tools and description
TRANSCRIPT
-
8/16/2019 Tools and Description
1/84
Zdks crtkahf rfvkfws tnp tfg gftwnri cgchysks tnnhs enr jkeefrfgt eugatkngch crfcs.
3. Qnhcr\kgjs GftEhnw Zrcea Cgchyzfr, cic Nrkng GZC
Euhh kgvfstklctkng ne gftwnri catkvktkfs
Qnhcr\kgjs GftEhnw Zrceeka Cgchyzfr ks c wkjfhy usfj GftEhnw cgchysks utkhkty. Kt dfhps tn fxphnrf
trceeka ehnw catkvktkfs nvfr tdf gftwnri cgj fxcokgfs tdf jfvkaf fdcvknur enr fxafsskvf trceeka ehnw.
Zdks tnnh chhnws gftwnri cjokgkstrctnrs tn rf!uhctf fxtrfof cgjwkjtd utkhksctkng enr sonntd gftwnri
npfrctkngs wktdnut up!rcjkg! gftwnri rfsnurafs.
GftEhnw Zrceeka Cgchyzfr acg fxcokgf stcgjcrj "Ehnw# jctc ne ouhtkvfgjnr gftwnri jfvkafs suad cs
$ksan% &ugkpfr% 'kvfrfj% ()% Gnrtfh% nr (ucwfk wktd afgtrch *+K csfj gftwnri cpphkactkngs. Kt chsn
suppnrts trk!!frfj chfrts cgj rfpnrts ng tdf csks ne caauouhctfj "Ehnw# jctc tn cadkfvf cpprnprkctf
gftwnri utkhkzctkng. Kgstfcj ne K) nr pnrt csfj "Ehnw# cgchysks% ynu acg chsn ocp anoong wf
cpphkactkngs suad cs Ecafnni% Zwkttfr% nr tnrrfgt sktfs enr cpphkactkng csfj cgchysks.
+skg! tdks utkhkty cjokgkstrctnr ynu acg austnoksf jkeefrfgt adcrt fhfofgts tn skophkey tdf adcrt vkfw
y fhkokgctkg! uggfafsscry jctc. Zdks tnnh chsn suppnrts sEhnw v, - v cgj vQwktad kgtfrecafs tn
acpturf jctc.
Prkaf= Qtcrts ct /0321: 65
-
8/16/2019 Tools and Description
2/84
. Chactfh !"afgt#s $ntk%f Gftwnri Cgchyzfr & An''fr
Vhtkoctf utkhkty tn fxcokgf sfrvkaf prnvkjfr‛s anppfr caafss gftwnri
4ntkvf Gftwnri Cgchyzfr ; $nppfr =GC,@% 7Q>,% cgj 7Q>, vfatnrkg! cgj
ngjkg!.
4ntkvf GCkgf Zfstkg! =QB>Z9 cgj 7uchkgf Zfstkg! =7B>Z9 tn kjfgtkey vcrknus anggfatkvkty
prnhfos% kgahujkg! jftfatkng cgj hnachkzctkng ne npfg akrauktAsdnrt akraukt ecuhts cgj pnwfrfj jnwg
$)B jftfatkng. 4ntkvf GC
-
8/16/2019 Tools and Description
3/84
(. Chactfh !"afgt#s $ntk%f Gftwnri Cgchyzfr & Ekbfr
Vhtkoctf utkhkty tn ocgclf bfr caafss gftwnris
4ntkvf Gftwnri Cgchyzfr ; Ekfr =GC
-
8/16/2019 Tools and Description
4/84
• ,koktfj tn "fr caafss gftwnr#s
• c#fs tkof tn ugjfrstcgj kts fcturfs
). Gc*kns Gftwnri Cgchyzfr
Jftckhfj cgchysks enr sochh tn hcrlf sachf gftwnris
Gc!kns Gftwnri Cgchyzfr ks c wkjfhy usfj ehnw jctc cgchysks snhutkng utkhkty. Kt neefrs jftckhfj cgchysks
ne vcrknus gftwnri sfrvkafs suad cs )F)6% (ZZ)% K$4)% fta. Kt !fgfrctfs 8ukai cgj fcskhy
kgtfrprftfj adcrts tn rfekgf acpturfj jctc wktd vfry vchuchf stctkstkas hkif prnafssnr% jksi usc!f%
cgjwkjtd utkhksctkng cgj ouad onrf tn cssfss c gftwnri?s dfchtd.
Gc!kns Gftwnri Cgchyzfr acg f fcskhy kgtf!rctfj wktd Gc!kns KL cgj acg chsn f austnoksfj tn
offt gftwnri rf8ukrfofgts. Zdks tnnh prnvkjfs c afgtrch vkfw ne gftwnri trceeka cgj cgjwkjtd
utkhksctkngs cgj chsn neefrs cutnoctfj chfrts cgj QG4) trcps wdfg suspkaknus catkvkty tcifs phcaf ng
tdf gftwnri.
Zdf Gc!kns Gftwnri Cgchyzfr systfo dcs twn actf!nrkfs ne hkafgakg!J
09 Fpfg Qnuraf enugjctkng anrfs cgj anopngfgts hkif GE7+4) cgj ''7Znnh.
,9 Gc!kns Gftwnri Cgchyzfr +K cgj systfo ercofwnris% wdkad crf rfhfcsfj ugjfr c anoofrakch
hkafgsf cgj angtckg snof anjf usfj ugjfr hkafgsf y Gc!kns Bgtfrprksfs tdct acggnt f rfhfcsfj
ugjfr cg FQQ hkafgsf.
Prkaf= /DD1 enr 0 hkafgsf dttps=//www.gclkns.ano/prnjuats/gclkns-gftwnr#-
cgchyzfr/6prkakgl
+nwghncj !kgi=
dttps=//www.gclkns.ano/jnwghncjs/gclkns-gftwnr#-cgchyzfr/
https://www.nagios.com/products/nagios-network-analyzer/#pricinghttps://www.nagios.com/products/nagios-network-analyzer/#pricinghttps://www.nagios.com/downloads/nagios-network-analyzer/https://www.nagios.com/products/nagios-network-analyzer/#pricinghttps://www.nagios.com/products/nagios-network-analyzer/#pricinghttps://www.nagios.com/downloads/nagios-network-analyzer/
-
8/16/2019 Tools and Description
5/84
\fbsktf=
dttps=//www.gclkns.ano/prnjuats/gclkns-gftwnr#-cgchyzfr/
Prns
• 2noprfdfgskvf jcsd"ncrj
• 0cskhy ugjfrstcgjc"hf lrcpds
• Cutnoctfj chfrt systfo
• Cjvcgafj usfr ocgclfofgt
Angs
• &noftkofs gn rfspngsf wktd senw acpturf
. $cgc*f-g*kgf GftEhnw Cgchyzfr
Lnnj enr ofjkuo tn hcrlf sachf ouhtk-vfgjnr gftwnris
4cgc!fBg!kgf Gftehnw Cgchyzfr ks c !nnj adnkaf tn fxcokgf ouhtkCGA\CG fgvkrngofgts.
+skg! tdks utkhkty ynu wkhh f chf tn cgchysf onst GftEhnw pcaifts nrk!kgctkg! erno fgtfrprksf rnutfrs
nr swktadfs% cgj kt chsn dfhps cjokgkstrctnrs y prnjuakg! gftwnri trceeka rfpnrts tn rfan!gksf tdf
ng!nkg! catkvktkfs ne tdf gftwnri.
Zdks tnnh acg feefatkvfhy anhhfat vcrknus trceeka ehnws suad cs GftEhnw% sEhnw% Ehnw% fta.% cgj prnvkjfs
hfss anophkactfj jctc nutanofs enr fcsy ugjfrstcgjkg!. Kt chsn fgchfs ynu tn austnoksf vcrknus
jfvkaf ehnws kgtn jkeefrfgt !rnups tn ocgc!f ouhtkphf gftwnris cs c skg!hf fgtkty.
4cgc!fBg!kgf Gftehnw Cgchyzfr jnfsg?t rf8ukrf cgy spfakch dcrjwcrf angek!urctkng tn rug cgj acg
ocp onst cpphkactkng ehnws suad cs Frcahf% )fnphfQnet% 4QQ>% fta. Kt dcs cg ckhkty tn kgtf!rctf
dk!d fgj $ksan tfadgnhn!kfs suad cs GMC'% $MnQ% fta.% cgj chsn jfch wktd rfch tkof gftwnri
nsfrvctkng tn prnvkjf kg
-
8/16/2019 Tools and Description
6/84
Enr 'rkakg* nr nrf kg/nrctkng %kskt=
dttps=//www.ocgclffglkgf.ano/prnjuats/gftenw/
Prns
• Uchkjctkng n 5n& pnhkakfs
• Cutnoctfj 'ftenw rfpnrts
• :g-jfptd cgchysks "y arfctkgl :) nr +fvkaf lrnups
• 3nhf-"csfj usfr caafss
0. Acs'c Erff
Rfanoofgjfj erffwcrf utkhkty enr !" cgchysks
$cspc Erff ks c erffwcrf utkhkty enr Btdfrgft ongktnrkg!% trnuhfsdnntkg! cgj cgchysks. Kt neefrs ntd
>CG cgj \>CG gfcr rfch
-
8/16/2019 Tools and Description
7/84
Prns
• :g-jfptd ,C' cgchysks
• 2ustnoksfj cutnoctfj chcros
• 0csy tn ugjfrstcgj gftwnr# cgchysks rfanoofgjfj nr hfcrgkgl purpnsfs%
Angs
• !fwfr nptkngs nr austnoksctkng
• ,koktfj tn 0tdfrgft pca#fts cgchysks
. \krfs2cri
! erffwcrf tnnh rfanoofgjfj enr sochh cgj ofjkuo fgtfrprksf gftwnris
\krfsdcri ks c wfhhkgux% FQ L% Qnhcrks% fta. Kt acg acpturf jctc erno vcrknus
snurafs kgahujkg! Btdfrgft% \>CG% \CG cgj ocgy ntdfrs. $cpturfj jctc acg f caafssfj vkc *+K%
ZZI
-
8/16/2019 Tools and Description
8/84
• 0xcokgctkng n ,C'/4C' prntnanhs
• :g-jfptd Un:) cgchysks
Angs
• !fwfr nptkngs nr adcrts/rfpnrtkgl
• ,koktfj ugatkngchktkfs cs acg "f fxpfatfj rno rffwcrf utkhktkfs
1. Achk*crf Ehnw :gs'fatnr
! anophftf gftwnri cgchysks wkt# hnts ne angjktkngch austnoksctkngs
$chk!crf ks cg neekakch $ksan pcrtgfr kg tfadgnhn!y jfvfhnpofgt cgj kts Ehnw Kgspfatnr tnnh prnvkjfs
nptkoch GftEhnw cgchysks wktd jkeefrfgt sft angjktkngs suad cs snurafAjfstkgctkng K) cjjrfssfs%
kgtfrecafs% cgj Z$)A+)7AK$4) prntnanhs. Kt chsn neefrs rfch tkof gftwnri cgchysks cgj usfr jctc
trcaikg! sn tdct gftwnri cjokgkstrctnrs acg rfjuaf tdf rksi ne jctc nr gftwnri eckhurf. Zdf fst pcrt
cnut tdks utkhkty ks kts stctkstkas rfpnrts. +skg! tdks snetwcrf prn!rco ynu wkhh f chf tn ignwJ
•
&nuraf cgj +fstkgctkng dnsts wktd tdf dkldfst gftwnr# utkhksctkng• (nst usfj cpphkactkngs tdrnuldnut tdf gftwnr#
• np onst prntnanhs jkstrk"utkng nvfr tdf gftwnr#
• &nuraf cgj +fstkgctkng Cutngnonus &ystfos wktd tdf onst gftwnr# enws
• np kgtfrcafs$ gfxt-dnps cgj :2() jkstrk"utkngs$ fta.
Prkaf= Zn ekgj prkakg! kgenroctkng enr tdf )rnefsskngch fjktkng =enr 0
-
8/16/2019 Tools and Description
9/84
• ,+C) cutdfgtkactkng suppnrt
Angs
• !rff cgj )rnfsskngch vfrskngs dcvf snof hkoktctkngs
6. QtffhAfgtrch Pcaift Cgchyzfr
! tnnh wkt# $ukai cgchysks ne ouhtk-lklcbytf trcaf hfs
Qtffh$fgtrch )caift Cgchyzfr% chsn ignwg cs $csacjf )khnt% ks c prnjuat ne wfhh
-
8/16/2019 Tools and Description
10/84
35.
-
8/16/2019 Tools and Description
11/84
ZNP 5
0. (karnsnt 'ftwnr# (ngktnr4karnsnet Gftwnri 4ngktnr ks c pcaift cgchyzfr tdct chhnws ynu tn acpturf% vkfw cgj
cgchyzf gftwnri trceeka. Zdks tnnh ks dcgjy enr trnuhfsdnntkg! gftwnri prnhfos cgj
cpphkactkngs ng tdf gftwnri. 4ckg efcturfs kgahujf suppnrt enr nvfr 655 puhka cgj
4karnsnet prnprkftcry prntnanhs% skouhtcgfnus acpturf sfsskngs% c \krfhfss 4ngktnr
4njf cgj sgkeekg! ne prnoksaunus onjf trceeka% cong!st ntdfrs.
\dfg ynu hcugad 4karnsnet Gftwnri 4ngktnr% adnnsf wdkad cjcptfr tn kgj tn erno
tdf ockg wkgjnw cgj tdfg ahkai "Gfw $cpturf# tn kgktkctf c gfw acpturf tc. \ktdkg
tdf $cpturf tc% ahkai "$cpturf Qfttkg!s# tn adcg!f ekhtfr nptkngs% cjcptfr nptkngs% nr
!hnch sfttkg!s caanrjkg!hy cgj tdfg dkt "Qtcrt# tn kgktkctf tdf pcaift acpturf prnafss.
,. 'clkns
Gc!kns ks c pnwfreuh gftwnri ongktnrkg! tnnh tdct dfhps ynu tn fgsurf tdct ynur arktkachsystfos% cpphkactkngs cgj sfrvkafs crf chwcys up cgj ruggkg!. Kt prnvkjfs efcturfs
suad cs chfrtkg!% fvfgt dcgjhkg! cgj rfpnrtkg!. Zdf Gc!kns $nrf ks tdf dfcrt ne tdf
cpphkactkng tdct angtckgs tdf anrf ongktnrkg! fg!kgf cgj c cska wf +K. Fg tnp ne
tdf Gc!kns $nrf% ynu crf chf tn kophfofgt phu!kgs tdct wkhh chhnw ynu tn ongktnr
sfrvkafs% cpphkactkngs% cgj oftrkas% c adnsfg erngtfgj cs wfhh cs cjj jctccsf suppnrt% cong!st
ntdfrs.
Zkp= Ke ynu wcgt tn try nut Gc!kns wktdnut gffjkg! tn kgstchh cgj angek!urf kt erno
sarctad% jnwghncj Gc!kns LK cgj fgchf tdf erff vfrskng. Gc!kns LK ks tdf prf<angek!urfj fgtfrprksf ahcss vfrskng ukht upng Gc!kns $nrf cgj ks caifj y c
anoofrakch anopcgy tdct neefrs suppnrt cgj cjjktkngch efcturfs suad cs onrf phu!kgs
cgj cjvcgafj rfpnrtkg!.
Gntf= Zdf erff vfrskng ne Gc!kns LK ks kjfch enr sochhfr fgvkrngofgts cgj wkhh ongktnr
up tn sfvfg gnjfs.
http://www.microsoft.com/en-us/download/details.aspx?id=4865https://www.nagios.org/downloads/http://www.microsoft.com/en-us/download/details.aspx?id=4865https://www.nagios.org/downloads/
-
8/16/2019 Tools and Description
12/84
Fgaf ynu?vf kgstchhfj cgj angek!urfj Gc!kns% hcugad tdf \f +K cgj f!kg tn
angek!urf dnst !rnups cgj sfrvkaf !rnups. Fgaf Gc!kns dcs dcj snof tkof tnongktnr tdf stctus ne tdf spfakekfj dnsts cgj sfrvkafs% kt acg stcrt tn pckgt c pkaturf ne
wdct tdf dfchtd ne ynur systfos hnni hkif.
