Skip to main content

Posts

Showing posts from April, 2015

Netdot

Netdot is an open source tool designed to help network administrators collect, organize and maintain network documentation. Netdot was initially developed by the Network Services group at the University of Oregon , and continues to be maintained and expanded with support from the Network Startup Resource Center and the work of volunteers. Relevant features: Device discovery via SNMP Layer2 topology discovery and graphing, using: CDP/LLDP Spanning Tree Protocol Switch forwarding tables Router point-to-point subnets IPv4 and IPv6 address space management (IPAM) Address space visualization DNS/DHCP config management IP and MAC address tracking BGP peer and Autonomous Systems tracking Cable plant (sites, fiber, copper, closets, circuits...) Contacts (departments, providers, vendors, etc.) Export scripts for various tools ( Nagios , Sysmon , RANCID , Cacti , SmokePing ) Multi-level user access: Admin, Operator, User Access the tool here .

Scrutinizer

Scrutinizer™  is at the foundation of the Plixer incident response and behavior analysis architecture. It is available as a physical or virtual appliance, or as a windows download. Scrutinizer performs the collection, threat detection, and reporting of all flow technologies on a single platform. It delivers real-time situational awareness into the applications and their historical behaviors on the network.  Access the product page here .

Guidelines on Information security, Electronic Banking, Technology risk management and cyber frauds

Corporate Governance constitutes the accountability framework of a bank. IT Governance is an integral part of it. It involves leadership support, organizational structure and processes to ensure that a bank’s IT sustains and extends business strategies and objectives. Effective IT Governance is the responsibility of the Board of Directors and Executive Management. Access to reliable information has become an indispensable component of conducting business, indeed, in a growing number of banks, information is business.  Today, almost every commercial bank branch is at some stage of technology adoption: core banking solution (CBS), or alternate delivery channels such as internet banking, mobile banking, phone banking and ATMs.  Access these guidelines here .

What’s Your Security Maturity Level?

Not long ago, I was working on a speech and found myself trying to come up with a phrase that encapsulates the difference between organizations that really make cybersecurity a part of their culture and those that merely pay it lip service and do the bare minimum (think ‘ 15 pieces of flair ‘). When the phrase “security maturity” came to mind, I thought for sure I’d conceived of an original idea and catchy phrase. Read the article here .

5 Reasons Every Company Should Have A Honeypot

A staple of the computer-security toolbox for more than two decades, honeypots can provide companies with unique benefits. Read the article here .

SANS firewall checklist

SANS firewall checklist is available here .

The Ultimate Network Security Checklist:

Here it is – The Ultimate Network Security Checklist:  a document that provides you with the areas of information security you should focus on, along with specific settings or recommended practices that will help you to secure your environment against threats from within and without.

RIT Information Security checklists

Checklist Name Use Desktop and Portable Computer Checklist General User Compliance checklist for use by self-supported faculty, staff, and students. Desktop and Portable Computer Checklist ITS-Supported Users Compliance checklist for use by ITS-supported faculty, staff, and students. (1/23/13) Desktop and Portable Computer Checklist Systems Support Systems support personnel compliance checklist for computers they support. Server Security Checklist Compliance checklist for use with the Server Security Standard Network Security Checklist Compliance checklist for use with the Network Security Standard Web Standard Compliance Checklist Compliance checklist for use with the Web Security Standard Account Management Checklist Compliance checklist for use with the Account Management Standard

Good Practice Guidelines

The Good Practice Guidelines (GPG) are a series of informational documents which provide good practice advice in technology-specific areas of Information Security and Information Governance. Each Good Practice Guideline is intended to support Department of Health Policy and Information Governance requirements for NHS organisations and suppliers. These guidelines are updated with the latest security information and if you feel there is something missing please contact infosecteam@hscic.gov.uk . We recognise these GPGs as essential communication from the Infrastructure Security Team and as such are aiming for the documents to be published to the highest possible standard. All documents on this page have 'Approved' status. As Information Security is an evolving discipline these documents will be updated regularly and should be regarded as 'living documents'. Title Description Last Update Version 3G / HSDPA Provides guidance for organisations who wi

