Network Audit

One of the administrator's most important tasks is keeping the managed network free from malicious software and intruders. You can't wait until the milk is spilled; you need to anticipate possible vulnerabilities and close them based on thorough analysis.

The Linux environment is home to many security tools; you first need to separate the chaff from the wheat – or maybe choose a distribution that specializes in security. For years, the Network Security Toolkit (NST) [1] has been carefully maintained and developed; it offers a veritable plethora of test and inspection tools that help to root out even the most exotic vulnerabilities.

Getting Started

The Fedora-based NST comes as a 2.8GB 64-bit ISO [2]. The hybrid image can be deployed from an optical disk, a USB stick, or a virtual machine (VM).

After booting, NST shows you GRUB with several options: In addition to a console-based Live mode without a desktop environment, you can also choose to launch a graphical environment. In this case, the system starts the Mate desktop (version 1.14.1) and presents itself with a look that is anything but spectacular (Figure 1).

Figure 1: At first glance, there is little difference to be seen between NST and a conventional distribution.

On the desktop are a couple of standard buttons and two custom icons, Install NST to Hard Drive and Set NST System Passwords. If you want to use the tool collection in Live mode, you can change the keyboard layout if you like. To do this, use the ncurses dialog via the System | Administration | Keyboard menu.

Deployment on a dedicated machine, or a virtual system, is recommended for stationary operation. This means that you can also easily save data and updates, which are inevitably lost at the end of the session on an optical disk or on a USB flash drive without a persistent storage area due to the inability to write.

Virtual Machine

NST can be deployed on a VM with Oracle's VirtualBox or VMware. If you want to install the Fedora derivatives under VirtualBox, it is a good idea to assign the VM at least 1.5GB RAM and two CPU cores. Otherwise, the distribution runs very slowly and sluggishly. The toolkit's usability can be thus limited on older Core2 Duo processors for desktops and notebooks, because they do not support hyperthreading and have only two physical cores.

As soon as you have started the virtualization environment on your system and created the VM with the ISO image as a bootable disk, the system boots to the Mate screen, from where you call the Fedora Installer Anaconda by selecting Install NST to hard drive.

With only three steps – localization, partitioning, and password assignment – the wizard bundles the system onto your virtual mass storage device. Then you can turn off the VM and remove the ISO image from disk management in the configuration dialog of the virtualization environment. The Network Security Toolkit boot should be much faster from the virtual mass storage than previously.

If it did not create a user account during the install, the Anaconda installer automatically shows you the dialog for creating a user right after the first boot. Clicking on Complete Configuration bottom right in the Anaconda dialog terminates the wizard and takes you to the login screen.

You can then access the work environment. Please note that due to the technical nature of VMs, there is an inherent limit to the use of NST in such an environment: For example, WiFi tools do not work because only virtual Ethernet interfaces are available.

Menus

NST integrates most of the security applications listed on SecTools.org [3]. Although you will find the standardized hierarchical menu structure on the system, the program scope shows significant differences from popular all-around desktops.

For example, the Applications | Internet submenu contains a range of well-known security tools, from AirSnort and the Angry IP scanner, through EtherApe and Ettercap, to Tcptrack and WiFi Radar. The System Tools submenu contains more analysis tools, such as Cockpit, Traceroute, or Wireshark. Here you will also find SecTools, an auditing tool that belongs to the Fedora collection (Figure 2).

Figure 2: Fedora's SecTools performs an initial check of the system for vulnerabilities.