6. N'fgG$QFpfgG4Q ks cg npfg snuraf fgtfrprksf !rcjf gftwnri ocgc!fofgt cpphkactkng tdct
neefrs cutnoctfj jksanvfry% fvfgt cgj gntkekactkng ocgc!fofgt% pfrenrocgaf
ofcsurfofgt% cgj sfrvkaf cssurcgaf efcturfs. FpfgG4Q kgahujfs c ahkfgt cpp enr
tdf k)dngf% k)cj nr k)nj Znuad enr ngnutc!fs% gnjfs% chcros cgj cjj cg kgtfrecaf tn ongktnr.
Fgaf ynu suaafsseuhhy hn!kg tn tdf FpfgG4Q wf +K% usf tdf jcsdncrj tn !ft c
8ukai Hsgcpsdnt vkfw? ne cgy nutc!fs% chcros nr gntkekactkngs. Inu acg jrkhh jnwg cgj
!ft onrf kgenroctkng cnut cgy ne tdfsf sfatkngs erno tdf Qtctus jrnp jnwg ofgu.
Zdf 'fpnrts sfatkng chhnws ynu tn !fgfrctf rfpnrts tn sfgj y f
-
8/16/2019 Tools and Description
13/84
. Cj%cgafj :P Qacggfr Cjvcgafj K) Qacggfr ks c ecst cgj fcsy tn usf gftwnri sacggfr tdct jftfats cgy
gftwnri jfvkafs =kgahujkg! wkrfhfss jfvkafs suad cs onkhf pdngfs% prkgtfrs cgj
\KEK rnutfrs9 ng ynur gftwnri. Kt chhnws ynu tn anggfat tn anoong sfrvkafs suad cs
(ZZ)% EZ) cgj sdcrfj enhjfrs ke tdfy crf fgchfj ng tdf rfontf ocadkgf. Inu crfchsn chf tn wcif up cgj sdut jnwg rfontf anoputfrs.
Zdf kgstchhfr chhnws ynu tn euhhy kgstchh tdf cpphkactkng ng ynur ocadkgf nr rug tdf
pnrtchf vfrskng. \dfg ynu hcugad Cjvcgafj K) Qacggfr% stcrt y !nkg! tn Qfttkg!s O
Fptkngs tn sfhfat wdkad rfsnurafs tn sacg cgj dnw ecstAcaaurctf ynu wcgt tdf rfsuhts
tn f. Inu acg tdfg adnnsf wdkad sugft tn sacg cgj prnaffj wktd prfsskg! tdf
"Qacg# uttng. Fgaf tdf sacg ks anophftf% fxpcgj tdf rfsuhts tn sff wdkad rfsnurafs
ynu crf chf tn anggfat tn enr fcad jksanvfrfj jfvkaf.
1. 2cpsc !rff$cpsc Erff ks c gftwnri cgchyzfr tdct chhnws ynu tn ongktnr gftwnri trceeka%
trnuhfsdnnt gftwnri kssufs cgj cgchyzf pcaifts. Efcturfs kgahujf suppnrt enr nvfr
655 gftwnri prntnanhs =kgahujkg! tdf ckhkty tn arfctf cgj austnokzf prntnanhs9% 4QG
cgj Icdnn 4fssfg!fr ekhtfrs% fockh ongktnr cgj cutn
-
8/16/2019 Tools and Description
14/84
\dfg ynu hcugad $cpsc% adnnsf tdf cjcptfr ynu wcgt kt tn kgj tn cgj ahkai "Qtcrt# tn
kgktkctf tdf acpturf prnafss. +sf tdf tcs kg tdf ockg wkgjnw tn vkfw tdf jcsdncrj%
c suoocry ne tdf trceeka stctkstkas% tdf Z$)A+7) angvfrsctkngs% cs wfhh cs pcaift
cgchysks.
. !kjjhfrEkjjhfr ks c wf jfu!!kg! tnnh tdct acpturfs (ZZ) trceeka ftwffg adnsfg
anoputfrs cgj tdf Kgtfrgft. Kt chhnws ynu tn cgchyzf kganokg! cgj nut!nkg! jctc tn
ongktnr cgj onjkey rf8ufsts cgj rfspngsfs fenrf tdfy dkt tdf rnwsfr. Ekjjhfr !kvfs
ynu fxtrfofhy jftckhfj kgenroctkng cnut (ZZ) trceeka cgj acg f usfj enr tfstkg! tdf
pfrenrocgaf ne ynur wfsktfs nr sfaurkty tfstkg! ne ynur wf cpphkactkngs =f.!. Ekjjhfr
acg jfarypt (ZZ)Q trceeka9.
\dfg ynu hcugad Ekjjhfr% (ZZ) trceeka wkhh stcrt tn f acpturfj cutnoctkachhy. Zn
tn!!hf trceeka acpturkg!% dkt E0,. Inu acg adnnsf wdkad prnafssfs ynu wksd tn acpturf
(ZZ) trceeka enr y ahkaikg! ng "Chh )rnafssfs# kg tdf nttno stctus cr% nr y jrc!!kg!
tdf "Cgy )rnafss# kang erno tdf tnp ofgu cr ngtn cg npfg cpphkactkng.
2. 'ftwnr#(kgfrGftwnri4kgfr acpturfs gftwnri pcaifts cgj tdfg pcrsfs tdf jctc tn fxtrcat ekhfs cgj
koc!fs% dfhpkg! ynu tn rfangstruat fvfgts tdct c usfr dcs tcifg ng tdf gftwnri ; kt
acg chsn jn tdks y pcrskg! c prf
-
8/16/2019 Tools and Description
15/84
Kg tdf fxcophf cnvf% K sft Gftwnri4kgfr tn acpturf pcaifts% npfgfj c wf rnwsfr
cgj sfcradfj enr "snaafr# cs c ifywnrj ng *nn!hf Koc!fs. Zdf koc!fs jksphcyfj kg
tdf Koc!fs tc crf wdct K scw jurkg! oy rnwsfr sfsskng.
\dfg ynu hncj Gftwnri4kgfr% adnnsf c gftwnri cjcptfr tn kgj tn cgj dkt tdf "Qtcrt#
uttng tn kgktkctf tdf pcaift acpturf prnafss.
3. )cgjnrc !(&)cgjnrc E4Q ks c pfrenrocgaf ongktnrkg!% gftwnri ongktnrkg! cgj cvckhckhkty
ocgc!fofgt tnnh tdct iffps cg fyf ng sfrvfrs% cpphkactkngs cgj anoougkactkngs. Kt
dcs cg cjvcgafj fvfgt anrrfhctkng systfo tdct chhnws ynu tn arfctf chfrts csfj ng
fvfgts erno jkeefrfgt snurafs cgj gntkey cjokgkstrctnrs fenrf cg kssuf fsachctfs.
\dfg ynu hn!kg tn tdf )cgjnrc E4Q \f +K% stcrt y !nkg! tn tdf HC!fgt jftckh? cgj
HQfrvkafs? gnjf erno tdf hfet dcgj gcvk!ctkng pcgf. Erno dfrf% ynu acg angek!urf
ongktnrkg! c!fgts cgj sfrvkafs.
D. Bfgnss 2nrfNfgnss $nrf ks c pnwfreuh npfg snuraf KZ ongktnrkg! phctenro tdct ongktnrs
cpphkactkngs% sfrvfrs% stnrc!f% gftwnrikg! cgj vkrtuchkzctkng tn prnvkjf cvckhckhkty cgj
pfrenrocgaf stctkstkas. Kt chsn dcs c dk!d pfrenrocgaf fvfgt dcgjhkg! systfo cgj cg
cjvcgafj gntkekactkng systfo.
http://sourceforge.net/projects/pandora/?source=directoryhttp://sourceforge.net/projects/zenoss/http://sourceforge.net/projects/pandora/?source=directoryhttp://sourceforge.net/projects/zenoss/
-
8/16/2019 Tools and Description
16/84
Fgaf ynu hn!kg tn Nfgnss $nrf \f +K enr tdf ekrst tkof% ynu crf prfsfgtfj wktd c
twnC ongktnrkg!% nQ ongktnrkg!
=,9 Ehfxkhf Chfrtkg!% kgahujkg! D jkeefrfgt gntkekactkng oftdnjs% stctus chfrts% hkoktchfrts% tdrfsdnhj chfrts% angjktkngch chfrts% cgj chfrt sadfjuhkg!
=69 Kg
-
8/16/2019 Tools and Description
17/84
\dfg ynu hcugad )'Z* Gftwnri 4ngktnr% dfcj strck!dt tn tdf angek!urctkng wkzcrj tn
!ft stcrtfj. Zdks wkzcrj wkhh rug ynu tdrnu!d tdf ockg angek!urctkng sfttkg!s rf8ukrfj
tn !ft tdf cpphkactkng up cgj ruggkg!% kgahujkg! tdf cjjkg! ne sfrvfrs tn ongktnrs cgjwdkad sfgsnrs tn usf.
00. df +ujfZdf 7ujf ks c gftwnri ongktnrkg! tnnh tdct ongktnrs jfvkafs cgj chfrts ynu wdfg
tdfrf ks c prnhfo. Kt acg chsn cutnoctkachhy sacg chh jfvkafs ng c !kvfg sugft cgj
tdfg jrcw cgj hcynut c ocp ne ynur gftwnri.
\dfg ynu hcugad Zdf 7ujf% ynu ekrst adnnsf tn anggfat tn c hnach nr rfontf gftwnri
cgj spfakey arfjfgtkchs caanrjkg!hy. $hkai HQfttkg!s? tn angek!urf nptkngs enr QG4)%
)nhhkg!% Qyshn! cgj 'fpnrts.
0, &phug#Qphugi ks c jctc anhhfatkng cgj cgchysks phctenro tdct chhnws ynu tn ongktnr% !ctdfr
cgj cgchyzf jctc erno jkeefrfgt snurafs ng ynur gftwnri =f.!. fvfgt hn!s% jfvkafs%
sfrvkafs% Z$)A+7) trceeka% fta9. Inu acg sft up chfrts tn gntkey ynu wdfg snoftdkg! ks
wrng! nr usf Qphugi?s fxtfgskvf sfcrad% rfpnrtkg! cgj jcsdncrj efcturfs tn ocif
http://www.mikrotik.com/thedudehttp://www.splunk.com/downloadhttp://www.mikrotik.com/thedudehttp://www.splunk.com/download
-
8/16/2019 Tools and Description
18/84
tdf onst ne tdf anhhfatfj jctc. Qphugi chsn chhnws ynu tn kgstchh HCpps? tn fxtfgj
systfo eugatkngchkty.
Gntf= \dfg ynu ekrst jnwghncj cgj kgstchh Qphugi% kt cutnoctkachhy kgstchhs tdf
Bgtfrprksf vfrskng enr ynu tn trkch enr 5 jcys fenrf swktadkg! tn tdf Erff vfrskng. Zn
swktad tn tdf Erff vfrskng strck!dt cwcy% !n tn 4cgc!fr O >kafgskg!.
\dfg ynu hn!kg tn tdf Qphugi wf +K enr tdf ekrst tkof% cjj c jctc snuraf cgj
angek!urf ynur kgjfxfs tn !ft stcrtfj. Fgaf ynu jn tdks ynu acg tdfg arfctf rfpnrts%
ukhj jcsdncrjs% cgj sfcrad cgj cgchyzf jctc.
06. Cglry :) &acggfr Cg!ry K) Qacggfr ks stcgjchngf cpphkactkng tdct ecakhktctfs K) cjjrfss cgj pnrt
sacggkg!. Kt ks usfj tn sacg c rcg!f ne K) cjjrfssfs tn ekgj dnsts tdct crf chkvf cgj
ntckg kgenroctkng cnut tdfo =kgahujkg! 4C$ cjjrfss% npfg pnrts% dnstgcof% pkg!
tkof% GftMkns kgenroctkng% fta9.
\dfg ynu fxfautf tdf cpphkactkng% !n tn Znnhs O )rfefrfgafs tn angek!urf Qacggkg!
cgj )nrt nptkngs% tdfg !n tn Znnhs O Eftadfrs tn adnnsf wdct kgenroctkng tn !ctdfr
erno fcad sacggfj K) cjjrfss.
http://www.angryip.org/w/Downloadhttp://www.angryip.org/w/Download
-
8/16/2019 Tools and Description
19/84
0 :akg*c Kak!gc ks c >kgux csfj euhhy npfg snuraf ongktnrkg! cpphkactkng wdkad adfais tdf
cvckhckhkty ne gftwnri rfsnurafs cgj koofjkctfhy gntkekfs usfrs wdfg snoftdkg! !nfs
jnwg. Kak!gc prnvkjfs uskgfss kgtfhhk!fgaf jctc enr kg jfptd cgchysks cgj c pnwfreuh
anoocgj hkgf kgtfrecaf.
\dfg ynu ekrst hcugad tdf Kak!gc wf +K% ynu crf prnoptfj enr arfjfgtkchs. Fgaf
ynu?vf cutdfgtkactfj% usf tdf gcvk!ctkng ofgu ng tdf hfet dcgj skjf tn ocgc!f tdf
angek!urctkng ne dnsts% vkfw tdf jcsdncrj% rfpnrts% sff c dkstnry ne fvfgts% cgj
onrf.
01. ntch 'ftwnr# (ngktnrZntch Gftwnri 4ngktnr angtkgunushy ongktnrs dnsts cgj sfrvkafs ng tdf hnach gftwnri%
gntkeykg! ynu ne cgy kssufs tdct rf8ukrf cttfgtkng vkc c jftckhfj rfpnrt ne tdf prnhfo.
Zdf rfsuht ne fcad prnf ks ahcsskekfj uskg! !rffg% rfj% nr hcai anhnrs tn 8ukaihy sdnw
wdftdfr tdf prnf wcs suaafsseuh% dcj c gf!ctkvf rfsuht nr wcsg?t chf tn anophftf.
\dfg ynu hcugad Zntch Gftwnri 4ngktnr% !n tn Znnhs O Qacg \kzcrj tn dcvf tdf
wkzcrj sacg c spfakekfj gftwnri rcg!f cutnoctkachhy cgj cssk!g tdf jksanvfrfj dnsts
tn c !rnup. Chtfrgctkvfhy% arfctf c gfw !rnup ocguchhy tn stcrt cjjkg! jfvkafsAdnsts
kgjkvkjuchhy.
0. 'ftA(&
https://www.icinga.org/download/http://www.softinventive.com/total-network-monitor/http://www.netxms.org/download/https://www.icinga.org/download/http://www.softinventive.com/total-network-monitor/http://www.netxms.org/download/
-
8/16/2019 Tools and Description
20/84
GftL4Q ks c ouhtk
-
8/16/2019 Tools and Description
21/84
Fgaf ynu?vf kgstchhfj Lyong% tdf ekrst phcaf ynu gffj tn !n ks tdf dnsts.ae! ekhf tn cjj
tdf dnsts tdct ynu crf !nkg! tn ongktnr. (frf% ynu cjj kgenroctkng suad cs tdf dnst K)
cjjrfss% tdf gftwnri sfrvkafs tn f ongktnrfj% wdct +'>s tn adfai% cgj sn ng.
\dfg ynu hcugad tdf Lyong \f +K% tdf ockg pc!f hksts tdf systfos cgj sfrvkafs
fkg! ongktnrfj y Lyong. $hkaikg! ng fcad systfo nr sfrvkaf chhnws ynu tn rkg! up
stctus kgenroctkng cnut c pcrtkauhcr dnst cgj tdfg jrkhh jnwg tn vkfw spfakeka
kgenroctkng suad cs $)+ utkhkzctkng% ofonry angsuoptkng% 'CK7 stctus% fta.
03. 4krfhfss'ftUkfw\krfhfssGftkfw ks c hk!dtwfk!dt utkhkty =cvckhchf cs c stcgjchngf fxfautchf nr
kgstchhctkng pcaic!f9 tdct ongktnrs tdf catkvkty ne rfcadchf wkrfhfss gftwnris cgj
jksphcys kgenroctkng rfhctfj tn tdfo% suad cs QQK7% Qk!gch uchkty% 4C$ Cjjrfss%
$dcggfh Guofr% $kpdfr Ch!nrktdo% fta.