Business Continuity Planning Manual

Business Continuity Planning (BCP) can help NHS organisations to reduce the effects of disruption upon services, systems and business processes caused by service interruptions and failures. Whatever the cause, the consequences of such interruptions and failures should be analysed. Business Continuity Planning can reduce the effects of these to an acceptable level. This can be best achieved through the application of a combination of preventive and recovery controls.  Contingency and recovery plans for each of the organisation's core services, key systems and business processes should be developed, w herever possible forming an integral part of existing management processes. They should be regularly maintained and tested to enable implementation when circumstances dictate.  Following any implementation they should be  evaluated and reviewed. Access the planning manual here .

Top 47 Log Management Tools

Operating systems, such as Windows and Unix, as well as networks such as Cisco, typically offer some native log management functionality. But these log and event management mechanisms fall short of consolidating the data in any meaningful way, leaving bits and pieces of event logs scattered across a network. Not to mention, many of those events are lost as a result of overwrites, creating a security and compliance problem. Access the list here .

Combine Harvester (The Wurzels)

I drove my tractor through your haystack last night (ooh aah ooh aah) I threw me pitchfork at your dog to keep quiet (ooh aah ooh aah) Now something's telling me That you'm avoiding me Come on now darling you've got something I need   Cuz I got a brand new combine harvester An' I'll give you the key

Reliability engineering

Reliability engineering is engineering that emphasizes dependability in the lifecycle management of a product. Dependability, or reliability, describes the ability of a system or component to function under stated conditions for a specified period of time. Reliability engineering represents a sub-discipline within systems engineering. Reliability is theoretically defined as the probability of success (Reliability=1-Probability of Failure), as the frequency of failures, or in terms of availability, as a probability derived from reliability and maintainability. Maintainability and maintenance is often defined as a part of "reliability engineering" in Reliability Programs. Reliability plays a key role in the cost-effectiveness of systems.  Read the post on Wikipedia here .

ELK: powerful tool for log correlation and real-time analytics

ELK is a powerful set of tools being used for log correlation and real-time analytics. This post will discuss the benefits of using it, and be a guide on getting it up and running in your environment. ELK is actually an acronym that stands for Elasticsearch, Logstash, Kibana. In recent months I have been seeing a lot of interest in ELK for systems operations monitoring as well as application monitoring. It was really impressive and I thought of how useful it could be for network operations. Many environments just have the basics covered (up/down alerting and performance monitoring). Some companies go one step further and are logging syslog to a central server. For long time this has been acceptable, but things must change. While this guide is solely meant to show how network data can be captured and used, the real goal is to have all infrastructure and applications log to ELK as well. Read this great post about ELK and network operations here .

The Hard-won Triumph of the Apollo 13 Mission - 45 Years Later

Moments after they finished a TV broadcast late on April 13, 1970, a spark ignited one of the oxygen tanks on the Apollo 13 spacecraft. The resulting explosion plunged an entire nation into an anxious three-and-a-half day drama. Read the article on the NASA site here .

IT Security Self- & Risk-Assessment Tool

The tool is a Microsoft Excel 2003 spreadsheet containing worksheets that guides you through a detailed assessment of your agency’s IT system in three categories: Management ,  Organizational , and  Technical — and  a fourth category,  State and Local Law Enforcement-Specific IT Security Controls , which assists with recording information on additional state and local government issues. Access the tool here .

Troubleshooting Networks: Tips from a Network Detective

The thrill of the “chase” and the challenge of solving the “who done it”.  I’ve learned a lot over the years. What works… what doesn’t work.  What helps… what hinders. Like any Detective “on the job” for so many years… it would be impossible to pass on to you everything I would really like to.  So let’s go with the tips I think will give you the biggest ROI if you apply them. Tips from a Network Detective Be Methodical Know What is Normal (Knowledge is Key) Get to the “Crime Scene” as Fast as You Can Have “Crime Scene Maps”  that Help and don’t Hinder Let the Clues and Evidence Guide You Learn and Improve. Read the article on PacketPushers by Denise "Fish" Fishburne here .

