how efficient and effective are these snort, argus, ossec etc etc for an organization having 3500 PC Network, connected through 700+ Cisco Devices (Layer 2 and Layer 3), and scattered on 130 different sites (geographically)? what should be the combination of products and what should be the architecture for an efficient forensics activity?
View 2 RepliesRecommend open source tools that can help in figuring out if we are experiencing a network latency due to the newly installed firewall on our server.
View 1 Replies View RelatedI am currently running a 64-bit Fedora 14 server which hosts a game server, a voice server, and remote desktop functionality, each on a distinct TCP port. I am currently using the built-in firewall to deny all traffic other than ICMP ping/pong and TCP traffic on those specific ports.I am looking for a graphical application which will let me monitor any connections being made to my server in order to keep an eye out for possible security concerns. To be more specific, I'd like to be able to see the source IP addresses, TCP/UDP ports, and individual bandwidth in use by external connections being made to the server, along with any other information that might be helpful in identifying a possible intrusion attempt.
View 3 Replies View RelatedQuote:
-A RH-Firewall-1-INPUT -s 10.12.0.0/16 -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
Ex- 10.12.0.0/16, 172.150.0.0/16, 192.168.20.0/24
How can we add multiple sources network address in the above INPUT chain?
To avoid having to input a password for the keyring each time I connect to the net via wireless, I enabled the 'Available to all users' option in Network Manager. Now, my question is this. Are the 'users' it refers to just those created on this machine? Would a drive-by be able to use my network without entering the password?
View 3 Replies View RelatedAs it stands I have a small home network operating behind my modem/router. Some of the ports on this are forwarded to my PS3 for gaming but I was looking at forward some for my file server.
At the moment I've forwarded port xxx22 to port 22 on my server for SSH for instance. ANd similarly 21 for FTP (although it doesnt seem to want to connect for any more than a few seconds using that). What I was thinking of doing was placing a small website for a handful of ppl to use on the server too and port forward again - xxx80 to 80. It works just fine but I'm a little concerned on the security front.
As I've moved the port to something different from the outside world I'm presuming I will have already cut the potential for malicious folks to wander in but is there anything else I should be doing? At the moment there's no firewall operating on the server, usually as its hidden behind the modem/router. But if I open this thign up more permanently what should I be doing? I've read a few articles on it but I'm always left with the overwhelming thought of "Thats if theres no firewall in my router" as they just seem to do the same.
The default Firewall ufw is not enabled by default at the time of installation and it has to be enabled by the user.Isn't this a security risk or is the user whether ufw is enabled or not secured from external threats?I am not much knowledgeable about network security But I am trying to understand the Ubuntu mentality behind this default setting.
View 4 Replies View Relatedlove security/pentest tools. This script adds ALL the tools from the Security Spin, plus Metasploit. Feel free to modify it if need be.
View 12 Replies View RelatedInstalled a security update for samba tonight via Opensuse updater.Now, when trying to access my home network an authentication box pops up (never used to)Asks me to enter authentication for my home network.I enter my username and password and hit enter. After a few seconds the authentication box pops up again askingfor the same indicating I have entered the wrong username / password combination (which I know I have not).
View 9 Replies View RelatedI want some advice for making my system more secure. I want deactivate any network connection that is unnecessary. Only my browser and the update ability of zypper should have access to the internet. On windows there are personal firewalls.
How can I block internetaccess for all other programmes on openSUSE?
I have a laptop connected to the the net thru an adsl modem, when I switch off the laptop network interface,(thru system-config-network) the light of the laptop network card plugged in the router stays on ( green) where as in my pc, when i do the same thing , the light of my pc network card goes off in the modem
View 5 Replies View Relatedwhich is a valid alternative (open source) to clamav?
View 2 Replies View RelatedThe network manager will ask me for my security key and it will not accept it. Instead when I use the show password feature to see what I typed in was correct, it shows something completely different than what I typed. For instance if my Key was :when it pops up and ask to for me to retype it again it shows something completely different in hex. Is there anyway I can use a different network manager?
View 8 Replies View RelatedWe are trying to define an appliance based on Suse for an application server and Web server Apache, so we would like to know configuration best practices for network and security, is there any paper/doc about best practices?
View 3 Replies View RelatedI want configure open source firewall on my office for websites blocking and bandwidth monitoring.
which is the beast free open source firewall..
Are there any network backup solutions out there that are open source and awesome? Something that behaves and is easy like Symantec Netbackup or Arkeia network backup?
View 3 Replies View RelatedAny easy to install/configure network/server monitoring tool? PLease note I'm looking for something of little lightweight here (Not something like zenoss) But I'd still like to get performance graphs and event notifying alerts. Also note this is to monitor less than 50 servers and perhaps a firewall or 2.
View 2 Replies View RelatedCan we list out some of the open source protocol testing tools for Linux ?It will help us a lot.