Cs snng cs ynu fxfautf \krfhfssGftkfw% kt cutnoctkachhy pnpuhctfs c hkst ne chh
rfcadchf \k
-
8/16/2019 Tools and Description
22/84
Fgaf ynu hcugad \k
-
8/16/2019 Tools and Description
23/84
!gj t#frf‛s onrf& 'e ynu‛rf c sys cjokg t#ct‛s bffg ecafj wkt# ochwcrf
kgefatkng( arcaifj pcsswnrjs( jfecafj wfbsktf( anoprnoksfj J")(
hkafgskgl vknhctkngs( stnhfg #crjwcrf cgj nt#fr kssufs w#ka# acg acusf
acrjkca crrfst* %f #cvf w#ct ynu gffj& Jnwghncj t#ks erff f-bnni+ Ekrst
!kj ,kt enr !jokgs tnjcy&
QG:EE:G4 ZNN!Q=
Znp 30 Jctc/Pcaift Qgkeekgl cgj Cgchyzfr
Znnhs enr Dcaifrs
3= \krfsdcri
\krfsdcri (ignwg cs Ftdfrfch ugtkh c trcjfocri jksputf kg Quoofr 2005) ks c ecgtcstka
npfg snuraf gftwnri prntnanh cgchyzfr enr Vgkx cgj \kgjnws. Kt chhnws ynu tn fxcokgf
jctc erno c hkvf gftwnri nr erno c acpturf ffihf ng jksi. [nu acg kgtfrcatkvfhy brnwsf tdfacpturf jctc, jfhvkgl jnwg kgtn must tdf hfvfh ne pcaift jftckh ynu gffj. \krfsdcri dcs
sfvfrch pnwfreuh efcturfs, kgahujkgl c rkad jksphcy ffihtfr hcgluclf cgj tdf cbkhkty tn vkfw
tdf rfangstruatfj strfco ne c ZAP sfsskng. Kt chsn suppnrts dugjrfjs ne prntnanhs cgj
ofjkc typfs. C tapjuop-hkif angsnhf vfrskng gcofj tftdfrfch ks kgahujfj. Ngf wnrj ne
acutkng ks tdct Ftdfrfch dcs sufffrfj erno jnzfgs ne rfontfhy fxphnktcbhf sfaurkty dnhfs,
http://www.gfi.com/landing/firstaid/?adv=13558&loc=1http://www.gfi.com/landing/firstaid/?adv=13558&loc=1http://www.wireshark.org/http://www.gfi.com/landing/firstaid/?adv=13558&loc=1http://www.gfi.com/landing/firstaid/?adv=13558&loc=1http://www.wireshark.org/
-
8/16/2019 Tools and Description
24/84
sn stcy up-tn-jctf cgj bf wcry ne ruggkgl kt ng ugtrustfj nr dnstkhf gftwnris (suad cs
sfaurkty angefrfgafs).
dttp=//ofjkc-2.acaftfad.ano/vkjfn/wkrfsdcri/kgtrnjuatkng-tn-wkrfsdcri/
2= Zapjuop
Zapjuop ks tdf KP sgkfffr wf chh usfj bfenrf Ftdfrfch (\krfsdcri) acof ng tdf safgf,
cgj ocgy ne us angtkguf tn usf kt erfqufgthy. Kt ocy gnt dcvf tdf bfhhs cgj wdksthfs
(suad cs c prftty LVK nr pcrskgl hnlka enr dugjrfjs ne cpphkactkng prntnanhs) tdct
\krfsdcri dcs, but kt jnfs tdf mnb wfhh cgj wktd efwfr sfaurkty dnhfs. Kt chsn rfqukrfs
efwfr systfo rfsnurafs. \dkhf kt jnfsg‛t rfafkvf gfw efcturfs netfg, kt ks catkvfhy
ockgtckgfj tn ffix buls cgj pnrtcbkhkty prnbhfos. Kt ks lrfct enr trcaikgl jnwg gftwnri
prnbhfos nr ongktnrkgl catkvkty. Zdfrf ks c sfpcrctf \kgjnws pnrt gcofj \kgJuop.
ZAPJuop ks tdf snuraf ne tdf Hkbpacp/\kgPacp pcaift acpturf hkbrcry, wdkad ks usfj
byGocp congl ocgy ntdfr tnnhs.
1= Ackg cgj Cbfh
VGKT usfrs netfg soulhy cssfrt tdct tdf bfst erff sfaurkty tnnhs suppnrt tdfkr phctenro
ffirst, cgj \kgjnws pnrts crf netfg cg cetfrtdnuldt. Zdfy crf usuchhy rkldt, but Ackg &
Cbfh ks c lhcrkgl fxafptkng. Zdks \kgjnws-nghy pcsswnrj rfanvfry tnnh dcgjhfs cgfgnronus vcrkfty ne tcsis. Kt acg rfanvfr pcsswnrjs by sgkfigl tdf gftwnri, arcaikgl
fgaryptfj pcsswnrjs uskgl Jkatkngcry, Brutf-Enraf cgj Aryptcgchysks cttcais, rfanrjkgl
UnKP angvfrsctkngs, jfanjkgl sarcobhfj pcsswnrjs, rfvfchkgl pcsswnrj bnxfs,
uganvfrkgl acadfj pcsswnrjs cgj cgchyzkgl rnutkgl prntnanhs. Kt ks chsnwfhh
jnauofgtfj.
:= Iksoft
Iksoft ks cg angsnhf (gaursfs) bcsfj 402.33 hcyfr2 wkrfhfss gftwnri jftfatnr, sgkfffr,
cgj kgtruskng jftfatkng systfo. Kt kjfgtkffifs gftwnris by pcsskvfhy sgkfigl (cs nppnsfj
tn onrf catkvf tnnhs suad csGftQtuobhfr), cgj acg fvfg jfahnci dkjjfg (gng-
bfcangkgl) gftwnris ke tdfy crf kg usf. Kt acg cutnoctkachhy jftfat gftwnri KP bhnais by
sgkfigl ZAP, VJP, CRP, cgj JDAP pcaifts, hnl trcfia kg \krfsdcri/ZAPJuop
anopctkbhf enroct, cgj fvfg phnt jftfatfj gftwnris cgj fstkoctfj rcglfs ng
http://www.netstumbler.com/http://media-2.cacetech.com/video/wireshark/introduction-to-wireshark/http://www.tcpdump.org/http://insecure.org/nmap/http://www.oxid.it/cain.htmlhttp://www.oxid.it/ca_um/http://www.oxid.it/ca_um/http://www.kismetwireless.net/http://www.netstumbler.com/
-
8/16/2019 Tools and Description
25/84
jnwghncjfj ocps. Cs ynu okldt fxpfat, tdks tnnh ks anoonghy usfj enr wcrjrkvkgl. Nd,
cgj chsn wcrwchikgl, wcrflykgl, cgj wcrsictkgl, …
6= Jsgkee
Zdks pnpuhcr cgj wfhh-fglkgffrfj suktf by Jul Qngl kgahujfs ocgy
tnnhs. jsgkff, ffihfsgcre, ockhsgcre, oslsgcre, urhsgcre, cgj wfbspy pcsskvfhy ongktnr c
gftwnri enr kgtfrfstkgl jctc (pcsswnrjs, f-ockh, ffihfs, fta.). crpspnne, jgsspnne, cgj
ocane ecakhktctf tdf kgtfrafptkng ne gftwnri trcfia gnrochhy ugcvckhcbhf tn cg cttcaifr
(f.l, juf tn hcyfr-2 swktadkgl). ssdokto cgj wfbokto kophfofgt catkvf ongify-kg-tdf-
okjjhf cttcais clckgst rfjkrfatfj ssd cgj dttps sfsskngs by fxphnktkgl wfci bkgjkgls kg
cj-dna PIK. C sfpcrctfhy ockgtckgfj pcrtkch \kgjnws pnrt ks cvckhcbhf dfrf. Nvfrchh, tdks
ks c lrfct tnnhsft. Kt dcgjhfs prftty ouad chh ne ynur pcsswnrj sgkfigl gffjs.
5= ft!tuobhfr
Gftstuobhfr ks tdf bfst ignwg \kgjnws tnnh enr ffigjkgl npfg wkrfhfss caafss pnkgts
(‘wcrjrkvkgl‟). Zdfy chsn jkstrkbutf c \kgAF vfrskng enr PJCs cgj suadgcofjOkgkstuobhfr. Zdf tnnh ks aurrfgthy erff but \kgjnws-nghy cgj gn snuraf anjf ks
prnvkjfj. Kt usfs conrf catkvf cpprncad tn ffigjkgl \CPs tdcg pcsskvf sgkfffrs suad
csIksoft nrIksOCA.
"= #ttfracp
Fttfracp ks c tfrokgch-bcsfj gftwnri sgkfffr/kgtfrafptnr/hnllfr enr ftdfrgft HCGs. Kt
suppnrts catkvf cgj pcsskvf jkssfatkng ne ocgy prntnanhs (fvfg akpdfrfj ngfs, hkif ssd
cgj dttps). Jctc kgmfatkng kg cg fstcbhksdfj anggfatkng cgj ffihtfrkgl ng tdf fly ks chsn
pnsskbhf, iffpkgl tdf anggfatkng sygadrngkzfj. Ocgy sgkfigl onjfs wfrf kophfofgtfj
tn lkvf ynu c pnwfreuh cgj anophftf sgkfigl suktf. Phulkgs crf suppnrtfj. Kt dcs tdf
cbkhkty tn adfai wdftdfr ynu crf kg c swktadfj HCG nr gnt, cgj tn usf NQ ffiglfrprkgts
(catkvf nr pcsskvf) tn hft ynu ignw tdf lfnoftry ne tdf HCG.
http://www.stumbler.net/http://www.monkey.org/~dugsong/dsniff/http://www.stumbler.net/http://www.stumbler.net/http://www.kismetwireless.net/http://www.kismetwireless.net/http://ettercap.sourceforge.net/
-
8/16/2019 Tools and Description
26/84
$= %rfp
glrfp strkvfs tn prnvkjf onst ne LGV lrfp‛s anoong efcturfs, cpphykgl tdfo tn tdf
gftwnri hcyfr. glrfp ks c pacp-cwcrf tnnh tdct wkhh chhnw ynu tn spfakey fxtfgjfj rfluhcr
nr dfxcjfakoch fxprfsskngs tn octad clckgst jctc pcyhncjs ne pcaifts. Kt aurrfgthy
rfanlgkzfs ZAP, VJP cgj KAOP carnss Ftdfrgft, PPP, QHKP, EJJK, Znifg Rkgl cgj guhh
kgtfrecafs, cgj ugjfrstcgjs bpe ffihtfr hnlka kg tdf scof ecsdkng cs onrf anoong pcaift
sgkfigl tnnhs, suad cs tapjuop cgj sgnnp.
&= t'p
Gtnp sdnws gftwnri usclf kg c wcy skokhcr tn wdct tnp jnfs enr prnafssfs. Kg
kgtfrcatkvf onjf, kt jksphcys tdf gftwnri stctus ng tdf usfr‛s tfrokgch. Kg \fb onjf, ktcats cs c \fb sfrvfr, arfctkgl cg DZOH juop ne tdf gftwnri stctus. Kt spnrts c
GftEhnw/sEhnw fokttfr/anhhfatnr, cg DZZP-bcsfj ahkfgt kgtfrecaf enr arfctkgl gtnp-afgtrka
ongktnrkgl cpphkactkngs, cgj RRJ enr pfrskstfgthy stnrkgl trcfia stctkstkas.
3(= #tdfrCpf
FtdfrCpf ks c lrcpdkach gftwnri ongktnr enr Vgkx onjfhfj cetfr ftdfrocg.
Efcturkgl hkgi hcyfr, KP cgj ZAP onjfs, FtdfrCpf jksphcys gftwnri catkvkty lrcpdkachhy
wktd c anhnr anjfj prntnanhs jksphcy. Dnsts cgj hkgis adcglf kg skzf wktd trcfia. Kt
suppnrts Ftdfrgft, EJJK, Znifg Rkgl, KQJG, PPP cgj QHKP jfvkafs. Kt acg ffihtfr trcfia tn
bf sdnwg, cgj acg rfcj trcfia erno c ffihf cs wfhh cs hkvf erno tdf gftwnri.
(.QGN
-
8/16/2019 Tools and Description
27/84
Npfg Qnuraf Kgtruskng Jftfatkng Znnhs= CSukai Nvfrvkfw
;nf
Qa2rfk
bfr
Jcgucry
>9$
78>F
,kg#fj:g !caf"nn# wkttfr 1nnlhf )hus 3fjjkt
4dftdfr ynu gffj tn ongktnr dnsts nr tdf gftwnr#s anggfatkgl tdfo tn kjfgtky tdf
hctfst tdrfcts$ tdfrf crf snof lrfct npfg snuraf kgtruskng jftfatkng :+&% tnnhs cvckhc"hf
tn ynu.
: wngEt "nrf ynu wktd dnw hngl :Evf "ffg jnkgl gftwnr# sfaurkty$ "ut :Evf "ffg jnkgl
pca#ft cgchysks "fnrf cgy n tdfsf tnnhs fvfg fxkstfj. apjuop cgj of$ lnnj "ujjkfs.
:Evf jfphnyfj cgj ocgclfj vkrtuchhy fvfry anoofrakch cgj npfg snuraf :+& tnnh nut
tdfrf. :g cat oy crjnr nr pca#fts hcgjfj of c @n" cgchyzkgl gftwnr# trca nr !nrtugf
L8 anopcgkfs wdkhf wnr#kgl ct c oc@nr (&&) :Eo surf fvfryngf dcs dfcrj n. 0gnuld
c"nut of$ hftEs lft tn kt.
'ftwnr# :+& - dfsf tnnhs npfrctf "y kgspfatkgl trca tdct naaurs "ftwffg dnsts.
https://www.alienvault.com/blogs/author/jschreiberhttps://www.alienvault.com/blogs/author/jschreiberhttps://www.alienvault.com/blogs/author/jschreiberhttps://www.linkedin.com/shareArticle?mini=true&url=https://www.alienvault.com/blogs/security-essentials/open-source-intrusion-detection-tools-a-quick-overview?utm_medium=Social&utm_source=LinkedIn&utm_campaign=ShareThis&title=Open%20Source%20Intrusion%20Detection%20Tools:%20A%20Quick%20Overview&summary=&source=AlienVaulthttps://www.facebook.com/sharer/sharer.php?u=https://www.alienvault.com/blogs/security-essentials/open-source-intrusion-detection-tools-a-quick-overview?utm_medium=Social&utm_source=Facebook&utm_campaign=ShareThishttps://twitter.com/intent/tweet?text=Open%20Source%20Intrusion%20Detection%20Tools:%20A%20Quick%20Overview&via=AlienVault&url=https://www.alienvault.com/blogs/security-essentials/open-source-intrusion-detection-tools-a-quick-overview?utm_medium=Social&utm_source=Twitter&utm_campaign=ShareThishttps://plus.google.com/share?url=https://www.alienvault.com/blogs/security-essentials/open-source-intrusion-detection-tools-a-quick-overview?utm_medium=Social&utm_source=GooglePlus&utm_campaign=ShareThishttp://reddit.com/submit?url=https://www.alienvault.com/blogs/security-essentials/open-source-intrusion-detection-tools-a-quick-overview?utm_medium=Social&utm_source=Reddit&utm_campaign=ShareThis&title=Open%20Source%20Intrusion%20Detection%20Tools:%20A%20Quick%20Overviewhttps://www.alienvault.com/blogs/author/jschreiberhttps://www.alienvault.com/blogs/author/jschreiberhttps://www.alienvault.com/blogs/author/jschreiberhttps://www.linkedin.com/shareArticle?mini=true&url=https://www.alienvault.com/blogs/security-essentials/open-source-intrusion-detection-tools-a-quick-overview?utm_medium=Social&utm_source=LinkedIn&utm_campaign=ShareThis&title=Open%20Source%20Intrusion%20Detection%20Tools:%20A%20Quick%20Overview&summary=&source=AlienVaulthttps://www.facebook.com/sharer/sharer.php?u=https://www.alienvault.com/blogs/security-essentials/open-source-intrusion-detection-tools-a-quick-overview?utm_medium=Social&utm_source=Facebook&utm_campaign=ShareThishttps://twitter.com/intent/tweet?text=Open%20Source%20Intrusion%20Detection%20Tools:%20A%20Quick%20Overview&via=AlienVault&url=https://www.alienvault.com/blogs/security-essentials/open-source-intrusion-detection-tools-a-quick-overview?utm_medium=Social&utm_source=Twitter&utm_campaign=ShareThishttps://plus.google.com/share?url=https://www.alienvault.com/blogs/security-essentials/open-source-intrusion-detection-tools-a-quick-overview?utm_medium=Social&utm_source=GooglePlus&utm_campaign=ShareThishttp://reddit.com/submit?url=https://www.alienvault.com/blogs/security-essentials/open-source-intrusion-detection-tools-a-quick-overview?utm_medium=Social&utm_source=Reddit&utm_campaign=ShareThis&title=Open%20Source%20Intrusion%20Detection%20Tools:%20A%20Quick%20Overview
-
8/16/2019 Tools and Description
28/84
: ynu crfgEt chrfcjy ruggkgl gftwnr# :+&$ ynu sdnuhj "f. dfrf crf twn typfs n
'ftwnr# :+&=Qk*gct"rf jftfatkng cgj Cgnchy +ftfatkng.
:g c sklgcturf-"csfj :+&$ tdfrf crf ruhfs nr pcttfrgs n #gnwg ochkaknus trca tdct kt ks
hnn#kgl nr. gaf c octad tn c sklgcturf ks nugj kt lfgfrctfs cg chfrt. dfsf chfrts acg
turg up kssufs suad cs ochwcrf$ sacggkgl catkvkty$ cttca#s clckgst sfrvfrs cgj ouad
onrf.
4ktd cgnochy-"csfj :+&$ tdf pcyhncj n tdf trca ks cr hfss kopnrtcgt tdcg tdf catkvkty
tdct lfgfrctfj kt. Cg cgnochy-"csfj :+& tnnh rfhkfs ng "csfhkgfs rctdfr tdcg sklgcturfs.
:t wkhh hnn# nr ugusuch catkvkty tdct jfvkctfs rno stctkstkach cvfrclfs n prfvknus
catkvktkfs nr catkvkty tdct dcs "ffg prfvknushy ugsffg. )frdcps c sfrvfr ks sfgjkgl nut
onrf ) catkvkty tdcg usuch nr c gfw dnst dcs "ffg sffg kgskjf ynur +(B.
Dntd crf typkachhy jfphnyfj kg tdf scof ocggfr$ tdnuld ngf anuhj oc#f tdf acsf ynu
anuhj fcskhy cgj pfnphf dcvf% arfctf cg cgnochy-"csfj :+& ng fxtfrgchhy-anhhfatfj
gftenw jctc nr skokhcr trca kgnroctkng.
,nn#kgl nr cttca#s ksgEt tdf nghy usf acsf nr :+&$ ynu acg chsn usf kt tn gj vknhctkngs
n gftwnr# pnhkay. :+& wkhh tfhh ynu cg fophnyff wcs uskgl 1tch#$ uphncjkgl tn Dnx$ nr
spfgjkgl chh tdfkr tkof wctadkgl uhu kgstfcj n wnr#kgl.
Qgnrt
Cd$ tdf vfgfrc"hf pklly tdct hnvfs pca#fts. :Eo surf fvfryngf rfofo"frs >KK? cs tdf
yfcr c vfrskng n 4kgjnws acof nut "ut kt wcs chsn tdf yfcr tdct (crtkg 3nfsad rst
rfhfcsfj &gnrt. dnuld tdfg kt rfchhy wcsgEt c truf :+&$ kts jfstkgy dcj "ffg wrkttfg.
&kgaf tdfg kt dcs "fanof tdf jf-catn stcgjcrj nr :+& cgj fvfgtuchhy :)& tdcg#s tn
anoougkty f;nrtM%. :tEs kopnrtcgt tn gntf tdct &gnrt dcs gn rfch 1I: nr fcsy tn usf
cjokgkstrctkvf angsnhf. ,nts n ntdfr npfg snuraf tnnhs dcvf "ffg arfctfj tn dfhp nut$
gntc"hy &gnr"y cgj ntdfrs hk#f Dcsf cgj &*ukh.
https://snorby.org/http://sourceforge.net/projects/secureideas/http://sguil.sourceforge.net/http://sguil.sourceforge.net/https://snorby.org/http://sourceforge.net/projects/secureideas/http://sguil.sourceforge.net/
-
8/16/2019 Tools and Description
29/84
• ,ngl prnjuat hkf wktd gn sklgs n lnkgl cwcy
• 1rfct anoougkty suppnrt
• )hfgty n cjokgkstrctkvf rngt-fgjs
• dnrnuldhy prnvfg cgj tfstfj
Hnu acg gj &gnrt kgskjf ChkfgUcuht$ gnt @ust usfj cs c tnnh "ut uhhy kgtflrctfj rno
sklgcturf upjctfs tn pca#ft octad jksphcy.
Q"rkactc
4dctEs tdf nghy rfcsng nr gnt ruggkgl &gnrtO : ynuErf uskgl &urkactc kgstfcj. dnuld
&urkactcEs cradktfaturf ks jk;frfgt tdcg &gnrt kt "fdcvfs tdf scof wcy cs &gnrt cgj acg
usf tdf scof sklgcturfs. 4dctEs lrfct c"nut &urkactc ks wdct fhsf ktEs acpc"hf n nvfr&gnrt. :t jnfs sn ouad onrf tdct kt prn"c"hy jfsfrvfs c jfjkactfj pnst n ktEs nwg. ,ftEs
rug jnwg c fw n tdfo=
• (uhtk-drfcjfj - &gnrt rugs wktd c skglhf tdrfcj ofcgkgl kt acg nghy usf ngf
2)Ianrf% ct c tkof. &urkactc acg rug ocgy tdrfcjs sn kt acg tc#f cjvcgtclf n chh tdf
apu/anrfs ynu dcvf cvckhc"hf. dfrf dcs "ffg ouad angtfgtkng ng wdftdfr tdks ks
cjvcgtclfnus$ &gnrt scys 'n cgj c fw "fgadocr#s scy Hfs.
• Dukht kg crjwcrf Caafhfrctkng - +kj ynu #gnw ynu acg usf lrcpdka acrjs tn
kgspfat gftwnr# trcaO
• !khf 0xtrcatkng - &nofngf jnwghncjkgl ochwcrfO Hnu acg acpturf kt rkldt rno
&urkactc cgj stujy kt.
• ,ucJ: - :tEs c hnt n hfttfrs yfs$ "ut ktEs chsn c sarkptkgl fglkgf tdct acg "f usfj
wktd kgnroctkng rno tdf pca#fts kgspfatfj "y &urkactc. dks oc#fs anophfx octadkgl
fvfg fcskfr cgj ynu acg fvfg lckg fakfgay "y ano"kgkgl ouhtkphf ruhfs kgtn ngf
sarkpt.
http://people.clarkson.edu/~jmatthew/publications/SPIE_SnortSuricata_2013.pdfhttp://forums.alienvault.com/discussion/1112/suricata-file-engine-detect-pdf-and-exe-downloadshttp://forums.alienvault.com/discussion/1112/suricata-file-engine-detect-pdf-and-exe-downloadshttps://github.com/EmergingThreats/et-luajit-scriptshttps://github.com/EmergingThreats/et-luajit-scriptshttp://people.clarkson.edu/~jmatthew/publications/SPIE_SnortSuricata_2013.pdfhttp://forums.alienvault.com/discussion/1112/suricata-file-engine-detect-pdf-and-exe-downloadshttp://forums.alienvault.com/discussion/1112/suricata-file-engine-detect-pdf-and-exe-downloadshttps://github.com/EmergingThreats/et-luajit-scriptshttps://github.com/EmergingThreats/et-luajit-scripts
-
8/16/2019 Tools and Description
30/84
• ,nllkgl onrf tdcg pca#fts - &urkactc acg lrc" cgj hnl tdkgls hk#f ,&/&&, afrts$
) rf*ufsts$+'& rf*ufsts
• &n ouad onrf...
4ktd sn ocgy fcturfs cgj acpc"khktkfs ktEs gn wngjfr ktEs tdf jfcuht gftwnr# :+& kgskjf
I&( gnw.
rn
Drn$ nr snoftkofs rffrrfj tn cs Drn-:+& ks c "kt jk;frfgt tdcg &gnrt cgj &urkactc. :g c
wcy Drn ks "ntd c sklgcturf cgj cgnochy-"csfj :+&. :ts cgchysks fglkgf wkhh angvfrt
trca acpturfj kgtn c sfrkfs n fvfgts. Cg fvfgt anuhj "f c usfr hnlng tn !)$ c
anggfatkng tn c wf"sktf nr prcatkachhy cgyt2kg*. df pnwfr n tdf systfo ks wdct
anofs ctfr tdf fvfgt fglkgf cgj tdctEs tdf )nhkay &arkpt :gtfrprftfr. dks pnhkay fglkgf
dcs ktEs nwg hcgluclf Drn-&arkpt % cgj kt acg jn snof vfry pnwfruh cgj vfrsctkhf
tcs#s.
: ynuErf cg cgchyst cgj ynuEvf wngjfrfj Gnw acg : cutnoctf snof n oy wnr#OG tdfg
tdks ks tdf tnnh ynuEvf "ffg hnn#kgl nr. 4cgt tn jnwghncj hfs sffg ng tdf wkrf$ su"okt
tdfo nr ochwcrf cgchysks$gntky ynu k c prn"hfo ks nugj tdfg "hca#hkst tdf snuraf cgj
sdutjnwg tdf usfrEs anoputfr wdn jnwghncjfj ktO 4cgt tn trca# tdf usclf pcttfrgs n
c usfr ctfr tdfyEvf angtcatfj cg :) rno c rfputctkng jctc"csfO
: ynuErf gnt cg cgchyst tdcg tdks tnnh wkhh dcvf c adchhfglkgl hfcrgkgl aurvf. &kgaf kt wcs
jfvfhnpfj cs c rfsfcrad tnnh kt jkjgEt kgktkchhy naus ng tdkgls hk#f 1I:s$ usc"khkty$ cgj
fcsf n kgstchhctkng. 4dkhf kt jnfs ocgy annh tdkgls nut n tdf "nx ocgy n tdnsf tdkgls
crfgEt koofjkctfhy catkngc"hf cgj ocy "f jkauht tn kgtfrprft.
&uoocry=
• 2nophkactfj tn sft up
https://home.regit.org/2012/08/tls-fingerprint-store/https://www.alienvault.com/blogs/labs-research/identifying-suspicious-domains-using-dns-recordshttp://liamrandall.com/bro-ids-2-1-file-extraction-how-to/http://liamrandall.com/bro-ids-2-1-file-extraction-how-to/https://github.com/LiamRandall/BroMalware-Exercisehttps://github.com/LiamRandall/BroMalware-Exercisehttp://www.bro.org/sphinx/scripts/base/bif/reporter.bif.htmlhttps://www.bro.org/sphinx-git/_downloads/shunt.brohttp://www.bro.org/community/time-machine.htmlhttp://www.icir.org/vern/papers/bro-CN99.htmlhttps://home.regit.org/2012/08/tls-fingerprint-store/https://www.alienvault.com/blogs/labs-research/identifying-suspicious-domains-using-dns-recordshttp://liamrandall.com/bro-ids-2-1-file-extraction-how-to/https://github.com/LiamRandall/BroMalware-Exercisehttp://www.bro.org/sphinx/scripts/base/bif/reporter.bif.htmlhttps://www.bro.org/sphinx-git/_downloads/shunt.brohttp://www.bro.org/community/time-machine.htmlhttp://www.icir.org/vern/papers/bro-CN99.html
-
8/16/2019 Tools and Description
31/84
• 2cg jftfat pcttfrgs n catkvkty ntdfr :+& systfos acg gnt
• Ufry fxtfgsk"hf cradktfaturf
• &tcrtkgl tn lckg c hcrlfr anoougkty nhhnwkgl
9ksft
Just cs &gnrt "facof tdf stcgjcrj nr gftwnr# kgtruskng$ Nksoft ks tdf "csfhkgf nr
wkrfhfss :+&. 4krfhfss :+& jfchs hfss wktd tdf pca#ft pcyhncj "ut onrf wktd strcglf
tdkgls dcppfgkgl kgskjf tdf wkrfhfss prntnanhsonsthy ?87.>>% cgj ugatkngs. 4:+& wkhh
gj ugcutdnrkzfj Caafss )nkgts
-
8/16/2019 Tools and Description
32/84
NQQ-A
:g tdf rfcho n uhh fcturfj pfg &nuraf :+& tnnhs$ tdfrf ks &&02 cgj gnt ouad fhsf.
1n cdfcj cgj lnnlhf cwcy$ :Ehh wckt. df lrfct gfws ks &&02 ks vfry lnnj ct wdct kt
jnfs cgj kt ks rctdfr fxtfgsk"hf. &&02 wkhh rug ng chonst cgy oc@nr npfrctkgl systfo
cgj usfs c 2hkfgt/&frvfr "csfj cradktfaturf wdkad ks vfry kopnrtcgt kg c :+& systfo.
&kgaf c :+& anuhj "f pntfgtkchhy anoprnoksfj ct tdf scof tkof tdf & ks$ ktEs vfry
kopnrtcgt tdct sfaurkty cgj nrfgska kgnroctkng hfcvf tdf dnst cgj "f stnrfj fhsfwdfrf
cs snng cs pnssk"hf tn cvnkj cgy #kgj n tcopfrkgl nr n"usactkng tdct wnuhj prfvfgt
jftfatkng.
&&02Es cradktfaturf jfsklg kganrpnrctfs tdks strctfly "y jfhkvfrkgl chfrts cgj hnls tn c
afgtrchkzfj sfrvfr wdfrf cgchysks cgj gntkactkng acg naaur fvfg k tdf dnst systfo ks
tc#fg nPkgf nr anoprnoksfj. Cgntdfr cjvcgtclf n tdks cradktfaturf ks tdf c"khkty
tn afgtrchhy cgc*f clfgts rno c skglhf sfrvfr. &kgaf jfphnyofgts acg rcglf rnongf tn tdnuscgjs n kgstchhctkngs$ tdf c"khkty tn oc#f adcglfs fg ocssf vkc c afgtrch
sfrvfr ks arktkach nr cg cjokgkstrctnrEs scgkty.
4dfg jksausskgl &&02 cgj ntdfr :+& tdfrf ks ntfg trfpkjctkng kg kgstchhkgl cg clfgt
nr sntwcrf ng tn arktkach sfrvfrs. :t sdnuhj "f gntfj tdct tdf kgstchhctkng n &&02 ks
fxtrfofhy hkldt$ tdf kgstchhfr ks "gjfr 3$$ cgj tdct tdf oc@nrkty n cgchysks catuchhy
naaurs ng tdf sfrvfr wdkad ofcgs vfry hktthf apu ks angsuofj "y &&02 ng tdf dnst.
&&02 chsn dcs tdf c"khkty tn sfgj & hnls tn tdf sfrvfr nr cgchysks cgj stnrclf$ wdkad
ks pcrtkauhcrhy dfhpuh ng 4kgjnws ocadkgfs tdct dcvf gn gctkvf cgj arnss-phctnro
hnllkgl ofadcgksos.
&uoocry=
• Clfgts nr chonst fvfry &
• 2nopkhfj Clfgt nr 4kgjnws
-
8/16/2019 Tools and Description
33/84
• ,nts n ugatkngchkty tdcg @ust !:(
• 3klkj "ut skophf kgstchhctkng prnafss
I&( fcturfs c anophftf kgtflrctkng n &&02. 4dftdfr ynu gffj tn kgstchh clfgts ng
sfrvfrs$ onjky pnhkakfs$ nr fvfg kgstklctf &&02Es catkvf rfspngsf fcturfs kt acg chh "fjngf wktdkg I&(. ,nls rno &&02 ahkfgts crf chsn prf-kgtflrctfj kgtn I&(Es &:0( cgj
2nrrfhctkng fglkgfs.
Qc2ckg
:g anopcrksng tn &&02$ &codckg ks tdf "fst anopftktkng. Dut ktEs vfry ouad tdf acsf
n scf b"t jk8frfgt wdfg oc#kgl tdf anopcrksng. &codckg dcs tdf scof
ahkfgt/sfrvfr cradktfaturf "ut ktEs gnt "fdnhjfg tn kt hk#f &&02 ks. df clfgt ktsfh dcs c
vcrkfty n nutput oftdnjs$ ngf "fkgl c afgtrch sfrvfr "ut ntdfrs hk#f &yshnl$ 0ockh$ cgj
3+D(& wdkad crf lrfcthy cpprfakctfj.
Cgntdfr kopnrtcgt jk;frfgaf ks wdfrf tdf cgchysks naaurs. Ighk#f &&02 tdf prnafsskgl
naaurs ng tdf ahkfgt ktsfh. 4dkhf tdks jnfs lkvf cg cjvcgtclf kg tfros n prnafsskgl
spffj kt anuhj dcvf pntfgtkch kopcat ng ynur sfrvfrs. nwfvfr$ kt jnfs put tdnsf 2)I
ayahfs tn lnnj usf cs kt dcs c ouad strnglfr fopdcsks ng !:(.
&uoocry=
• crjfr tn kgstchh
• 4kgjnws ahkfgts rf*ukrf 2ylwkg
• 1rfct !:( ugatkngchkty
• (nrf efxk"hf ahkfgt
-
8/16/2019 Tools and Description
34/84
N'fg+!P
pfg+,) ksgEt rfchhy c :+& systfo "ut ktEs ugatkngchkty oc#fs kt wnrtd c ofgtkng dfrf.
dks tnnh dcs ngf lnch cgj tdctEs +,) nr +ctc !nss Prf%fgtkng. :t wkhh sacg jctc wdkhf
ktEs Gct?rfstG hnn#kgl nr pkfafs n jctc hk#f arfjkt acrjs nr &&'s cgj acg "f fxtfgjfj
wktd rfluhcr fxprfsskngs tn gj jctc tdct ks sfgsktkvf tn ynur nrlcgkzctkng. pfg+,) wkhh
hnn# nr tdks jctc ng hf systfos nr fvfg kgskjf jctcbcsfs ng "ntd 4kgjnws cgj
,kgux. :t acg chsn pfrnro tdfsf sacgs vkc cg kgstchhc"hf clfgt nr wktdnut cgy sntwcrfkgstchhctkng.
• 'nt c !:( nr :+& tfadgkachhy$ "ut kgtfrfstkgl
• Ufry 4kgjnws rkfgjhy
• ,nn#s nr +,) nghy
E:$ Nghy
dfrf crf *uktf c fw !:( tnnhs tdct lft actflnrkzfj wktd :+&. &nof crf catkvfhyjfvfhnpfj cgj ntdfrs dcvfgEt "ffg upjctfj kg yfcrs. &kgaf tdfsf tnnhs nghy pfrnro
ngf ugatkng : wngEt fhc"nrctf ouad onrf. C fw n tdfsf crf C:+0$ &
rkpwkrf cgj C!ka#.
Qfa"rkty Ngkng
: ynuErf kgtfrfstfj kg trykgl nut snof nr chh n tdf npfg snuraf :+& tnnhs rno tdks pnst
ynu anuhj scvf snof tkof cgj adfa# nut &faurkty gkng. :tEs c jkstrk"utkng n I"ugtu
wktd fvfrytdkgl prf-kgstchhfj.
Qgnrt ks ngf ne tdf kgjustry's tnp gftwnri
kgtruskng-jftfatkng tnnhs, but tdfrf crf
http://aide.sourceforge.net/http://aide.sourceforge.net/http://sourceforge.net/projects/tripwire/http://sourceforge.net/projects/tripwire/http://afick.sourceforge.net/http://aide.sourceforge.net/http://sourceforge.net/projects/tripwire/http://sourceforge.net/projects/tripwire/http://afick.sourceforge.net/
-
8/16/2019 Tools and Description
35/84
phfgty ne erff chtfrgctkvfs. Octtdfw
Pcsauaak jksaussfs.
Qfaurkty Ngkng
Qfaurkty Ngkng ks cg Vbugtu-bcsfj Hkgux jkstrkbutkng enr gftwnri ongktnrkgl cgj
kgtruskng jftfatkng. Zdf koclf acg bf jkstrkbutfj cs sfgsnrs wktdkg tdf gftwnri tn
ongktnr ouhtkphf UH!s cgj subgfts" cgj wnris wfhh kg U#wcrf cgj $krtuch
fg$krngofgts. Zdks angeklurctkng acg bf usfj cs cg %&Q nghy. %t ksg't aurrfgthy
suppnrtfj tn bf rug cs cg %(Q. )nwf$fr" tdfrf ks tdf nptkng tn rug tdks bntd cs c
gftwnri cgj dnst kgtruskng-jftfatkng jfphnyofgt" cgj tn utkhk*f sfr$kafs suad cs Q+ukh"
,rn %&Q cgj NQQ tn pfrenro tdf %&Q eugatkngs ne tdf sfr$kaf. Zdf wkik cgj
jnauofgtctkng enr tdf sktf cgj snetwcrf ks tfrrkeka" cgj jfefats cgj buls crf rfanrjfj
cgj rf$kfwfj. s lrfct cs Qfaurkty Ngkng ks" dnwf$fr" kt stkhh gffjs onrf csskstcgaf
wktd jf$fhnpofgt" wdkad wkhh onst hkifhy dcppfg kg tkof.
NQQFA
NQQ ks cg npfg snuraf dnst kgtruskng-jftfatkng systfo /)%&Q0 tdct jnfs onrf tdcg
jftfat kgtruskngs. Hkif onst npfg snuraf %&Q neefrkgls" tdfrf crf ouhtkphf cjjktkngch
onjuhfs tdct acg bf usfj wktd tdf anrf eugatkngchkty ne %&Q. %g cjjktkng tn gftwnri
kgtruskng-jftfatkng" tdf NQQ ahkfgt dcs tdf cbkhkty tn pfrenro ekhf kgtflrkty
ongktnrkgl cgj rnntikt jftfatkng wktd rfch-tkof chfrts" chh ne wdkad crf afgtrchhyocgclfj wktd tdf cbkhkty tn arfctf jkeefrfgt pnhkakfs" jfpfgjkgl ng c anopcgy's gffjs.
Zdf NQQ ahkfgt rugs hnachhy ng onst npfrctkgl systfos" kgahujkgl Hkgux $frskngs"
#ca NQ3 cgj 2kgjnws. %t chsn neefrs anoofrakch suppnrt $kc Zrfgj #karn's 1hnbch
Quppnrt Zfco. Zdks ks c $fry octurf neefrkgl.
http://searchsecurity.techtarget.com/video/Security-Onion-tutorial-Analyze-network-traffic-using-Security-Onionhttp://searchsecurity.techtarget.com/tip/Video-OSSEC-screenshots-show-how-to-use-the-free-IDShttp://searchsecurity.techtarget.com/video/Security-Onion-tutorial-Analyze-network-traffic-using-Security-Onionhttp://searchsecurity.techtarget.com/tip/Video-OSSEC-screenshots-show-how-to-use-the-free-IDS
-
8/16/2019 Tools and Description
36/84
PRN+
Angtfgt
Ekgj onrf PRN+ angtfgt cgj ntdfr ofobfr nghy nfffrs,dfrf.
• F-Dcgjbnni
Hfcrg cbnut usfr cutdfgtkactkng oftdnjs, erno pcsswnrjs tn bknoftrkas
• F-]kgf
Kgskjfr Fjktkng= Bfyngj 'gfxt lfg'= Puttkgl c 23st afgtury sfaurkty strctfly kg phcaf
• F-Dcgjbnni
\dct tn Hnni enr kg Qfaurf Qnaifts Hcyfr
Npfg\KPQ-GL
Npfg2%(Q-!1 ks c erff wkrfhfss %&Q:%(Q tdct rfhkfs ng c sfr$fr" sfgsnrs cgj
kgtfrecafs. %t rugs ng anoonjkty dcrjwcrf. rfctfj by tdf cutdnr ne krarcai-!1" tdks
systfo usfs ocgy ne tdf eugatkngs cgj sfr$kafs chrfcjy bukht kgtn krarcai-!1 enr
sacggkgl" jftfatkng cgj kgtruskng prf$fgtkng. Npfg2%(Q-!1 ks onjuhcr cgj chhnws
cg cjokgkstrctnr tn jnwghncj phul-kgs enr cjjktkngch efcturfs. Zdf jnauofgtctkng ksg't
cs jftckhfj cs snof systfos'" but kt chhnws enr anopcgkfs tn pfrenro 2%(Q ng c tkldt
bujlft.
Qurkactc
Nut ne chh tdf %&Q:%(Q systfos tdct crf aurrfgthy c$ckhcbhf" Qurkactc anopftfs onst
jkrfathy wktd Qgnrt. Zdks systfo dcs cg cradktfaturf tdct ks skokhcr tn Qgnrt's" rfhkfs ng
sklgcturfs hkif Qgnrt" cgj acg f$fg usf tdf U6Z Qgnrt ruhfs cgj tdf scof ofrlkgl
http://pro.techtarget.com/ProLP?Offer=PROContentBoxhttp://searchsecurity.techtarget.com/ehandbook/Learn-about-user-authentication-methods-from-passwords-to-biometricshttp://searchsecurity.techtarget.com/ezine/Information-Security-magazine/Insider-Edition-Beyond-next-gen-Putting-a-21st-century-security-strategy-in-placehttp://searchsecurity.techtarget.com/ehandbook/What-to-Look-for-in-Secure-Sockets-Layerhttp://searchenterprisedesktop.techtarget.com/tip/The-what-why-and-how-of-wireless-intrusion-prevention-systemshttp://searchsecurity.techtarget.com/feature/Seven-criteria-for-purchasing-a-wireless-intrusion-prevention-systemhttp://searchsecurity.techtarget.com/feature/Seven-criteria-for-purchasing-a-wireless-intrusion-prevention-systemhttp://searchnetworking.techtarget.com/answer/Intrusion-detection-vs-intrusion-preventionhttp://doc.emergingthreats.net/http://pro.techtarget.com/ProLP?Offer=PROContentBoxhttp://searchsecurity.techtarget.com/ehandbook/Learn-about-user-authentication-methods-from-passwords-to-biometricshttp://searchsecurity.techtarget.com/ezine/Information-Security-magazine/Insider-Edition-Beyond-next-gen-Putting-a-21st-century-security-strategy-in-placehttp://searchsecurity.techtarget.com/ehandbook/What-to-Look-for-in-Secure-Sockets-Layerhttp://searchenterprisedesktop.techtarget.com/tip/The-what-why-and-how-of-wireless-intrusion-prevention-systemshttp://searchsecurity.techtarget.com/feature/Seven-criteria-for-purchasing-a-wireless-intrusion-prevention-systemhttp://searchsecurity.techtarget.com/feature/Seven-criteria-for-purchasing-a-wireless-intrusion-prevention-systemhttp://searchnetworking.techtarget.com/answer/Intrusion-detection-vs-intrusion-preventionhttp://doc.emergingthreats.net/
-
8/16/2019 Tools and Description
37/84
Zdrfct ruhf sft tdct Qgnrt ktsfhe usfs. ,fkgl gfwfr tdcg Qgnrt" Qurkactc dcs wcys tn
actad up tn kg tdks crfc. %e Qgnrt ksg't cg nptkng kg ynur nrlcgk*ctkng" tdks ks tdf ahnsfst
erff tnnh c$ckhcbhf tn rug ng cg fgtfrprksf gftwnri.
Brn KJQ
,rn %&Q ks skokhcr tn Qfaurkty Ngkng kg tdct kt usfs onrf tdcg %&Q ruhfs tn jftfrokgf
wdfrf cttcais crf anokgl erno. ,rn %&Q usfs c anobkgctkng ne tnnhs. t ngf pnkgt kt
usfj Qgnrt-bcsfj sklgcturfs ang$frtfj kgtn ,rn sklgcturfs. Zdks ks gn hnglfr tdf acsf"
cgj kt ks gnw pnsskbhf tn wrktf austno sklgcturfs enr tdf ,rn %&Q. Zdks systfo ks
dkldhy jnauofgtfj cgj dcs bffg crnugj enr n$fr 5< yfcrs.
Qgnrt dcs jfekgktfhy ocjf kts prfsfgaf ignwg by tdf kgehufgaf kt dcs n$fr onst ne tdf
%&Q:%(Q ocrift" kgahujkgl erffwcrf cgj npfg snuraf %&Q:%(Q. Zdf systfos rf$kfwfj
dfrf chh pfrenro %&Q:%(Q c hktthf jkeefrfgthy" but crf suktcbhf" erff chtfrgctk$fs tdct
anopcgkfs ng c bujlft acg utkhk*f tn onrf euhhy prntfat tdfkr gftwnri.
Erno tdf fjktnr= Onrf ng Kgtruskng Jftfatkng Qystfos
:gtruskng jftfatkng cgj prfvfgtkng sfaurkty lukjf
:+& cgj :)& kophfofgtctkng cgj jfphnyofgt "fst prcatkafs
Cbnut tdf cutdnr
Octtdfw Pcsauaak ks c sfgknr kgenroctkng sfaurkty fglkgffr enr c hcrlf rftckh
anopcgy, wdfrf df hfcjs tdf tdrfct cgj vuhgfrcbkhkty ocgclfofgt prnlrco. Df's
wrkttfg enr vcrknus kgenroctkng sfaurkty pubhkactkngs, dcs spnifg enr ocgy kgjustry
anopcgkfs cgj ks dfcvkhy kgvnhvfj wktd dks hnach KgercLcrj adcptfr. nu acg enhhnw
dko ng !wkttfr ct "octtdfwpcsauaak nr adfai nut dks bhnl ct
www.erngthkgfsfgtkgfh.ano.
http://doc.emergingthreats.net/http://searchsecuritychannel.techtarget.com/feature/What-is-the-difference-between-Snort-and-Brohttp://searchsecurity.techtarget.com/tutorial/Intrusion-detection-and-prevention-learning-guidehttp://searchsecurity.techtarget.com/guides/IPS-IDS-best-practices-Implementation-and-deploymenthttp://doc.emergingthreats.net/http://searchsecuritychannel.techtarget.com/feature/What-is-the-difference-between-Snort-and-Brohttp://searchsecurity.techtarget.com/tutorial/Intrusion-detection-and-prevention-learning-guidehttp://searchsecurity.techtarget.com/guides/IPS-IDS-best-practices-Implementation-and-deployment
-
8/16/2019 Tools and Description
38/84
QfaZnnhs.Nrl= Znp 326 Gftwnri Qfaurkty Znnhs
4nr onrf tdcg c jfacjf" tdf !ocp (rn;fat dcs bffg actchnlukgl tdf gftwnri sfaurktyanoougkty's ec$nrktf tnnhs. %g =955 tdks sktf bfacof ouad onrf jygcoka" neefrkglrctkgls" rf$kfws" sfcradkgl" snrtkgl" cgj c gfw tnnh sullfstkng enro. Zdks sktf chhnwsnpfg snuraf cgj anoofrakch tnnhs ng cgy phctenro" fxafpt tdnsf tnnhs tdct wfockgtckg /suad cs tdf !ocp Qfaurkty Qacggfr " !act gftwnri anggfatnr " cgj !pkgl
pcaift ocgkpuhctnr 0.
2f'rf $fry koprfssfj by tdf anhhfatk$f socrts ne tdf sfaurkty anoougkty cgj wfdkldhy rfanoofgj rfcjkgl tdf wdnhf hkst cgj kg$fstklctkgl cgy tnnhs ynu crf
ugecokhkcr wktd. hkai cgy tnnh gcof enr onrf jftckhs ng tdct pcrtkauhcr cpphkactkng"kgahujkgl tdf adcgaf tn rfcj /cgj wrktf0 rf$kfws. #cgy sktf fhfofgts crf fxphckgfj bytnnh tkps ke ynu dn$fr ynur onusf n$fr tdfo. g;ny8
4khtfrkgl by tcl?
• kjs
rfon$f ekhtfrs
Qnrt by? pnpuhcrkty rctkgl rfhfcsf jctf
7 tnnhs
=09 Qgnrt (#6, !
http://nmap.org/http://sectools.org/contrib/http://nmap.org/http://nmap.org/ncat/http://nmap.org/nping/http://nmap.org/nping/http://sectools.org/tag/ids/http://sectools.org/http://sectools.org/?sort=ratinghttp://sectools.org/?sort=releasehttp://sectools.org/tool/snort/#commentshttp://sectools.org/tool/snort/#commentshttp://sectools.org/tool/snort/http://nmap.org/http://sectools.org/contrib/http://nmap.org/http://nmap.org/ncat/http://nmap.org/nping/http://nmap.org/nping/http://sectools.org/tag/ids/http://sectools.org/http://sectools.org/?sort=ratinghttp://sectools.org/?sort=releasehttp://sectools.org/tool/snort/#commentshttp://sectools.org/tool/snort/
-
8/16/2019 Tools and Description
39/84
Zdks gftwnri kgtruskng jftfatkng cgj prf$fgtkng systfo fxafhs ct trceeka cgchysks cgj
pcaift hnllkgl ng %( gftwnris. Zdrnuld prntnanh cgchysks" angtfgt sfcradkgl" cgj$crknus prf-prnafssnrs" Qgnrt jftfats tdnuscgjs ne wnros" $uhgfrcbkhkty fxphnktcttfopts" pnrt sacgs" cgj ntdfr suspkaknus bfdc$knr. Qgnrt usfs c ehfxkbhf ruhf-bcsfjhcgluclf tn jfsarkbf trceeka tdct kt sdnuhj anhhfat nr pcss" cgj c onjuhcr jftfatkngfglkgf. hsn adfai nut tdf erff ,cska gchysks cgj Qfaurkty glkgf /,Q0" c wfbkgtfrecaf enr cgchy*kgl Qgnrt chfrts.