Network Documentation Best Practices: What’s Important & How To Track It

As a consultant, I have done several network assessments for clients. One of the biggest items that is almost always missing is documentation. In my assessment reports, I can’t just say, “You are missing documentation,” and leave it at that. I have to be more specific. I have to specifically call out what should have been documented, how it should be documented, and why it should be documented. These are my opinions of best practice for documenting your network. Access the post here .

Top 9 tips for better cable management in the data centre

Cable management in the data centre is the most ignored part in my experience. And it always come back to haunt you in one form or another. It could be in form of tracing the wrong cable and unplugging a production host while working on something else, or never able to find what is connected where. Read the post here .

Nikto2

Nikto is an Open Source ( GPL ) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.  Download Nikto from here .

Interface Traffic Indicator

Interface Traffic Indicator, a graph utility to measure incoming and outgoing traffic on an interface in bits/sec, bytes/sec or utilization. Works on all SNMP-capable devices (computers, NICs, switches, routers, etc.) with adjustable poll intervall down to three seconds. You can use this programm in a professional network environment to monitor selected network interfaces (even backplane ports if the device provides the information) or you can monitor your home network or cable/modem/ISDN connection to the internet. Download the tool form here .

NfSen - Netflow Sensor

NfSen is a graphical web based front end for the nfdump netflow tools. NfSen allows you to Display your netflow data: Flows, Packets and Bytes using RRD (Round Robin Database). Easily navigate through the netflow data. Process the netflow data within the specified time span. Create history as well as continuous profiles. Set alerts, based on various conditions. Write your own plugins to process netflow data on a regular interval.  Access NfSen here .

LFT

LFT , short for Layer Four Traceroute, is a sort of 'traceroute' that often works much faster (than the commonly-used Van Jacobson method) and goes through many configurations of packet-filters (firewalls). More importantly, LFT implements numerous other features including AS number lookups through several reliable sources, loose source routing, netblock name lookups, et al. What makes LFT unique? LFT is the all-in-one traceroute tool because it can launch a variety of different probes using ICMP, UDP, and TCP protocols, or the RFC1393 trace method. For example, rather than only launching UDP probes in an attempt to elicit ICMP "TTL exceeded" from hosts in the path, LFT can send TCP SYN or FIN probes to target arbitrary services. Then, LFT listens for "TTL exceeded" messages, TCP RST (reset), and various other interesting heuristics from firewalls or other gateways in the path. LFT also distinguishes between TCP-based protocols (source an

Advanced IP Scanner (Free Network Scanner)

  What Advanced IP Scanner does: Scans network in a matter of seconds Detects any network devices, including Wi-Fi routers and wireless devices Scans ports and finds HTTP, HTTPS, FTP, RDP and shared folders Lets you connect to PCs running Radmin Server with one click Allows you to shut down computers remotely The opportunity to run ping, tracert, telnet and SSH commands on a selected computer Supports Wake-On-Lan Favorites list for easy network management Export to HTML or CSV Easy and user-friendly interface Access Advanced IP Scanner here .

Cisco Device Info

Cisco Device Info (CDI) is a free, open-source Windows application to retrieve runtime information from Cisco equipment such as routers and switches. This is achieved using the SNMP protocol. Cisco Device Information supports SNMP versions 1 through 3 and has been tested against a handful of different devices and IOS versions. Access Cisco Device Info here .

Radmin (Remote Control software)

Radmin is one of the safest, fastest and most popular remote access software solutions designed for Windows. Access Radmin here .

Cisco and networking cheat sheets

Access the Cisco and networking cheat sheets on packetlife.net here .

