Feature

Knoppix-NSM removes complexity of Snort-based network security monitoring

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: Tips from the 2007 Security 7 Awards."

Download it now to read this article plus other related content.

NSM on Demand
LiveCD gives you instant (almost) network security monitoring.

This figure shows a simple architecture that matches what you'd be utilizing via the Knoppix-NSM LiveCD in its default configuration, as well as the NSM framework utilized by this distribution.
Source: Intelguardians (

    Requires Free Membership to View

http://www.intelguardians.com/snortguis.pdf)


Once you've booted from the Knoppix-NSM LiveCD, you can immediately start monitoring using the following command sequences:
  • From a root console, if you didn't assign a static IP at boot, execute pump –i eth0 to attain an address dynamically. For permanent installations, only a static IP is recommended.


  • From a root console (right click on the desktop) execute:
    /etc/init.d/mysql start to start the MySQL database
    /etc/init.d/apache2 start to start the Web server
    /etc/init.d/sguild start to start the Sguil server daemon
    sensor default start to start the Sguil sensor
    /etc/init.d/ntop.default start to start ntop if you wish to see traffic details. This step can cause performance issues from LiveCD, so use it with caution and stop it if need be.


  • From a non-root console execute:
    sguilc with squil as username, and password as password.
At this point, you have a Sguil analysis console at your disposal, as well as BASE and ntop from the Iceweasel browser bookmark toolbar.

--RUSS McREE

This was first published in October 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: