/pcq/media/agency_attachments/L8pkS8gpnodJThOdAfv1.jpg)
Follow UsWhile there’s no right answer to “how expensive is it to secure your network”, you can create and use a comprehensive security toolkit for less than Rs 20,000. Here’s a run through of some must-have security tools for protecting your network.
While these tools themselves don’t cost anything, you need to add the cost of hardware and services of maintaining and managing it. All these tools run on Linux, so you’ll need a Linux expert to be able to use them. Plus, of course, a good understanding of security internals is also a must.
/pcq/media/post_attachments/91e157f787554ed6251976b1d9af2d12bde3b75f82b144eb5c853887d391049e.jpg)
You’ll need a PIII or P4 class system with at least 64 MB RAM, 2 GB hard disk and two or more Ethernet cards. The monitor, keyboard and CD-drive can be removed once you’ve installed everything. You’ll need to install PCQ Linux with webmin, which provides the interface to configure most of the tools we’ll talk about.
Firewall: Shoreline
There are a number of firewalls that run on Linux, and even a few live Linux-based ones such as IPCop and Mandrake. The default in most Linux systems is Iptables, which can become a nightmare to configure, unless you use some graphical front-end for it. An easier to use, yet very powerful firewall, is Shoreline. It has modules that get added to webmin that make it very easy to configure.
NIDS: Snort, Snortwebmin
NIDS (Network Intrusion Detection System) is a critical element of network security. It works by listening to data packets traveling on a network. Snort is a free NIDS that matches these packets with built-in signatures (called rule sets) for various types of Trojans, viruses, hacks and back-doors. You can also configure and create your own rule sets. The logs are in plain text and can be pulled into a mysql database.
HIDS: portsentry, logcheck
HIDS (Host Intrusion Detection System) is meant to protect a particular system. For Linux, there’s Portsentry, which prevents hackers from running a port scan on it. If it finds too many such attempts (you define the limit), then it can be programmed to react in three ways:
Cloak yourself: Let the hacker perceive that you’ve disappeared from the Net.
Launch a counter offensive: Capture the hacker’s IP address, scan it using tools and try to break into that system automatically.
Inform firewall: Inform firewall to block the IP address of the perpetuator.
Portsentry is an online and live HIDS. The other one, logcheck, is a passive yet powerful tool to determine the internal activity of your system. It can be configured to check your system logs at pre-defined intervals and send alert e-mail to you, if it finds any suspicious activity in them.
VA: nessus
VA (Vulnerability Assessment) is an extremely powerful tool that scans a network and identifies weak systems and why they’re so by neatly categorizing everything as high risk, warnings and information. It also provides information about the vulnerability and how should it be tackled. It runs in client/server mode. So, it is best to run the server part on your security server and client part on a Windows machine. Reports can be generated in PDF, HTML or text format.
Other tools
There are a lot of other tools required for securing a network. These include port scanners, access-control software, content filters, traffic analyzers, anti-virus, and anti-spam. Within each, there’s a range of free tools available. We’ll cover the rest in our next issue.
Alok Sinha Chief of Information Security, Bharti Group