My Sequel") is a relational database management system that runs as a server providing multi-user access to a number of databases. It is named after developer Michael Widenius' daughter, My...
database. For web developers, there is also a JavaScript
JavaScript
JavaScript is a prototype-based scripting language that is dynamic, weakly typed and has first-class functions. It is a multi-paradigm language, supporting object-oriented, imperative, and functional programming styles....
console with a built-in object library with functions that aid the development of dynamic web page
Dynamic web page
A dynamic web page is a kind of web page that has been prepared with fresh information , for each individual viewing. It is not static because it changes with the time , the user , the user interaction , the context A dynamic web page is a kind of web page that has been prepared with fresh...
s.
----
Host Geolocations
The following example ntopNtop
ntop is a network probe that shows network usage in a way similar to what top does for processes. In interactive mode, it displays the network status on the user's terminal. In Web mode, it acts as a web server, creating a HTML dump of the network status...
host geolocation images were generated by NST.
----
Network Monitors
The following image depicts the interactive dynamic SVG/AJAXAjax
- Mythology :* Ajax , son of Telamon, ruler of Salamis and a hero in the Trojan War, also known as "Ajax the Great"* Ajax the Lesser, son of Oileus, ruler of Locris and the leader of the Locrian contingent during the Trojan War.- People :...
enabled Network Interface Bandwidth Monitor which is integrated into the NST WUI. Also shown is a Ruler Measurment tool overlay to perform time and bandwidth rate analysis.