30 Open Source Security Tools

Mr. Hardik Joshi

epgp books

 

Need for Network Security

 

Day by day, network security is becoming important. New ways of hack attacks are being revealed with the development of complex computer systems. Most of the users now-a-days use Internet. With the increasing usage of Internet, the systems and networks are becoming more vulnerable. In this module, we will learn the followings:

 

a) Scan a system for vulnerable services

b) Protect a system using firewall

c) Protect the data using OpenSSL tool

 

Overview of Port-Scanning

 

Services like HTTP, FTP, TELNET etc. utilize well-known port numbers according to the conventions. Applications like TELNET are too old and they do not provide secure ways of communications. SSH is a utility to replace TELNET and is being used in most of the remote login sessions. Imagine if a network administrator has left the TELNET services open which was supposed to be closed, in that case any hacker can know that the vulnerable service is running on port no. 23. He can further device methods to hack the system and acquire data or control of the server. Port scanning utilities can help the network administrator to identify the unwanted services that are still running and he can immediately stop or suspend those services. Port scanning utilities are also helpful to hackers as they can use such utilities to scan computer systems or networks for vulnerable services.

 

A widely known port scanning utility called “nmap” has gained popularity since years. A dedicated website is present to download the nmap utility and has many resources for the learners to learn nmap and experiment with the tool. Nmap can be downloaded from www.insecure.org website. In this section, let us learn few basic commands of nmap and will try to scan our server to identify vulnerable services.

 

Overview of nmap

 

NMAP is an abbreviation of network mapper, It is used to scan ports on a machine (local or remote)

 

It discovers hosts and services on a network and can be used to discover OS and some software/services on remote systems. NMAP is licensed under GNU GPL v2. It was initially released in 1997. Nmap can be ported to Linux, Windows, Solaris, BSD variants. It is written in C, C++ and Python. There is a GUI equivalent for nmap utility known as Zenmap.

 

Installation and use of nmap

 

Binaries of nmap is available on website that can be used to download and install the software on Windows or Linux system. However, the source code of nmap is available on website insecure.org. We can download the source code and compile the source (using make) to generate executable binary file. The steps required to generate binary are:

Let us see an example of the output derived by using nmap command. Suppose, we want to scan the port of localhost system, the nmap command with its output is listed as follows:

From the above output, we can come to the conclusion that the services identified by port numbers 21, 22, 23, 25 and 111 are open on the system. So, the network administrator has to take precautions of closing these ports or securing them if they are being used by clients or other applications. In the extra reading notes, we more examples have been included.

 

Overview of Firewall

 

A firewall is a network security system used to secure a host or a network. It has predetermined security rules. It is responsible to continuously monitor the outgoing and incoming network traffic. Firewall also controls the network traffic as specified in the set of rules. Firewall helps to secure a single system or an entire network. It works like a barrier between a trusted internal network and untrusted outside network, such as the Internet.

 

In linux, iptables is a command line firewall that allows administrators and system engineers to manage outgoing and incoming traffic via a set of configurable rules. iptables uses a set of tables which have chains that contain set of built-in or user defined rules. System administrator can properly filter the network traffic of his system/ network using firewalls.

 

Managing the firewall

 

The following is command to start or stop firewall in old RedHat based systems.

 

 

In modern RedHat based systems (RedHat 7 onwards), firewalld tool is used to manage firewalls. It is a dynamic firewall manager. The command used to enable or disable a firewall is:

 

Before we understand how to modify the rules of a firewall, let us understand the basic keywords associated with iptables. iptables uses three different chains: input, forward, and output. The significance of these chains are as follows:

  • Input chain is used to control the behaviour for all incoming connections.
  • Output chain is used for outgoing connections.
  • Forward chain is used when routers forward packets.

While configuring the policies for iptables, we also use keywords like accept, drop and reject.The significance of each keyword is as shown below:

  • Accept is used to allow the connection.
  • Drop is used to drop the connection and no further action is taken.
  • Reject signifies that don’t allow the connection but send back an error.

Let us understand few commands that are helpful to modify the rules of firewall in Linux. The following command can be used to display the existing rules of a firewall

 

As seen in the above output, there are no rules set for Forwarding and Output policy. However, the Input policy allows accepting of incoming connections for specific protocol and port numbers. Now, let us try to understand how the policies can be modified.

