by March 3, 2010 0 comments



Ensuring information security for your datacenter is a crucial and  difficult
task. To protect data, organizations follow several security practices which at
times cost them millions. Several open source tools provide available today
provide economic and reliable way to monitor your network in real time and
prevent hacking. The security of a  network depends largely on how it is
implemented and even if the system or network is properly implemented there
remains possibilities of some vulnerabilities  residing on them. The security
encroachers exploit those vulnerabilities and get access into the system. There
are several ways  hackers exploit these vulnerabilities. They scan for open
ports and services with weak security and eventually make their way to  the
network.  They attack the network by DoS, DDoS and SYN attacks.  The reality is,
no matter how stringent are your security practices,  newer and sophisticated
attacks will always keep peeping into it. So what do you do when a relentless
hacker  surpasses all your security gates and find out a way to  make all
operations come to a standstill? How to figure out which systems are being
attacked and  what possible ways can help you stop him. Here we talk about some
open source tools which will help you  get a real time scenario of  what  goes
on inside a network and how can you misguide a hacker during an active scan.

ArpAlert results which show IP address on which attack is
launched and IP address of the machine from which the attack was launched.

 

This shows that there is a flip flop in the Mac address .
It also shows IP address of the targeted machine.

 

The Mac address of the machine being spoofed and the
replaced Mac address.

ArpAlert -Watch who is connecting to your network
One of the best ways to keep an eye on the network for any malicious
activity is monitoring it continuously. While many sniffers show you the details
of previous logs, there is a need of real time sniffer to know what is happening
in the network at a moment. ArpAlert uses ARP address monitoring to help detect
unauthorized connections on local network. It listens on the network interface
and catches all  Mac  to IP address conversation. It compares those scanned Mac
addresses with the authorized Mac addresses and  displays on the screen if any
inconsistency is found. It detect IP  spoofing within the network and shows 
which address is being spoofed. It also shows which machine in the network is
trying to spoof. We ran an IP Spoof test on one of the machines and
simultaneously started ArpAlert on the monitoring machine. ArpAlert found an IP
Spoofing within the network at once and the information started coming out on
the monitor screen. To launch an ARP Spoof attack, we used a utility called
arpspoof. To use arpspoof, go to terminal and type  arpspoof  -i eth0  target
ipaddress. We then started ArpAlert on the monitoring machine and it started
showing the results on the monitor.

The Mac address of the machine being spoofed and the
replaced Mac address.

 

The Labrea shows IP address of fake machine being scanned
and IP address of machine which has launched scan.

Arpwatch
 It is another open source real time sniffer which helps you know about the
ongoing activity on your network and even sends you mail if it detects any
suspicious activity on the network. It simultaneously sends alerts to syslog.
This is helpful in the shared network using a hub where a single machine can
monitor the network. Arpwatch monitors the activity on the network and keeps a
database of the Ethernet/IP pairings. It keeps you informed every time a machine
gets a new IP address. It emails  the current IP address the machine  is leasing
and the Mac address.  It can run on almost all Linux distributions. Arpwatch
uses a system independent interface called libcap for user level packet capture.

You need to install libcap prior to installing Arpwatch and it is necessary
that Arpwatch and libpcap are installed in the same directory. Arpsnmp is a
package which is similar to Arpwatch but does not require libcap for its
operation. It uses SNMP to collect IP to Mac address mappings.  You can get
reports about new Ethernet address or any change in the currently assigned
Ethernet address. To start Arpwatch, just go to the terminal and type arpwatch -i
eth0 and it will start listening and recording the data and sending into your
mail. Also you can see the results in /var/log/messages directory. Use command
tail -f  /var/log/messages to see the results. We tested this tool on our local
network by arp spoofing a machine and waited for Arpwatch logs.

The image shows the Nmap results which show about 50 open
ports on the machine which actually don’t exist

Labrea
Labrea helps you deceive the hacker by creating virtual servers with lots of
open ports which may lure a hacker. And if  he is planning a DoS attack on your
network , he will be diverted by the nonexistent servers . Basically it uses all
unused IP addresses and creates false virtual servers. So when an attacker
attacks the network he will see lot of open and vulnerable ports to play with .
With this, you can easily divert a DoS attack from your network. To use Labrea
on your machine, use the command labrea -o -v -z.  Labrea sniffs for TCP/IP
traffic sent to that MAC address & then responds to any SYN packet with a SYN/ACK
packet that it creates. It also shows information about the source address of
attacker.

To test Labrea, we first tried to ping an unused IP on our network. For the
first three seconds the screen showed a message ‘Request time out’, however
after three seconds the response started coming out. We then started a Nmap port
scan and it showed about 50 open ports on the machine.