TTG (SNMP Text Traffic Grapher)

TTG is a small command line utility that displays current throughput (bandwidth usage) on an interface of a remote device such as router, switch, firewall, etc., over SNMP. You can think of TTG as command line version of STG or a high-interval/ad-hoc query/test tool for MRTG , etc. The output is very similar to ping(1) command. You can use it to quickly check/measure traffic before waiting 5 minute cycle when configuring MRTG, as a means of using the data in text form (eg. copy&paste in to an email or spreadsheet) or just a general purpose command line network administration aid. Access TTG here .

STG (SNMP Traffic Grapher)

This freeware utility allows monitoring of supporting SNMPv1 and SNMPv2c devices including Cisco. Intended as fast aid for network administrators who need prompt access to current information about state of network equipment. Access STG here (original site) or alternatively here .

MassConfig

A small but powerfull excel application for mass devices configuration and backup.   Helps with management configuration and understanding the network configuration. Access MassConfig here .

Flaps

Flaps monitors the mac-address table of switches by SNMP and alert on any mac flap. Access Flaps here . 

9Ping (split window with ping results from 9 different pings)

9Ping can help you monitor your network  9Ping have a split window with ping results from 9 different pings Access 9Ping from here .

BRST - Border Router Security Tool

The BRST - Border Router Security Tool is a web based utility for generating secure configuration files for Cisco routers in a border configuration. The administrator fills out a web form, clicks submit, and receives a router config file. Access BRST here .

Switch Miner (Cisco switch port mapper)

Switch Miner is a free lightweight open source command line utility for Windows that acts as a switch port mapper/switch port discovery tool. It helps network engineers discover the devices that are connected to the all the ports of a switch. It will even discover neighboring switches via CDP and scan them also. Using SNMP it scans switches and creates excel .xlsx or .csv files. Access Switch Miner here .

Open Visual Traceroute (Open source cross-platform - Windows/Linux/Mac - Java Visual Traceroute)

Access Open Visual Traceroute here .

BGINFO4X (BGINFO for X and for Windows! Shows desktop information on your screen )

BGINFO for X , also called BGINFO4X , is a clone of the popular program BGINFO for Microsoft Windows created by Sysinternals.   BGINFO4X is designed for pretty print useful information (CPU model, Hostname, IP address, OS version, Office version, and much more ...) on your desktop background or wallpaper. Features Multi Platform: Windows, MacOSX, Linux, BSD, UNIX, embedded systems (ARM,RASPBERRY). Highly Customizable: configure easily any setting of the program. Open Source: you can benefit from it and from the community forums. Dynamic Data: the information is not static. Refreshed it with a configurable timer. Modular System: designed as a modular system, you can use different modules. Out Module: write any information. Use bash, powershell, wmi, vbs, perl, python, snmp, .... Alarm Module : write an alarm by threshold. Use a different color, size, format. Script Module: execute any script or program, such as as sending an email with the result. Export Module:

Overview: Cisco CleanAir Technology

NetResView

NetResView is a small utility that displays the list of all network resources (computers, disk shares, and printer shares) on your LAN. As opposed to "My Network Places" module of Windows, NetResView display all network resources from all domains/workgroups in one screen, and including admin/hidden shares Access NetResView here .

QuTTY = PuTTY + Qt

QuTTY is a multi-tabbed, multi-paned SSH/Telnet client with a terminal emulator. The goal is to support advanced features similar to iterm2.  Access QuTTY here .

storageim

StorageIM is a monitoring console for storage systems and networks designed around industry standards. StorageIM supports most storage arrays, switches, HBA's and storage libraries. Access storageim here .

