Network Security Management Tools Objectives Upon completion of this chapter, you will be able to: • Describe security vulnerability testing, detection, and auditing tools useful in the Cisco network security environment Copyright 1998, Cisco Systems, Inc MCNS—Network Security Management Tools—17-2 Integrity Testing Tools Copyright 1998, Cisco Systems, Inc MCNS—Network Security Management Tools—17-3 Managing the Secure XYZ Network Web Surfer PSTN/ ISDN Dialup Client Internet Perimeter Router Dialup Network Access Server Remote Branch Firewall Bastion Host: Web Server FTP Server Engineering Sales Campus CiscoSecure ACS Server TACACS+, RADIUS Token Server Copyright 1998, Cisco Systems, Inc Campus Client MCNS—Network Security Management Tools—17-4 Scanners • ISS SafeSuite (UNIX and NT) Top commercial scanner Suite of several scanners with GUI • SATAN (UNIX) Security Administrator’s Tool for Analyzing Networks Scans remote hosts for most known security holes Copyright 1998, Cisco Systems, Inc MCNS—Network Security Management Tools—17-5 Scanners (cont.) • NSS (UNIX) • Strobe (UNIX) • Jackal (UNIX) • IdentTCPScan (UNIX) • CONNECT (UNIX) • FSPScan (Windows, OS/2) • XSCAN (UNIX) Copyright 1998, Cisco Systems, Inc MCNS—Network Security Management Tools—17-6 Sniffers • Network General Sniffer • Network General XRay • Gobbler (DOS/Windows) • ETHLOAD • Netman suite (Etherman) • Esniff.c • Network Monitor (Microsoft) Copyright 1998, Cisco Systems, Inc MCNS—Network Security Management Tools—17-7 Password Crackers/Checkers • Passwd+ • Crack (UNIX) CrackerJack (UNIX) Pcrack (UNIX Perl script) PaceCrack95 (Windows 95) Hades (UNIX) Qcrack (DOS/Windows) Star Cracker (DOS) John the Ripper (UNIX) Killer Cracker (UNIX, others) Copyright 1998, Cisco Systems, Inc MCNS—Network Security Management Tools—17-8 Network Utilities (UNIX) • host • traceroute • rusers • finger/sfingerd • showmount • WHOIS • smrsh • ssh Copyright 1998, Cisco Systems, Inc MCNS—Network Security Management Tools—17-9 Logging Tools • TCP_Wrapper • swatch • trimlog • logdaemon (UNIX) Copyright 1998, Cisco Systems, Inc MCNS—Network Security Management Tools—17-10 Tool Suites • Merlin by CIAC (UNIX) • Tiger (TAMU) Copyright 1998, Cisco Systems, Inc MCNS—Network Security Management Tools—17-11 File/System Integrity Checkers Used to guard against Trojan horses: • MD5 • COPS (UNIX) • Tripwire • ATP (Anti-Tampering Program) • Hobgoblin Copyright 1998, Cisco Systems, Inc MCNS—Network Security Management Tools—17-12 System Monitors • Windows/NT • Cinco NeTXray for Win 95 and NT • UltraScan v1.2 Port Scanner for NT • Kane Security Analyst for NT • Microsoft EP Dump for NT • MicrosoftC2CERT Copyright 1998, Cisco Systems, Inc MCNS—Network Security Management Tools—17-13 Windows 95 Tools • NetScan Tools • Network Toolbox • TCP/IP Surveyor Copyright 1998, Cisco Systems, Inc MCNS—Network Security Management Tools—17-14 Macintosh Tools • MacTCP Watcher • Query It! • WhatRoute Copyright 1998, Cisco Systems, Inc MCNS—Network Security Management Tools—17-15 Cisco IOS Software Commands • traceroute • show ip route • debug ip packet • rmon • show ip ? Copyright 1998, Cisco Systems, Inc MCNS—Network Security Management Tools—17-16 Chapter References The following sites contain security tools: • ftp://ciac.llnl.gov/pub/ciac/sectools/unix/ • ftp://coast.cs.purdue.edu/pub/tools/ • ftp://ftp.cert.org/pub/tools/ • ftp://ftp.win.tue.nl/pub/security/ • ftp://ftp.funet.fi/pub/unix/security/ • http://www.rootshell.com/ • http://filepile.com/ • http://www.iss.net/ Copyright 1998, Cisco Systems, Inc MCNS—Network Security Management Tools—17-17 Summary • Scanners automatically detect security weaknesses • ISS and SATAN are two of the most popular scanners • Sniffers capture packet traffic for later analysis • Password crackers and checkers can be used to detect weak passwords, improving password security • UNIX is the most powerful operating system for network security, because it has many network utilities • Network logging tools are useful for detecting intrusions • Network security tools are also available for Windows NT and 95, DOS, Macintosh, and OS/2 • Cisco IOS software has commands useful for security Copyright 1998, Cisco Systems, Inc MCNS—Network Security Management Tools—17-18 Review Questions Q1 Which network security tool for the Windows NT platform would be useful for automatically detecting security weaknesses as part of managing network security? A) ISS Safesuite Q2 What is the Cisco IOS software command that can substitute for a packet sniffer? A) debug ip packet Copyright 1998, Cisco Systems, Inc MCNS—Network Security Management Tools—17-19 Review Questions (Cont’d) Q3 How can password crackers and checkers be used in managing network security? A) Password crackers and checkers can be used to detect weak passwords, improving password security Q4 Which operating system has the largest selection of network security utilities? A) UNIX is the most powerful operating system for network security, because it has many network utilities Copyright 1998, Cisco Systems, Inc MCNS—Network Security Management Tools—17-20 ... Inc MCNS? ?Network Security Management Tools? ??17-13 Windows 95 Tools • NetScan Tools • Network Toolbox • TCP/IP Surveyor Copyright 1998, Cisco Systems, Inc MCNS? ?Network Security Management Tools? ??17-14... MCNS? ?Network Security Management Tools? ??17-9 Logging Tools • TCP_Wrapper • swatch • trimlog • logdaemon (UNIX) Copyright 1998, Cisco Systems, Inc MCNS? ?Network Security Management Tools? ??17-10... Describe security vulnerability testing, detection, and auditing tools useful in the Cisco network security environment Copyright 1998, Cisco Systems, Inc MCNS? ?Network Security Management Tools? ??17-2