2dkhf Qgnrt ktsfhe ks erff cgj npfg snuraf" pcrfgt anopcgy Qnuraf4krf neefrs tdfkrU6Z-afrtkekfj ruhfs enr >@CC pfr sfgsnr pfr yfcr cgj c anophfofgtcry prnjuat hkgf nesnetwcrf cgj cpphkcgafs wktd onrf fgtfrprksf-hf$fh efcturfs. Qnurafekrf chsn neefrs c
erff B9-jcy jfhcyfj effj. 6fcj = rf$kfws.
Hctfst rfhfcsf= $frskng =.C.A.< ng Juhy =B" =95< /59 ongtds" 5 wffi cln0.
•
n
n
•
n
n
n
n
http://secureideas.sourceforge.net/http://www.sourcefire.com/http://sectools.org/tool/snort/#commentshttp://secureideas.sourceforge.net/http://www.sourcefire.com/http://sectools.org/tool/snort/#comments
-
8/16/2019 Tools and Description
40/84
n
n
•
n kjs
=09 NQQ" $KJQ (#%, &!
NQQ )%&Q pfrenros hnl cgchysks" kgtflrkty adfaikgl" rnntikt jftfatkng" tkof-bcsfjchfrtkgl cgj catk$f rfspngsf. %g cjjktkng tn kts %&Q eugatkngchkty" kt ks anoonghy usfj
cs c Q#:Q%# snhutkng. ,facusf ne kts pnwfreuh hnl cgchysks fglkgf" %Q(s"ugk$frsktkfs cgj jctc afgtfrs crf ruggkgl NQQ )%&Q tn ongktnr cgj cgchy*f tdfkrekrfwchhs" %&Qs" wfb sfr$frs cgj cutdfgtkactkng hnls. 6fcj = rf$kfws.
Hctfst rfhfcsf= $frskng =.F.= ng Jugf 59" =95< /55 ongtds" = wffis cln0.
•
n
n
•
n
n
n
http://sectools.org/tag/ids/http://sectools.org/tool/ossec/#commentshttp://sectools.org/tool/ossec/#commentshttp://sectools.org/tool/ossec/http://sectools.org/tool/ossec/#commentshttp://sectools.org/tag/ids/http://sectools.org/tool/ossec/#commentshttp://sectools.org/tool/ossec/http://sectools.org/tool/ossec/#comments
-
8/16/2019 Tools and Description
41/84
n
n
n
•
n kjs
=,9 'NQQK (#)*, gfw! !
hkfg$cuht NQQ%# stcgjs enr Npfg Qnuraf Qfaurkty %genroctkng #cgclfofgt. %tslnch ks tn prn$kjf c anoprfdfgsk$f anopkhctkng ne tnnhs wdkad" wdfg wnrikgltnlftdfr" lrcgt gftwnri:sfaurkty cjokgkstrctnrs wktd c jftckhfj $kfw n$fr fcad cgjf$fry cspfat ne gftwnris" dnsts" pdyskach caafss jf$kafs" cgj sfr$frs. NQQ%#kganrpnrctfs sf$frch ntdfr tnnhs" kgahujkgl !clkns cgj NQQ )%&Q. 6fcj = rf$kfws.
Hctfst rfhfcsf= $frskng
-
8/16/2019 Tools and Description
42/84
n
n
n
n
•
n kjs
=09 Q+ukh (#*, -!
Qlukh /prngnugafj slwffh0 ks bukht by gftwnri sfaurkty cgchysts enr gftwnri sfaurktycgchysts. Qlukh's ockg anopngfgt ks cg kgtuktk$f 1V% tdct prn$kjfs caafss tn rfchtkoff$fgts" sfsskng jctc" cgj rcw pcaift acpturfs. Qlukh ecakhktctfs tdf prcatkaf ne !ftwnri Qfaurkty #ngktnrkgl cgj f$fgt jrk$fg cgchysks. 6fcj 5 rf$kfw.
Hctfst rfhfcsf= $frskng 9.C.9 ng #crad =F" =95@ /= yfcrs" 5 ongtd cln0.
•
n
n
•
http://sectools.org/tag/ids/http://sectools.org/tool/sguil/#commentshttp://sectools.org/tool/sguil/#commentshttp://sectools.org/tool/sguil/http://sectools.org/tool/sguil/#commentshttp://sectools.org/tag/ids/http://sectools.org/tool/sguil/#commentshttp://sectools.org/tool/sguil/http://sectools.org/tool/sguil/#comments
-
8/16/2019 Tools and Description
43/84
n
n
n
n
n
n
•
n kjs
=09 CraQk+.t QK" ph/t0nro (#--6, gfw! !
raQkldt prn$kjfs c suktf ne tnnhs enr Q%#Esfaurkty kgenroctkng cgj f$fgtocgclfofgt. Zdf bfst-ignwg sffos tn bf raQkldt gtfrprksf Qfaurkty #cgclfr/Q#0" jfsarkbfj cs tdf LbrckgL ne tdf Q%# phctenro. %t ks c hnl cgchy*fr cgjanrrfhctkng fglkgf jfsklgfj tn sket nut kopnrtcgt gftwnri f$fgts. Zdf Q# ktsfhe ks cstcgjchngf cpphkcgaf" cgj tdf ocgclfofgt prnlrcos rug ng Hkgux" 2kgjnws" %3"cgj Qnhcrks. 4nr npfg-snuraf chtfrgctk$fs sff NQQ )%&Q cgj NQQ%#. 6fcj 5rf$kfw.
•
n
n
http://sectools.org/tag/ids/http://sectools.org/tool/arcsight/#commentshttp://sectools.org/tool/arcsight/#commentshttp://sectools.org/tool/arcsight/http://sectools.org/tag/new/http://www.arcsight.com/products/products-esm/http://www.arcsight.com/products/products-esm/http://sectools.org/tool/ossec/http://sectools.org/tool/ossim/http://sectools.org/tool/arcsight/#commentshttp://sectools.org/tool/arcsight/#commentshttp://sectools.org/tag/ids/http://sectools.org/tool/arcsight/#commentshttp://sectools.org/tool/arcsight/http://sectools.org/tag/new/http://www.arcsight.com/products/products-esm/http://www.arcsight.com/products/products-esm/http://sectools.org/tool/ossec/http://sectools.org/tool/ossim/http://sectools.org/tool/arcsight/#commentshttp://sectools.org/tool/arcsight/#comments
-
8/16/2019 Tools and Description
44/84
•
n
n
n
n
n
•
n kjs
=09 $ngfy3 (#-), ))!
)ngfyj ks c sochh jcfong tdct arfctfs $krtuch dnsts ng c gftwnri. Zdf dnsts acg bfangeklurfj tn rug crbktrcry sfr$kafs" cgj tdfkr Z( pfrsngchkty acg bf cjcptfj sn tdcttdfy cppfcr tn bf ruggkgl afrtckg $frskngs ne npfrctkgl systfos. )ngfyj fgcbhfs cskglhf dnst tn ahcko ouhtkphf cjjrfssfs ng c H! enr gftwnri skouhctkng. %t ks
pnsskbhf tn pkgl tdf $krtuch ocadkgfs" nr tn trcafrnutf tdfo. gy typf ne sfr$kaf ng tdf$krtuch ocadkgf acg bf skouhctfj caanrjkgl tn c skophf angeklurctkng ekhf. %t ks chsn pnsskbhf tn prnxy sfr$kafs tn cgntdfr ocadkgf rctdfr tdcg skouhctkgl tdfo. %t dcsocgy hkbrcry jfpfgjfgakfs" wdkad acg ocif anopkhkgl:kgstchhkgl )ngfyjjkeekauht. 6fcj = rf$kfws.
Hctfst rfhfcsf= $frskng 5.
-
8/16/2019 Tools and Description
45/84
:GEN
-
8/16/2019 Tools and Description
46/84
Zdfrf crf hnt ocgy tnnhs tdct ynu !uys acg usf enr kgenroctkng !ctdfrkg!.
Znp Kgenroctkng Lctdfrkgl Znnhs=
Gocp
dttp=//gocp.nrl/
P0e
dttp=//hacotue.anrfjuop.ax/p0e.sdtoh
OkglQwffpfr
dttp=//www.dnnbkf.gft/okglswffpfr/
ZDA Cocp
dttp=//erffwnrhj.tda.nrl/tda-cocp/
Cglry KP Qacggfr
dttp=//www.cglryzkbfr.ano/w/Jnwghncj
Vgkanrgsacg
dttp=//snurafenrlf.gft/prnmfats/nscaf
Qcospcjf
dttp=//scospcjf.nrl/
-
8/16/2019 Tools and Description
47/84
Qtrnbf
dttp=//pcaiftstnrosfaurkty.nrl/VGKT/sacggfrs/
Gftactdttp=//gftact.snurafenrlf.gft/
Qupfrsacg
dttp=//www.enugjstngf.ano/us/rfsnurafs/prnjjfsa/supfrsacg.dto
QSH Qacg
dttp=//www.enugjstngf.ano/us/rfsnurafs/prnjjfsa/sqhsacg.dto
kpFyf
dttp=//www.gtsfaurkty.gu/tnnhbnx/kpfyf/
Guif Gcbbfr
dttp=//pcaiftstnrosfaurkty.nrl/OQJNQ/cujkt/gg2;b.fxf
Qgnrt
dttp=//www.sgnrt.nrl
Zrnut
dttp=//www.enugjstngf.ano/us/rfsnurafs/prnjjfsa/trnut.dto
Dpkgl2
dttp=//www.dpkgl.nrl/
TPrnbf2
-
8/16/2019 Tools and Description
48/84
dttp=//www.sys-sfaurkty.ano/kgjfx.pdp>pclf?xprnbf
FtdfrPffi (gnw ignwg NogkPffi)
dttp=//www.wkhjpcaifts.ano/
Zdks ks gnt tdf anophftf hkst cgj ynu crf wfhanof tn angtrkbutf tn tdks hkst. Cgy gfw
kgenroctkng lctdfrkgl tnnhs crf wfhanof, phfcsf hfcvf ct anoofgt.
Rfcj onrf=Znp Kgenroctkng Lctdfrkgl Znnhs Enr Dcaifrs ¹ Dcaikgl Lffis
GFZ\NRI QACGGKGL ZNNHQ=
of nghy hnni ct spfakffia vuhgfrcbkhktkfs, but tdfrf crf chsn tdnsf
tdct nfffr brncj KZ sfaurkty sacggkgl. (\ctad tdfshkjfsdnw
vfrskng ne tdks stnry.)
3. NpfgUCQ
ZdfNpfg Uuhgfrcbkhkty Cssfssofgt Qystfo (NpfgUCQ) ks c erff
gftwnri sfaurkty sacggfr phctenro, wktd onst anopngfgtshkafgsfj ugjfr tdf LGV Lfgfrch Pubhka Hkafgsf (LGV LPH). Zdf
ockg anopngfgt ks cvckhcbhf vkc sfvfrch Hkgux pcaiclfs nr cs c
jnwghncjcbhf Ukrtuch Cpphkcgaf enr tfstkgl/fvchuctkng purpnsfs.
Zdnuld tdf sacggfr ktsfhe jnfsg‛t wnri ng \kgjnws ocadkgfs,
tdfy nfffr ahkfgts enr \kgjnws.
http://www.internetgeeks.org/tech/hacking/top-information-gathering-tools-hackers/#ixzz49iZzDSKXhttp://www.networkworld.com/slideshow/150599/6-free-network-vulnerability-scanners.htmlhttp://www.networkworld.com/slideshow/150599/6-free-network-vulnerability-scanners.htmlhttp://www.openvas.org/http://www.internetgeeks.org/tech/hacking/top-information-gathering-tools-hackers/#ixzz49iZzDSKXhttp://www.networkworld.com/slideshow/150599/6-free-network-vulnerability-scanners.htmlhttp://www.networkworld.com/slideshow/150599/6-free-network-vulnerability-scanners.htmlhttp://www.openvas.org/
-
8/16/2019 Tools and Description
49/84
Zdf ockg anopngfgt ne tdf NpfgUCQ ks tdf sfaurkty sacggfr,
wdkad nghy acg rug kg Hkgux. Kt jnfs tdf catuch wnri ne sacggkgl
cgj rfafkvfs c effj upjctfj jckhy ne Gftwnri Uuhgfrcbkhkty Zfsts
(GUZ), onrf tdcg 11,000 kg tntch.
Zdf NpfgUCQ Ocgclfr angtrnhs tdf sacggfr cgj prnvkjfs tdf
kgtfhhklfgaf. Zdf NpfgUCQ Cjokgkstrctnr prnvkjfs c anoocgj-
hkgf kgtfrecaf cgj acg cat cs euhh sfrvkaf jcfong, prnvkjkgl usfr
ocgclfofgt cgj effj ocgclfofgt.
Zdfrf crf c anuphf ahkfgts tn sfrvf cs tdf LVK nr AHK. Zdf
Lrffgbngf Qfaurkty Csskstcgt (LQC) nfffrs c wfb-bcsfj LVK.
Zdf Lrffgbngf Qfaurkty Jfsitnp (LQJ) ks c St-bcsfj jfsitnp
ahkfgt tdct rugs ng vcrknus NQs, kgahujkgl Hkgux cgj \kgjnws.
Cgj tdf NpfgUCQ AHK nfffrs c anoocgj-hkgf kgtfrecaf.
NpfgUCQ ksg‛t tdf fcskfst cgj qukaifst sacggfr tn kgstchh cgj
usf, but kt‛s ngf ne tdf onst efcturf-rkad, brncj KZ sfaurkty
sacggfrs tdct ynu acg ffigj enr erff. Kt sacgs enr tdnuscgjs ne
vuhgfrcbkhktkfs, suppnrts angaurrfgt sacg tcsis, cgj sadfjuhfj
sacgs. Kt chsn nfffrs gntf cgj echsf pnsktkvf ocgclfofgt ne tdf
sacg rfsuhts. Dnwfvfr, kt jnfs rfqukrf Hkgux ct hfcst enr tdf ockg
anopngfgt.
2. Rftkgc AQ Anoougkty
Rftkgc AQ Anoougkty prnvkjfs vuhgfrcbkhkty sacggkgl cgj
pctadkgl enr Okarnsnet cgj anoong tdkrj-pcrty cpphkactkngs, suad
cs Cjnbf cgj Ekrfenx, enr up tn 265 KPs erff. Phus kt suppnrts
vuhgfrcbkhktkfs wktdkg onbkhf jfvkafs, wfb cpphkactkngs, vkrtuchkzfj
cpphkactkngs, sfrvfrs, cgj prkvctf ahnujs. Kt hnnis enr gftwnri
vuhgfrcbkhktkfs, angffilurctkng kssufs, cgj oksskgl pctadfs.
http://go.beyondtrust.com/cscommunityhttp://go.beyondtrust.com/cscommunity
-
8/16/2019 Tools and Description
50/84
Zdf Rftkgc AQ Anoougkty snetwcrf fssfgtkchhy prnvkjfs must tdf
pctadkgl eugatkngchkty.Rftkgc Gftwnri Anoougkty ks tdf snetwcrf
tdct prnvkjfs tdf vuhgfrcbkhkty sacggkgl, wdkad oust bf
sfpcrctfhy kgstchhfj bfenrf tdf Rftkgc AQ Anoougkty snetwcrf.