OpenACS

Automatic configuration server (ACS) implementing CPE configuration protocol CWMP as specified in TR-069. Access OpenACS here .

cmdow (Win32 console application for manipulating program windows)

Cmdow is a Win32 commandline utility for NT4/2000/XP/2003 that allows windows to be listed, moved, resized, renamed, hidden/unhidden, disabled/enabled, minimized, maximized, restored, activated/inactivated, closed, killed and more. Access cmdow here .

jNetMap Network monitoring

jNetMap helps you to keep an eye on you network. You can draw a graphical representation of your network, and jNetMap will periodically check if the devices are still up or a service is still running. You can also set up E-mail notifications or let jNetMap execute a script when a device goes down or comes up again. Additionally, you may attach notes to a device, initiate an RDP/VNC/SSH connection to a device and much more. Access jNetMap here .

Script Your Documentation Instantly

SYDI is a project aimed to help system administrators in getting started with their Network Documentation. It can document Windows Servers, MS SQL Servers, Exchange Organizations and Linux systems. Access SYDI here .

PuTTY Session Manager

PuTTY Session Manager is a tool that allows system administrators to organise their PuTTY sessions into folders and assign hotkeys to favourite sessions. Multiple sessions can be launched with one click. Requires MS Windows and the .NET 2.0 Runtime. Access Putty Session Manager here .

i-doit - CMDB and IT documentation

The CMDB is the central resource for IT administrators and managers.  Features CMDB ITIL IT Documentation Inventory Asset Management Infrastructure Planning Ticket System Cable Management Patch Management IP Address Management Virtual systems Cluster Storage Area Networks  Access i-doit here .

RoboCop RoboCopy

RoboCop RoboCopy is a GUI skin and script generator for Robocopy.exe (Win NT Resource Kit). RoboCop RoboCopy is unlike any other robocopy script generator available. What makes this one different? Well in a nut shell the ability to monitor the progress of the robocopy job. RoboCop RoboCopy allows for real time monitoring of all its running robocopy jobs with the inclusion of: Current speed in MBs, Completion time, & Real time progress bar indication. Access RoboCop RoboCopy here .

RackTables

Racktables is a nifty and robust solution for datacenter and server room asset management. It helps document hardware assets, network addresses, space in racks, networks configuration and much much more! Features: IPAM (IPv4/IPv6 address management) rackspace documentation full support of Unicode for user's data tags 802.1Q VLAN management permission control CWDM and DWDM channel grids pluggable (SFP, XFP, XENPAK...) transceivers neighbor discovery via CDP and LLDP integration with Cacti and Munin patch cables accounting Access Racktables here .

Your on-site PBX can kill your small business

As a small business owner be aware of the pros and cons of a site-based PBX versus a hosted PBX and how each solution addresses your requirements. Do you require flexibility to scale your business telecoms up and down and can you afford to be locked into a long-term contract? Perhaps your business is ultra-mature and you’re not considering offering your staff a hot-desking or telecommuting option. Read the article here . 

Step-by-Step Setup of ELK for NetFlow Analytics

ELK is a very open source, useful and efficient analytics platform, and we wanted to use it to consume flow analytics from a network. The reason we chose to go with ELK is that it can efficiently handle lots of data and it is open source and highly customizable for the user’s needs. The flows were exported by various hardware and virtual infrastructure devices in NetFlow v5 format. Then Logstash was responsible for processing and storing them in Elasticsearch. Kibana, in turn, was responsible for reporting on the data. Given that there were no complete guides on how to use NetFlow with ELK, below we present a step-by-step guide on how to set up ELK from scratch and enabled it to consume and display NetFlow v5 information.  Reference this guide here .

LDWin: Link Discovery for Windows

LDWin supports the following methods of link discovery: CDP - Cisco Discovery Protocol LLDP - Link Layer Discovery Protocol Download LDWin from here.

Voice over IP: Risks, Threats and Vulnerabilities

Refer here .

apu platform (low end pfsense hardware)

Refer here .

SuperServer 5018A-FTN4 (Device for pfSense - available from Pinnacle)

Refer here .

Dimension Data launches Data Centre Maturity Tool

Dimension Data launches Data Centre Maturity Tool

Mordac (from Dilbert) - The preventor of Informaton Services