View 1 Replies View Relatedrecommend some really good performance analysis tools? Top is not good because it has problems.I am looking for some products like collectD, collectl, or something else comparable.I need something that will look at tasks, cpu, memory, disk usage, interrupts, priorities.If I am missing a tool listed then let me know.I am looking for something that can display the results graphically.
View 3 Replies View RelatedIs there anyway I can remote in to a fedora machine via a Win 7, Vista or Server 2008 machine and have the gui desktop? I can vnc to it but it's command line only.If possible, I'd like to use the defacto std tool called remote desktop installed with the win os.If not any are there any open source-al free tools I could install on win to get this functionality?
View 8 Replies View Relatedhow to secure opensue? Or point me to some good articles etc?
View 9 Replies View RelatedWhen i click preferences-network proxy a screen of comes up showing the system internet configuration. Is there a way to make all system connections got through tor?
View 5 Replies View RelatedMany of you know how important is the analysis and planning of the targeted environment before the attempt of a successful penetration test. I got the idea, and I am trying to draw the network design in order to visualize things better. Many tools can be used to do that, I used hping3 as it comes with BT4, my favorite dist for pentesting, others include tcptraceroute, firewalk-5.0 (discontinued by developers...), etc.
What in fact is done by the program (hping3) is TCP/IP packet injection (with the SYN bit enabled) hop-by-hop until it reaches the final host (destination). By sniffing the traffic, I could determine the TTL of the various responding hosts within the path until my packet "got there".
As far as I know the default behavior of a network would be to decrement the TTL of a device as long as I go deeper on the network (meaning that I am getting closer the targetet IP). Like, for example, in a network with 3 devices (routers) before my targetet IP it would be something like this:
Quote:
123.123.123.123 TTL 255 (my gateway)
123.123.123.133 TTL 254
123.123.123.143 TTL 253
177.177.177.177 TTL 124 (target IP)
Demonstrating that the host is Windows based (TTL starts at 128) and is placed 4 hops from me. What I know by the notice though, is that sometimes the TTL increases. Likewise:
[Code]...
is it possible to block an application from using the network? If yes, how? I read it's possible with iptables and with selinux... Also, what about creating a user who can't connect and run the application with that user?
View 7 Replies View RelatedA couple of weeks ago I was using openvpn with a provider of PVNs on a home wifi network with no problems.I had installed openvpn using apt-get install and downloaded theopvn PVN files from the organization.erything worked fine.I would type sudo openvpn nameoffile.ovpn and then add my username and password during the installation process.However, when I try to do the same on an Ethernet network, the installation work fines (as above) and informs me that everything is connected (same as on the home Wifi network) but Firefox and all other software cannot connect to anything on the Internet.I contacted the organization who said the DNS was a problem and I needed to install resolvconf then modify each .opvn file using up /etc/openvpn/update-resolv-conf and down /etc/openvpn/update-resolv-confcauses the installation to hang because it does not like openvpn pointing to an external file.Irrespective of the problem I have with this "solution", previously I could use openvpn without modifying the .ovpn files. It just worked! I wonder if anyone knows why using the exact same configuration on an Ethernet network (which I have not used before with openvpn) is causing problems
View 4 Replies View RelatedAfter doing weekly recommended security update a problem occured, next system boot the network manager applet was missing from panel and I had two volume controls in its place. Logging into other user accounts network manager is there and working. How do I fix this? I have not got a clue! I use a usb hawaweii modem, working fine. Just main user account not net work manager. Im running 9.10 and it has not been a problem before.
View 4 Replies View RelatedI'm using a friend's wireless connection. Unfortunately, she can't remember what the security key is. I've used it before on vista and that is how I can access the internet now, but I would rather be using ubuntu. Is there a way to read the key from windows, so I can put it into ubuntu? When I open the security tab of the connection's properties dialogue, the key is obscured and the "show characters" option greyed out. Even opening the admin account doesn't change this.
View 2 Replies View RelatedI run a small (cabled) network between a desktop with XP with two printers hooked to it and a laptop with Ubuntu 10.04.1 64b. I can approach and use these printers from my laptop and filesharing works also. BUT ... this only works when my Ubuntu firewall (Gufw 10.04.5) is switched off. I am operating behind my router_modem which has a hardware type of firewall switched on at all times so I presume I'm safe. Now my questions:
1. Is this really safe enough?
2. What kind of settings would Gufw need to be able to use it AND use my mini-network for printing? I have no experience whatsoever with firewall rules and settings.
Ok i think Tor has some way of making the dns queries anonymous by default. I did the DNS nameserver spoofablity test here at [URL] and the results i got showed about 30 different dns servers. Normally when i carry out this test on my standard isp connection or the vpn i use i just get one dns servers settings consistently.
View 1 Replies View Relatedis there any solution for authentication of ethernet users.something similar to daloradius for wifi.I dont want to use pppoe. is there any way to connect daloradius with dhcp server, so when certain mac address asks for IP first daloradius will look if it is allowed.
View 11 Replies View Related