RFQNVRAFQ
UKJFN/\FBACQZ
Hkvf \fbacst
-
8/16/2019 Tools and Description
51/84
Zn sacg ynu acg adnnsf erno c vcrkfty ne sacg cgj rfpnrt
tfophctfs cgj spfakey KP rcglf tn sacg nr usf tdf socrt sfhfatkng
eugatkng. [nu acg prnvkjf cgy gfafsscry arfjfgtkchs enr sacggfj
cssfts tdct rfqukrf tdfo cgj adnnsf dnw ynu wcgt tdf rfpnrt
jfhkvfrfj, kgahujkgl fockh jfhkvfry nr chfrts.
Rftkgc AQ Anoougkty ks c lrfct erff nfffrkgl by c anoofrakch
vfgjnr, prnvkjkgl sacggkgl cgj pctadkgl enr up tn 265 KPs erff
cgj suppnrtkgl c vcrkfty ne cssfts. Dnwfvfr, snof sochh
buskgfssfs ocy ffigj tdf systfo rfqukrfofgts tnn strkglfgt, cs kt
rfqukrfs c \kgjnws Qfrvfr.
1. Okarnsnet Bcsfhkgf Qfaurkty Cgchyzfr (OBQC)
Okarnsnet Bcsfhkgf Qfaurkty Cgchyzfr (OBQC) acg pfrenro hnach
nr rfontf sacgs ng \kgjnws jfsitnps cgj sfrvfrs, kjfgtkeykgl
cgy oksskgl sfrvkaf pcais, sfaurkty pctadfs, cgj anoong
sfaurkty oksangffilurctkngs. Zdf 2.1 rfhfcsf cjjs suppnrt enr
\kgjnws 4.3, \kgjnws 4, \kgjnws Qfrvfr 2032 R2, cgj
\kgjnws Qfrvfr 2032, wdkhf chsn suppnrtkgl prfvknus vfrskngs
jnwg tn \kgjnws TP.
OBQC ks rfhctkvfhy strckldtenrwcrj tn ugjfrstcgj cgj usf. \dfg
ynu npfg kt ynu acg sfhfat c skglhf \kgjnws ocadkgf tn sacg by
adnnskgl c anoputfr gcof erno tdf hkst nr spfakeykgl cg KP
cjjrfss nr wdfg sacggkgl ouhtkphf ocadkgfs ynu acg adnnsf cg
fgtkrf jnockg nr spfakey cg KP cjjrfss rcglf. [nu acg tdfg
adnnsf wdct ynu wcgt tn sacg enr, kgahujkgl \kgjnws, KKQ cgj
QSH cjokgkstrctkvf vuhgfrcbkhktkfs, wfci pcsswnrjs, cgj\kgjnws upjctfs.
ZNP GF\Q
http://www.microsoft.com/en-us/download/details.aspx?id=7558http://www.microsoft.com/en-us/download/details.aspx?id=7558
-
8/16/2019 Tools and Description
52/84
•
Qchfsenraf pkais C\Q cs prfefrrfj pubhka ahnuj prnvkjfr
•
Buskgfss usfrs lft hkvf adct kg Nfiaf Nghkgf
•
EAA enrochkzfs ocsskvf ffigfs enr sfhhkgl, uskgl afhh-pdngf mcoofrs
http://www.networkworld.com/article/3075533/salesforce-picks-aws-as-preferred-public-cloud-provider.htmlhttp://www.networkworld.com/article/3074668/business-users-get-live-chat-in-office-online.htmlhttp://www.networkworld.com/article/3075024/mobile-wireless/fcc-formalizes-massive-fines-for-selling-using-cell-phone-jammers.htmlhttp://www.networkworld.com/article/3075533/salesforce-picks-aws-as-preferred-public-cloud-provider.htmlhttp://www.networkworld.com/article/3074668/business-users-get-live-chat-in-office-online.htmlhttp://www.networkworld.com/article/3075024/mobile-wireless/fcc-formalizes-massive-fines-for-selling-using-cell-phone-jammers.html
-
8/16/2019 Tools and Description
53/84
Ngaf tdf sacg ks anophftf ynu‛hh ffigj c sfpcrctf rfpnrt enr fcad
\kgjnws ocadkgf sacggfj wktd cg nvfrchh sfaurkty ahcsskffiactkng
cgj actflnrkzfj jftckhs ne tdf rfsuhts. Enr fcad ktfo ynu acg ahkai
c hkgi tn rfcj jftckhs ng wdct wcs sacggfj cgj dnw tn anrrfat kt,
ke c vuhgfrcbkhkty wfrf enugj, cgj enr snof ynu acg ahkai tn sff
onrf rfsuht jftckhs. Zdf rfpnrts crf cutnoctkachhy scvfj enr euturf
rfefrfgaf, but ynu acg chsn prkgt cgj/nr anpy tdf rfpnrt tn tdf
ahkpbncrj.
Chtdnuld erff cgj usfr-erkfgjhy, iffp kg okgj tdct OBQC hcais
sacggkgl ne cjvcgafj \kgjnws sfttkgls, jrkvfrs, gng-Okarnsnet
snetwcrf, cgj gftwnri-spfakffia vuhgfrcbkhktkfs. Gfvfrtdfhfss, kt‛s c
lrfct tnnh tn dfhp ynu ffigj cgj okgkokzf lfgfrch sfaurkty rksis.
:. Gfxpnsf Anoougkty Fjktkng
Gfxpnsf Anoougkty Fjktkng acg sacg gftwnris, npfrctkgl
systfos, wfb cpphkactkngs, jctcbcsfs, cgj vkrtuch fgvkrngofgts.
Zdf Anoougkty Fjktkng, dnwfvfr, hkokts ynu tn sacggkgl up tn 12
KPs ct c tkof. Kt‛s chsn hkoktfj tn ngf-yfcr ne usf ugtkh ynu oust
cpphy enr c gfw hkafgsf. Zdfy chsn nfffr c sfvfg-jcy erff trkch netdfkr anoofrakch fjktkngs.
Gfxpnsf kgstchhs ng \kgjnws, Hkgux, nr vkrtuch ocadkgfs cgj
prnvkjfs c wfb-bcsfj LVK. Zdrnuld tdf wfb pnrtch ynu acg
arfctf sktfs tn jfffigf tdf KPs nr VRHs ynu‛j hkif tn sacg, sfhfat
tdf sacggkgl prfefrfgafs, sacggkgl sadfjuhf, cgj prnvkjf cgy
gfafsscry arfjfgtkchs enr sacggfj cssfts.
Ngaf c sktf ks sacggfj ynu‛hh sff c hkst ne cssfts cgj
vuhgfrcbkhktkfs. [nu acg sff cssft jftckhs kgahujkgl NQ cgj
snetwcrf kgenroctkng cgj jftckhs ng vuhgfrcbkhktkfs cgj dnw tn ffix
tdfo. [nu acg nptkngchhy sft pnhkakfs tn jfffigf cgj trcai ynur
http://www.rapid7.com/products/nexpose/http://www.rapid7.com/products/nexpose/
-
8/16/2019 Tools and Description
54/84
jfskrfj anophkcgaf stcgjcrjs. [nu acg chsn lfgfrctf cgj fxpnrt
rfpnrts ng c vcrkfty ne cspfats.
Gfxpnsf Anoougkty Fjktkng ks c snhkj euhh-efcturfj vuhgfrcbkhkty
sacggfr tdct‛s fcsy tn sftup but tdf 12 KP hkokt ocy ocif kt
koprcatkach enr hcrlfr gftwnris.
6. QfaurfAdfq
QfaurfAdfq acg pfrenro hnach sacgs ng \kgjnws jfsitnps cgj
sfrvfrs, kjfgtkeykgl vcrknus kgsfaurf cjvcgafj \kgjnws sfttkgls
hkif jfffigfj by AKQ, KQN nr ANBKZ stcgjcrjs. Kt angafgtrctfs ng
anoong angffilurctkng frrnrs rfhctfj tn NQ dcrjfgkgl, jctcprntfatkng, anoougkactkng sfaurkty, usfr caanugt catkvkty cgj
cujkt hnllkgl. Zdf erff vfrskng, dnwfvfr, ks hkoktfj tn sacggkgl
hfss tdcg twn jnzfg sfttkgls, cbnut c qucrtfr ne wdct tdf euhh
vfrskng suppnrts.
QfaurfAdfq ks c skophf tnnh. Cetfr sacggkgl tdf PA ynu‛hh sff c
hkst ne chh tdf adfaifj sfttkgls cgj c Pcssfj nr Eckhfj rfsuht.
Ahkai c sfttkgl cgj ynu‛hh ffigj hkgis tn rfefrfgafs cbnut tdf
vuhgfrcbkhkty, suoocry ne tdf vuhgfrcbkhkty, cgj dnw tn ffix kt.
Zdnuld ynu acg‛t scvf tdf rfsuhts enr hctfr vkfwkgl kg tdf
cpphkactkng, ynu acg prkgt tdfo nr vkfw/scvf tdf NUCH TOH ffihf.
Chtdnuld QfaurfAdfq ks fcsy-tn-usf cgj sacgs enr cjvcgafj
angffilurctkng sfttkgls, kt catuchhy okssfs snof ne tdf onrf
lfgfrch \kgjnws vuhgfrcbkhktkfs cgj gftwnri-bcsfj tdrfcts.
Dnwfvfr, kt anophfofgts tdf Okarnsnet Bcsfhkgf Qfaurkty
Cgchyzfr (OBQC) wfhh9 sacg enr bcska tdrfcts cgj tdfg enhhnw up
wktd QfaurfAdfq enr cjvcgafj vuhgfrcbkhktkfs.
http://www.tripwire.com/securecheq/http://www.tripwire.com/securecheq/
-
8/16/2019 Tools and Description
55/84
5. Suchys ErffQacg
Suchys ErffQacg prnvkjfs up tn 30 erff sacgs ne VRHs nr KPs ne
Kgtfrgft ecakgl nr hnach sfrvfrs nr ocadkgfs. [nu kgktkchhy caafss kt
vkc tdfkr wfb pnrtch cgj tdfg jnwghncj tdfkr vkrtuch ocadkgf
snetwcrf ke ruggkgl sacgs ng ynur kgtfrgch gftwnri.
Suchys ErffQacg suppnrts c efw jkfffrfgt sacg typfs9
vuhgfrcbkhkty adfais enr dkjjfg ochwcrf, QQH kssufs, cgj ntdfr
gftwnri-rfhctfj vuhgfrcbkhktkfs. N\CQP ks enr cujktkgl
vuhgfrcbkhktkfs ne wfb cpphkactkngs. Pctad Zufsjcy sacgs enr cgj
dfhps kgstchh oksskgl snetwcrf pctadfs. QACP adfais anoputfr
sfttkgls anophkcgaf clckgst tdf QACP (Qfaurkty Angtfgt
Cutnoctkng Prntnanh) bfgadocri prnvkjfj by Gctkngch Kgstktutf ne
Qtcgjcrjs cgj Zfadgnhnly (GKQZ).
Zdnuld ynu ffirst sff must cg nghkgf tnnh tdct cppfcrs tn must jn
sacggkgl vkc tdf Kgtfrgft, ke ynu fgtfr c hnach KP nr sacg, kt wkhh
prnopt ynu tn jnwghncj c vkrtuch sacggfr vkc c UOwcrf nr
UkrtuchBnx koclf. Zdks chhnws ynu tn jn sacggkgl ne ynur hnach
gftwnri. Ngaf c sacg ks anophftf ynu acg vkfw kgtfrcatkvfrfpnrts by tdrfct nr by pctad.
Qkgaf Suchys ErffQacg nghy prnvkjfs 30 erff sacgs, kt‛s gnt
snoftdkgl ynu acg usf rfluhcrhy. Angskjfr uskgl cgntdfr snhutkng
enr jcy-tn-jcy usf cgj pfrknjkachhy rug Suchys ErffQacg enr c
jnubhf-adfai.
%= ;f: Cpphka/tkng Qa/ggkg+ Znnhs=
Zdfsf crf tdf fst npfg snuraf wf cpphkactkng pfgftrctkng tfstkg! tnnhsJ
https://www.qualys.com/forms/freescan/https://www.qualys.com/forms/freescan/
-
8/16/2019 Tools and Description
56/84
4rcbbfr
*rcfr ks c gkaf wf cpphkactkng sacggfr wdkad acg jftfat ocgy sfaurkty vuhgfrckhktkfs kg wf
cpphkactkngs. Kt pfrenros sacgs cgj tfhhs wdfrf tdf vuhgfrckhkty fxksts. Kt acg jftfat tdf enhhnwkg!
vuhgfrckhktkfsJ
• 2rnss sktf sarkptkgl
• &5, kg@fatkng
• C@cx tfstkgl
• !khf kgahuskng
• J& snuraf anjf cgchyzfr
• Dca#up hf adfa#
Kt ks gnt ecst cs anopcrfj tn ntdfr sfaurkty sacggfrs% ut kt ks skophf cgj pnrtchf. Zdks sdnuhj f
usfj nghy tn tfst sochh wf cpphkactkngs facusf kt tcifs tnn ouad tkof tn sacg hcr!f cpphkactkngs.
Zdks tnnh jnfs gnt neefr cgy *+K kgtfrecaf. Kt chsn acggnt arfctf cgy )7E rfpnrt. Zdks tnnh wcs
jfsk!gfj tn f skophf cgj enr pfrsngch usf. Inu acg try tdks tnnh ust enr pfrsngch usf. Ke ynu crf
tdkgikg! ne kt enr prnefsskngch usf% K wkhh gfvfr rfanoofgj kt.
Zdks tnnh wcs jfvfhnpfj kg )ytdng. Cgj cg fxfautchf vfrskng ks chsn cvckhchf ke ynu wcgt. Qnuraf
anjf ks cvckhchf% sn ynu acg onjkey kt caanrjkg! ynur gffjs. Zdf ockg sarkpt ks !rcfr.py% wdkad
ngaf fxfautfj achhs ntdfr onjuhfs hkif s8h.py% xss.py nr ntdfrs.
7nwghncj kt dfrfJ dttp=//rlcuadfr.kgn/"ftc/lrc""fr/
Qnuraf anjf ng *ktduJ dttps=//lktdu".ano/gfurnn/lrc""fr
>f*c
f!c ks cgntdfr erff npfg snuraf wf vuhgfrckhkty sacggfr cgj tfstkg! phctenro. \ktd tdks tnnh% ynu
acg pfrenro sfaurkty tfstkg! ne c wf cpphkactkng. Zdks tnnh ks wrkttfg kg &cvc cgj neefrs c *+K csfj
fgvkrngofgt. Kt ks cvckhchf enr FQ L% >kgux cgj \kgjnws.
Kt acg f usfj tn ekgj Q> kgfatkng% dfcjfr kgfatkng% jkrfatnry hkstkg!% sdfhh kgfatkng% arnss sktf
sarkptkg!% ekhf kgahuskng cgj ntdfr wf cpphkactkng vuhgfrckhktkfs. Zdks tnnh acg chsn f fxtfgjfj uskg!
c pnwfreuh C)K wrkttfg kg &cvcQarkpt.
\dkhf wnrikg! wktd tdf tnnh% kt hfts ynu sft c efw prfefrfgafs hkif tntch guofr ne pctd jfsafgjcgts%
guofr ne adkhj pctds ne c gnjf% jfptd cgj ocxkouo guofr ne rf8ufst pfr sfangj. Inu acg usf
http://rgaucher.info/beta/grabber/https://github.com/neuroo/grabberhttp://rgaucher.info/beta/grabber/https://github.com/neuroo/grabber
-
8/16/2019 Tools and Description
57/84
f!c Qacggfr% f!c )rnxy% )rnxy Qacggfr cgj chsn Qacggfr wktd arfjfgtkchs. Ke ynu gffj dfhp% ynu
acg ekgj rfsnurafs kg tdf jnauofgtctkng sfatkngJ
7nauofgtctkngJ dttps=//su"lrcpd.ano/vflc/jnauofgtctkng/kgjfx.fg.dtoh
7nwghncj f!cJ dttps=//su"lrcpd.ano/vflc/
0:2C, C2N:'1 3C:':'1
@fj Cttcai Prny
Nfj Cttcai )rnxy ks chsn ignwg cs NC). Zdks tnnh ks npfg snuraf cgj ks jfvfhnpfj y C\CQ). Kt ks
cvckhchf enr \kgjnws% +gkxA>kgux cgj 4cakgtnsd phctenros. K pfrsngchhy hkif tdks tnnh. Kt acg f usfj
tn ekgj c wkjf rcg!f ne vuhgfrckhktkfs kg wf cpphkactkngs. Zdf tnnh ks vfry skophf cgj fcsy tn usf.