 

In the following example, the firewall blocks packets arriving from a particular IP while in another case, the firewall blocks all packets that arrive from a particular IP address (say x.x.x.x) for the connections using tcp protocol. To unblock particular IP address for incoming connections, we use the -D option

 

The iptables command can also be used to block or unblock specific port numbers for protocol tcp. In the following example, value of ’22’ and ‘23’ represents port numbers.

 

Overview of Cryptography

 

Linux provides a variety of open source tools for cryptography. In this section, we will review openssl tool that can be used to encrypt a file or decrypt a file using algorithms like DES, AES, RSA etc. Openssl utility supports various algorithms of cryptography including symmetric and asymmetric key cryptography. The following command can be used to list the version of openssl tool:

Following commands list the commands supported by openssl and also lists the cryptography algorithms that are supported by openssl

Now, let us see how we can encrypt and decrypt text using openssl utility. In the following command, we are encrypting a file plain.txt using AES algorithm and CBC mode. To decrypt the file, we use ‘-d’ option with openssl command.

Openssl can also be used to encrypt or decrypt using Assymetric key cryptography. However, while using assymetric key, we need to ensure that first we generate the private keys and public keys. The following commands illustrates generation of private key of 1024 bits and subsequently we are generating public key. The keys are stored in .pem files.

Once the keys are generated, we can encrypt or decrypt files by applying these keys. In the following example, we take plain.txt file and encrypt into encrypt.txt file. In the second example, we decrypt the encrypt.txt file into decrypted.txt file. It must be noted that the content of decrypted.txt file and plain.txt file will be same.

OpenSSL supports many ciphers which can be explored from the manual. OpenSSL tool has many other features to generate checksum using various message digest algorithms. Extensive study of functionalities of the utilities discusses in this module is not in the scope.

 

Let us summarize the key concepts covered in this module

  • Portscanning utility nmap and its application
  • Managing linux firewall using iptables command
  • Generating cipher text using OpenSSL toolkit
you can view video on Open Source Security Tools

References for Open Source Security Tools:

  1. Daniel J. Barrett, Richard E. Silverman, and Robert G. Byrnes. 2003. Linux security cookbook, O’Reilly.
  2. Paulino Calderon. Nmap : network exploration and security auditing cookbook : a complete guide to mastering Nmap and its scripting engine, covering practical tasks for penetration testers and system administrators,
  3. Rob. Flickenger. 2003. Linux server hacks, O’Reilly.
  4. Gordon Fyodor. Lyon. 2008. Nmap network scanning : official Nmap project guide to network discovery and security scanning, Insecure.Com, LLC.
  5. Nicholas. Marsh. 2015. Nmap 6 cookbook : the fat-free guide to network scanning, CreateSpace.
  6. Angela. Orebaugh and Becky. Pinkard. 2008. Nmap in the enterprise : your guide to network scanning, Syngress Pub.
  7. Paulino Calderon. Pale. 2015. Mastering the Nmap Scripting Engine., Packt Publishing.
  8. Paulino Calderon. Pale. 2012. Nmap 6 : network exploration and security auditing Cookbook, Packt Pub.
  9. Gregor N. Purdy. 2004. Linux iptables : pocket reference, O’Reilly Media.
  10. Michael. Rash. 2007. Linux firewalls : attack detection and response with iptables, psad, and fwsnort, No Starch Press.
  11. David Shaw. Nmap essentials : harness the power of Nmap, the most versatile network port scanner on the planet, to secure large scale networks,
  12. J. Viega, M. Messier, and P. Chandra. 2002. Network Security with OpenSSL: Cryptography for Secure Communications,
  13. John. Viega, Matt. Messier, and Pravir. Chandra. 2002. Network security with OpenSSL, O’Reilly.
  14. Anon. Insecure.Org – Nmap Free Security Scanner, Tools & Hacking resources. Retrieved March 20, 2017 from http://insecure.org/
  15. Anon. OpenSSL Manual. Retrieved March 20, 2017 from https://www.openssl.org/docs/man1.1.1/man1/
  16. Anon. OpenSSL Website. Retrieved March 20, 2017 from https://www.openssl.org/