Q
Problem solve Get help with specific problems with your technologies, process and projects.

What are the best anti-network reconnaissance tools for Linux systems?

Anti-network reconnaissance tools can prevent attackers from getting access to system information. Expert Judith Myerson goes over the best enterprise options.

What are the best anti-network reconnaissance tools for Linux and Ubuntu systems?

One anti-network reconnaissance tool to consider is Active Defense Harbinger Distribution (ADHD). This tool prevents an attacker from getting system information while inside the network infrastructure.

ADHD is a security Linux distribution based on Ubuntu 12.04 Long Term Support. Just like Ubuntu, you can run ADHD as a live DVD or install it on your computer.

ADHD comes with several preconfigured tools to defend against network reconnaissance attackers. Two favorites are Network Obfuscation and Virtualized Anti-Reconnaissance (Nova) and Honey Badger.

Nova is an open source software tool that is aimed at detecting network reconnaissance efforts within a private network. This tool lures an attacker into interacting with decoy systems, including files and open ports. The attacker, however, is denied access to the real network.

You can have infinite directories to make it very difficult for the attacker to get to his target. You can also get Nova to automatically shut down a specific port when the attacker attempts to scan it. When Nova detects the attacker's network reconnaissance attempts, the system administrator gets an alert via email or from logs. The attack can come either from the internet or from employees inside your enterprise who are not authorized to look around the network.

Honey Badger creates a webpage that looks like, for example, a Cisco administration interface. When the attacker attempting network reconnaissance is lured into accessing the page, Honey Badger sends a Java app to the attacker's computer. The application quietly grabs the attacker's IP address and uses Google API to locate the computer. It adds any other information to the report, which is sent to the system administrator.

Other anti-reconnaissance tools take different approaches to potential threats. For example, Microsoft's NetCease tool has the capability to change the registry keys in Windows to restrict access to private networks, which Honey Badger does not have.

Next Steps

Find out if DMZ networks can still provide enterprise security benefits

Learn how IPv6 network reconnaissance can be used to identify vulnerabilities

Read how data obfuscation techniques can protect corporate information

This was last published in February 2017

Dig Deeper on Real-time network monitoring and forensics

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What has your enterprise's experience been using anti-reconnaissance tools?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close