Useful Open Source Business Intelligence software

Software and URL Description Features Popularity*
RapidMiner
http://www.rapid-i.com
RapidMiner is leading open-source system for
data mining. It is available as a stand-alone application for data analysis
and as a data mining engine for the integration into own products. The
solution includes Meta Data Transformation with which you can inspect
results at design time.
ETL, data warehousing, data mining, OLAP,
business intelligence (BI) in Java. 500+ modules: extract, transform, load (ETL),
data mining, data analysis + Weka, statistical forecasting, preprocessing,
validation, visualization, OLAP, business intelligence.
534,272 92% of 39 users recommending.
Pentaho – Business Intelligence www.pentaho. com Ranked #1 in Open Source BI. It’s a complete
business intelligence platform that includes reporting, analysis (OLAP),
dashboards, data mining and data integration (ETL). It can be used as a full
suite or as individual components that are accessible via web services.
You can get the 30-day trial with support, and
that provides a full spectrum of business intelligence (BI) capabilities.
2,237,770 88% of 117 recommending.
Pentaho – Business Intelligence www.pentaho. com Ranked #1 in Open Source BI. It’s a complete
business intelligence platform that includes reporting, analysis (OLAP),
dashboards, data mining and data integration (ETL). It can be used as a full
suite or as individual components that are accessible via web services.
You can get the 30-day trial with support, and
that provides a full spectrum of business intelligence (BI) capabilities.
2,237,770 88% of 117 recommending.
OpenI: BI Web App for SaaS Deployments www.
openi.org
OpenI is an Open Source Business Intelligence
application for on-demand or SaaS deployments. Based on J2EE, OpenI is an
out-of-box solution to easily visualize data from OLAP and relational
databases, where users intuitively build and publish interactive reports,
analyses, and dashboards.
OpenI enables simple and clean data
visualization from OLAP and RDBMS, so users can intuitively build and
publish interactive reports, analyses, and dashboards.
47,822.
Palo Suite
www.jedox.com
The Palo Suite is a SaaS enabled Open-Source BI
Suite for Performance Management including Planning, Analysis, Reporting and
ETL. The suite includes an in-memory OLAP Server, an Ajax-based online
spreadsheet with DynaRanges and a web-based ETL-Tool.
Its platform is completely based on Open Source
products representing a high-end Business Intelligence solution which is
available entirely free of any license fees.
 19,532
Breadboard BI Web Analytics

www.breadboardbi.com/clickstream.html
Breadboard BI Clickstream module is a scalable
system that gathers web traffic data from an unlimited number of web
servers. It processes this data, stores it in virtually any Open Source or
proprietary database, and presents the refined metrics to marketing, sales,
or other non-technical users. It offers the ability to integrate web metrics
with customer, finance, supply chain, and workforce systems throughout the
enterprise.
Use Pentaho Open Source business intelligence
tools and MySQL to collect & distribute web analytics (clickstream) data.
Extract data from logs, load database tables, & present the information in
dashboards, analysis cubes, and reports for business users.
6,622
VIKAMINE
http://vikamine.sourceforge.net
VIKAMINE (Visual, Interactive and
Knowledgeintensive Analysis and MINing Environment) is a rich client
application implemented in Java. It is a flexible environment for visual
analytics, data mining and business intelligence – implemented in pure Java.
It features several powerful visualization and
mining methods, and can utilize background knowledge.
4,608
Daffodil CRM crm.daffodilsw.com Daffodil CRM is a Java based Open Source
software that enables seamless coordination amongst sales, marketing,
customer service, field support and other functions that handle customer
contact for an enterprise. It integrates all aspects of customer life cycle
from identifying business opportunities to sustaining existing customers.
With Daffodil CRM you can achieve sales force
automation; it also has features for sales forecasting, opportunity tracking
and performance management.
24,870

 

Open Source Artificial Intelligence software

Software and URL Description Popularity*
EulerGUI
http://eulergui.sourceforge.net
A lightweight IDE for Artificial Intelligence.
Started as GUI for the Euler reasoning engine. The sources can be N3, RDF,
OWL, UML, eCore, plain XML or XSD, files or URL’s. Wraps Drools (or CWM,
FuXi) as N3 rules engines. Model based app. generation.
798
Inexact – Information Fuzzy Retrieval
inexact.sourceforge.net
Inexact is a library developed in Java 5.0 to
implements three methods of information fuzzy retrieval: Fuzzy query, Query
by example and the two previous methods together. This project uses the
fuzzy logic paradigm (Artificial Intelligence).
845
SOL sol.sourceforge.net SOL is a C++-like dynamically typed multitasking
real-time language. Its main application is a programming of real-time
objects behavior, for example artificial intelligence for game characters.
You can call C++ functions from SOL and vice versa.
140
Ai.planet aiplanet.sourceforge.net ai.planet is a virtual world for artificial
intelligence. Developers can study and visualize algorithms in a versatile
3D environment, which has water, land, suns, moons, and atmosphere. Plants,
animals, fish, and insects can also be added to create a dynamic ecosystem.
96,507
Waffles

http://freshmeat.net/projects/waffles
Waffles is a cross-platform C++ library of
algorithms for machine learning, artificial intelligence, data mining, etc.
It also contains demo apps and command-line wrapper tools that are useful
for visualizing, analyzing, and predictively modeling data.
3919
AIBench
www.aibench.org
AIBench is a lightweight, non-intrusive, MVC-based
Java application framework that eases the connection, execution and
integration of operations with well defined input/output.
24,822
Fast Artificial Neural Network Library
http://fann.sourceforge.net
Fast Artificial Neural Network Library (FANN)
implements multilayer artificial neural networks in C. It is cross-platform,
easy to use, versatile, well documented and fast. C++, PHP, PERL, Python,
Delphi, .NET, Mathematica bindings and a GUI is available
164,124
OpenSkyNet Beta

http://openskynet.sourceforge.net
OpenSkyNet – Moving towards a comprehensive
artificial intelligence solution for game developers under the LGPL. The
goals are to implement action selection solvers, robust steering behaviors
(including pathfinding algorithms), and machine learning.
2814
FreeDEM Beta http://freedem.sourceforge. net FreeDEM is an implementation of a process-based
middleware. It’s built as a powerful framework to manage server-side
business processes. It’s designed to be easy to use and to develop with, not
sacrificing power; a strong stress is put on performances.
242
*Based on number of downloads from
Sourceforge.net.

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.

<