Bvfg ke ynu crf gfw tn pfgftrctkng tfstkg!% ynu acg fcskhy usf tdks tnnh tn stcrt hfcrgkg! pfgftrctkng
tfstkg! ne wf cpphkactkngs.
Zdfsf crf tdf ify eugatkngchktkfs ne NC)J
• :gtfrafptkgl )rnxy
• Cutnoctka &acggfr
• rcjktkngch "ut pnwfruh spkjfrs
• !uzzfr
• 4f" &na#ft &uppnrt
• )hul-g-dca# suppnrt
• Cutdfgtkactkng suppnrt
• 30& "csfj C):
• +ygcoka &&, afrtkactfs
• &ocrtacrj cgj 2hkfgt +klktch 2frtkactfs suppnrt
Inu acg fktdfr usf tdks tnnh cs c sacggfr y kgputtkg! tdf +'> tn pfrenro sacggkg!% nr ynu acg usf
tdks tnnh cs cg kgtfrafptkg! prnxy tn ocguchhy pfrenro tfsts ng spfakeka pc!fs.
7nwghncj NC) J dttp=//anjf.lnnlhf.ano/p/zcprnxy/
\c'ktk
\cpktk ks chsn c gkaf wf vuhgfrckhkty sacggfr wdkad hfts ynu cujkt tdf sfaurkty ne ynur wf
cpphkactkngs. Kt pfrenros hcai
-
8/16/2019 Tools and Description
58/84
Kt acg jftfat enhhnwkg! vuhgfrckhktkfsJ
• !khf +ksahnsurf
• !khf kgahuskng
• 2rnss &ktf &arkptkgl A&&%
• 2noocgj fxfautkng jftfatkng
• 23,! :g@fatkng
• &0, :g@fatkng cgj Apctd :g@fatkng
• 4fc# .dtcaafss anglurctkng
• Dca#up hfs jksahnsurf
• cgj ocgy ntdfr
\cpktk ks c anoocgj
kgfatkng% $rnss
-
8/16/2019 Tools and Description
59/84
\fQacrc ks c &cvcE cgj ocgy ntdfr vuhgfrckhktkfs.
Qnuraf anjf ne tdf tnnh ks cvckhchf ng *ktduJ dttps=//lktdu".ano/4C&)/4C&)-4f"&acrc"
7nwghncj \fQacrc
dfrfJdttps=//www.nwcsp.nrl/kgjfx.pdp/2ctflnry=4C&)
-
8/16/2019 Tools and Description
60/84
Zdks tnnh ks jfsk!gfj tn nvfranof tdf prnhfos usfrs usuchhy ecaf wdkhf uskg! ntdfr prnxy tnnhs enr
sfaurkty cujkts. Kt ks acpchf ne jkstkg!uksdkg! ftwffg $QQ styhfsdffts cgj &cvcQarkpt anjfs. Kt chsn
suppnrts QQ> ocg kg tdf okjjhf cttcai% wdkad ofcgs ynu acg chsn sff jctc pcsskg! tdrnu!d QQ>.
Inu acg rfcj onrf cnut tdks tnnh dfrfJdttp=//anjf.lnnlhf.ano/p/rctprnxy/wk#k/3ctprnxy+na
7nwghncj dttp=//anjf.lnnlhf.ano/p/rctprnxy/
Q!$c'
Q>4cp ks cgntdfr pnpuhcr npfg snuraf pfgftrctkng tfstkg! tnnh. Kt cutnoctfs tdf prnafss ne ekgjkg!
cgj fxphnktkg! Q> kgfatkng vuhgfrckhkty kg c wfsktf?s jctccsf. Kt dcs c pnwfreuh jftfatkng fg!kgf
cgj ocgy usfeuh efcturfs. Qn% c pfgftrctkng tfstfr acg fcskhy pfrenro Q> kgfatkng adfai ng c
wfsktf.
Kt suppnrts rcg!f ne jctccsf sfrvfrs kgahujkg! 4yQ>% Frcahf% )nst!rfQ>% 4karnsnet Q> Qfrvfr%
4karnsnet Caafss% KM4 7M,% Q>ktf% Ekrfkrj% Qycsf cgj QC) 4cx7M. Kt neefrs euhh suppnrt tn
ikgjs ne Q> kgfatkng tfadgk8ufsJ tkof
-
8/16/2019 Tools and Description
61/84
\cta2fr
\ctadfr ks c pcsskvf wf sfaurkty sacggfr. Kt jnfs gnt cttcai wktd hncjs ne rf8ufsts nr arcwh tdf
tcr!ft wfsktf. Kt ks gnt c sfpcrctf tnnh ut ks cg cjj
-
8/16/2019 Tools and Description
62/84
Ke ynu wcgt tn stcrt pfgftrctkng tfstkg!% K wkhh rfanoofgj uskg! >kgux jkstrkutkngs wdkad dcvf ffg
arfctfj enr pfgftrctkng tfstkg!. Zdfsf fgvkrngofgts crf caitrcai% !gcaitrcai% cainx cgj
hcaiugtu. Chh tdfsf tnnhs anof wktd vcrknus erff cgj npfgsnuraf tnnhs enr wfsktf pfgftrctkng
tfstkg!. Qn% ynu acg !n wktd tdnsf fgvkrngofgts.
Ke ynu tdkgi K enr!nt tn ofgtkng cg kopnrtcgt tnnh% ynu acg jrnp c anoofgt cgj K wkhh try tn cjj kt.
* QK" ZNN
-
8/16/2019 Tools and Description
63/84
• Qachckhkty erno Q4M tn hcr!f kophfofgtctkngs
• Kopnrt cgj fxpnrt ne angtfgt =ruhfs% rfpnrts% trfgjs9
• 4uhtk
-
8/16/2019 Tools and Description
64/84
n Qfhfatkng ne arktkach ekfhjs cgj sadfjuhfj suoocrkzctkng ne fvfgts
• (fchtd stctus ongktnrkg!
•
n \dct sfhe
-
8/16/2019 Tools and Description
65/84
n $cg tdf systfo f angek!urfj kg c dkfrcradyP $nrrfhctkng fg!kgf cgj hn!
ocgc!fofgt hnachhy ct fcad +op8uc% ut ocstfrA!hnch angtfgt pusdfj cgj sygadfj erno c
ocgc!fj sfrvkafs !rnup wktd hnach angtfgt gnt nvfrrkjjfg% ut !hnch angtfgt kganrpnrctfj
cgj nvfrwrkttfgP
• Kgputs
•
n \dct hn! snurafs crf suppnrtfj gctkvfhyP
• >ng! tfro
•
n (nw jn wf kgtf!rctf wktd c tkaiftkg!Awnriehnw systfoP
n (nw acg wf kgtf!rctf wktd cg fxkstkg! angek!urctkng ocgc!fofgt jctccsf =$47M9
tn puhh cssft tc! kgenroctkngP
n (nw acg wf kgtf!rctf wktd *nvfrgofgt% 'ksi% $nophkcgaf =*'$9 cgj vuhgfrckhkty
ocgc!fofgt tn prnvkjf c anoong jcsdncrjP
Qnuraf= Ifgt Qcugjfrs, Qfgknr Angsuhtcgt, Caauvcgt 2036
Kjfchhy% anopcgkfs sdnuhj chsn hnni enr tdf ckhkty tn jfphny cg fvchuctkng nr c prnne ne angafpt kg
tdfkr fgvkrngofgts tn ocif surf tdf rfpnrts cgj jctc tdfy fxpfat crf cvckhchf cs wfhh. Bvfg ke tdfy
crf nghy chf tn anhhfat jctc erno c efw jfvkafs tdct wkhh f c du!f kgjkactnr ne wdftdfr tdfy crf
uykg! c prnjuat tdct snhvfs tdfkr spfakeka prnhfos% cs nppnsfj tn c prnjuat tdct ust snugjs rfchhy
annh% scys Zurgfr.
hnu398/sf3 QK" Nptkngs
Fgf cpprncad tdct ks stcrtkg! tn !rnw ks ahnuj
-
8/16/2019 Tools and Description
66/84
austnofrs% tdf hcr!fr cgj onrf fstchksdfj QKB4 prnvkjfrs tdct chsn neefr ng
-
8/16/2019 Tools and Description
67/84
Kgjustry 7ctc Qfaurkty Qtcgjcrj =)$K 7QQ9% (fchtd Kgsurcgaf )nrtckhkty cgj Caanugtckhkty Cat ne
0DD =(K)CC9% Efjfrch Kgenroctkng Qfaurkty 4cgc!fofgt Cat ne ,55, =EKQ4C9% Qcrcgfsn!
4cgc!fofgt:
• 4aCeff BQ4 =Bgtfrprksf Qfaurkty 4cgc!fr9 cpphkcgaf dcgjhfs ntd QKB4A$nrrfhctkng cgj
>n! 4cgc!fofgt:
• KM4 Qfaurkty 'cjcr Chh kg Fgf cpphkcgaf dcgjhfs ntd QKB4A$nrrfhctkng cgj >n!
4cgc!fofgt:
• Qphugi Bgtfrprksf snetwcrf nr vkrtuch ocadkgfs enr hn! ocgc!fofgt dcs ckhkty enr c usfr tn
wrktf tdfkr nwg austno anrrfhctkngs cgj QKB4
-
8/16/2019 Tools and Description
68/84
• >n!'dytdoVs cpphkcgaf% snetwcrf cgj vkrtuch ocadkgfs dcgjhfs ntd QKB4A$nrrfhctkng cgj
>n! 4cgc!fofgt
(frfVs c onrf jftckhfj hnni ct ()Vs CraQk!dt% >n!'dytdo% Qnhcr\kgjs% cgj Qphugi.
• CraQk+.t
(fwhftt
-
8/16/2019 Tools and Description
69/84
stcgjn!'dytdoVs sfaurkty kgtfhhk!fgaf phctenro anhhfats enrfgskas
jctc erno hn! jctc% ehnw jctc% fvfgt jctc% ocadkgf jctc cgj vuhgfrckhkty jctc. Kt chsn !fgfrctfs
kgjfpfgjfgt enrfgskas jctc enr tdf dnst cgj gftwnri.
Zdf systfo acg prnjuaf rfch
-
8/16/2019 Tools and Description
70/84
cujkt hn!s cgj tchfs% ekhfsystfo cujkt hn!s% cgj npfrctkg! systfo oftrkas% stctus cgj jkc!gnstka
anoocgjs. Mut ct Qphugi% tdf enaus ks ng ocadkgf jctc
-
8/16/2019 Tools and Description
71/84
. \dct ks tdf anst ne tdf QKB4 prnjuat =hkafgsf nr susarkptkng9P
1. \dct ks tdf anst ne trckgkg!P
. (nw wfhh jn tdfy jn pnst
-
8/16/2019 Tools and Description
72/84
Qnuraf= Mnrjcg Pfris, angsuhtcgt, Caauvcgt, 2036
fw onrf QK" Znnhs
Qfaurkty Kgenroctkng Cgj Fvfgt OcgclfofgtQystfos Nvfrvkfw cgj Ufgjnr Hkst
Chtdnuld ;;% ne KZ sfaurkty snhutkngs sctksey snof pcrts ne anophkcgaf,
onst ne tdfo wnuhj bf bnuldt kgtn cg nrlcgksctkng rflcrjhfss. Cg fxcophf
wnuhj bf c ekrfwchh, fockh cgj wfb ekhtfrkgl snhutkngs.
Dnwfvfr KZ sfaurkty prnefsskngchs usuchhy kgvfst kg pnhkay cujktnrs, wfb
cpphkactkng ekrfwchhs, vuhgfrcbkhkty ocgclfrs, ekhf kgtflrkty snetwcrf, cradkvkgl
cpphkactkng angtrnh cgj K!" snhutkngs tn sctksey rfluhctnry anophkcgaf cgj
sdnwkgl juf jkhklfgaf.
K!" #vfrvkfw
nof vfgjnrs anobkgf K!" wktd c anobkgctkng ne vuhgfrcbkhktyocgclfofgt, ekhf kgtflrkty, pnhkay cujktkgl cgj K$ cs nptkngs. #tdfr vfgjnrs
kgtflrctf K!" kgtn tdfkr Kjfgtkty cgj Caafss ocgclfofgt snhutkngs cgj cgj
snof vfgjnrs prnvkjf K!" cs c pnkgt snhutkng ng kts nwg.
K!" cs c prnjuat ks c anobkgctkng ne Kgenroctkng "cgclfofgt, !vfgt
"cgclfofgt cgj gftwnr bfdcvknur cgchysks tnnhs prnvkjkgl c anophftf
-
8/16/2019 Tools and Description
73/84
vkskng ne hnl jctc cgj rfch tkof fvfgts. nof anopcgkfs nghy rf&ukrf ngf nr
tdf ntdfr 'Kgenroctkng "cgclfofgt nr !vfgt "cgclfofgt(. Kgenroctkng
"cgclfofgt ks usfj enr dkstnrkach cgj anophkcgaf purpnsfs cgj !vfgt
"cgclfofgt enr rfch tkof cttca cgchysks. nof vfgjnrs chsn prnvkjf tdfsf
cs sfpcrctf prnjuats.
Chfrt Hnlka ks c ahnuj snhutkngs vfgjnr cgj neefr c ahnuj bcsfj Kgakjfgt cgj
!vfgt )nl "ngktnrkgl sfrvkaf.
ChkfgUcuht Prnefsskngch QKFO ks neefrfj cs cg cpphkcgaf cgj vkrtuch
phctenro. Chkfgt*cuht chsn dcvf kgtruskng jftfatkng cgj vuhgfrcbkhkty
ocgclfofgt eugatkngchkty bukht kg tn kts K!" prnjuat. Chkfg*cuht ks c
jfjkactfj K!" vfgjnr.
Cstcrn dcvf c hnl ocgclfofgt onjuhf bukht kg tdfkr sfaurkty lctfwcy
cpphkcgaf. Zdf catuch hnl ocgclfofgt ks c systfo bcsfj kg tdf ahnuj. Zdks
ks c bcska hnl ocgclfofgt sfrvkaf.
Anoputfr Cssnakctfs (AC ks c hcrlf vfgjnr wktd ocgy fgtfrprksf ahcss KZ
snhutkngs. +C dcvf c sfaurkty jkvkskng cgj neefr tdfkr fgtfrprksf hnl ocgclfr
wdkad anofs kg snetwcrf phctenro.
Anrrfhnl neefr hnl ocgclfofgt cgj sfaurkty anrrfhctkng cgj prnvkjf
kgtflrkty ongktnrkgl enr anoong # phctenros.
http://www.alertlogic.com/solutions/security/log-management/http://www.alienvault.com/products.php?section=ProfessionalSIEMhttp://www.astaro.com/en-uk/products/astaro-log-management/activationhttp://www.ca.com/us/log-management.aspxhttp://correlog.com/index.htmlhttp://www.alertlogic.com/solutions/security/log-management/http://www.alienvault.com/products.php?section=ProfessionalSIEMhttp://www.astaro.com/en-uk/products/astaro-log-management/activationhttp://www.ca.com/us/log-management.aspxhttp://correlog.com/index.html
-
8/16/2019 Tools and Description
74/84
fh!gftwnr"s spfakchksf kg vkskbkhkty cgj cwcrfgfss ne KZ kgenroctkng.
fhgftwnrs dcs c enaus ng K!", ekhf kgtflrkty, vuhgfrcbkhkty ocgclfofgt
cgj gftwnr bfdcvknur cgchysks snhutkngs.
Fgtfrcsys Qfaurkty Kgenroctkng cgj Fvfgt Ocgclfofgt snhutkng
prnvkjfs )nl "cgclfofgt cgj -ftwnr fdcvknrch Cgchysks acpcbkhktkfs.
!gtfrcsys ks c prnvkjfr ne rnutkgl cgj swktadkgl, wkrfhfss cgj gftwnr
ocgclfofgt cgj sfaurkty snhutkngs.
#ckr$crgkgl spfakchksf kg kgenroctkng prntfatkng cgj cwcrfgfss kg tdf
dfchtd kgjustry. Zdfkr cpphkcgaf bcsfj snhutkng prntfats tdf prkvcay ne pctkfgtdfchtd rfanrjs.
%#K Qnetwcrf ks c vfgjnr enaussfj ng