NMAP
Nmap is a tool used to scan networks and to detect hosts to detect security issues. It is used to gather information, enumerate the same and detect security vulnerability when performing penetration testing. Nmap can be used for several purposes in a networking organization by building a network mapping system used in monitoring. The Nmap can be used for several purposes, among them host and port discovery, detect the software versions, operating systems, and the hardware address as well as the vulnerability of the system and the security hole. Nmap is used to audit the security status of targeted devices. The audit is done through identifying networks made through or to it. It can also be used to identify open ports on a network host while planning an audit. Another use is to create a network inventory and mapping and managing network assets. It also identifies new servers and as a result determines the security of networks. The Nmap can also be used to establish the vulnerabilities of networks and help find solutions to prevent unauthorized access.
There are four possible output formats that can be provided by Nmap when reporting results. The formats include Interactive, Grepable, Normal and Script Kiddie. After the Nmap provides a report, the user can use text processing software to manipulate the output and customize the reports to what they want. During the interactive output, the output is presented in real time. The information comes out and is updated while the software command line runs. The interactive output helps the user to enter other options and facilitates monitoring the network hosts actively. In Grepable, the output follows a line oriented processing tool that has been fed into the system. In the normal, the output is provided in real time but there is not updating and user feedback, the files are saved for future use and reference. Lastly, script kiddie aims to make the process as interactive and amusing as possible. The formatting is done by replacing letters with the look alike numbers to manipulate the output.
Delegate your assignment to our experts and they will do the rest.
Secure Shell
The SSH is a cryptographic network protocol used for operating insecure networks in a secure manner. Within the network, the SSH establishes a secure channel which connects the remote client’s application with the SSH server. There are two main SSH specifications i.e. the SSH-1 and SSH-2. There are several SSH protocols and are used in different ways to command access to shell accounts. It is widely believed that the SSH was mainly built with the aim that they will provide a replacement to the Telnet and other unsecured shell protocols. Unlike the remote unsecured shell protocols, SSH does not send information in plain texts and thus is not susceptible to disclosure using packet analysis. Information such as passwords is very sensitive and need not be sent in plain text because an interception leads to compromise. SSH uses encryption to maintain the confidentiality of data and minimize chances of disclosure of sensitive information. Through encryption and maintenance of integrity, the SSH allows for sensitive data to be sent over unsecured networks such as the internet without a high risk of exposure. The remote computer using the SSH has to be authenticated using the public-key cryptography and in turn, the computer authenticates the user. Authentication can be both automated and manual and involve the generation of passwords to help users log on and access information or run commands. SSH can also be used to transfer files through the SSH file transfer and or secure copy protocols. To provide aces to the user, the client-server type of connection is established by the SSH and helps in solving connectivity problems in cloud computing. This helps in avoiding security issues that can expose the cloud-based machines. The SSH also has an SSH tunnel, a path that is secure over the internet and helps bypass many problems that would compromise a one's information once they log onto the internet.
MariaDB
MariaDB is a community-developed fork of the MySQL relational database management system. MariaDB was developed (forked) when there arose concerns over the Oracle Corporation’s acquisition of the MySQL software. MariaDB was created to provide a high compatibility with MySQL. The compatibility ensures that the binary equivalencies match the APIs and commands of My SQL. The MariaDB has XtraDB storage engine instead of the InnoDB found in MySQL. It also has Aria, a new storage engine which could is both transactional and non-transactional. MariaDB is named after the developer’s daughter Maria.
MariaDB runs in confinement once it is enabled. Running in confinement enhances the security of the server as an attacker who accesses it can only cause limited damage. MariaDB is confined using the SELinux policy which comes in different packages. The SELinux policy also provides the types through which commands are for MariaDB are run. The different types are important because they are flexible and enable one to choose the most suitable configuration access. Types provide access to the MariaDB main configuration file, the MariaDB database location, mysqld binary location, MariaDB logs and socket files.
MariaDB is installed with stored procedures that are invoked when the user clicks on the call button. Stored procedures can have input and output parameters and parameters that are a function for both the input and output. Stored procedures are important because they are more secure. The users of such information do not have direct access to tables and data which may lead to interference or distortion and loss of integrity. For example, banks use the stored procedures because clients can not easily access data which may lead to loss of confidence by the customers. Access to such information can also lead to theft and insecurity issues since confidential information would have leaked into the public domain.
Snort
Snort is a free and open source network intrusion prevention system (NIPS) and network intrusion detection system (NIDS). It was created by Martin Roesch and developed by Sourcefire. Snort boasts of its listing in the Hall of Fame as one of the greatest software for the open source of all time. The NIDS is able to perform the real-time traffic analysis (numbers logging onto and out) and packet loggings on internet Protocol networks. Other than the protocol analysis, Snort can also be used in content searching and matching. The analysis, searching, and matching enables the users to carry out the quality of service on the applications. The quality of service is used to prioritize the traffic especially when the appkicati0n in use are latency sensitive. The monitoring of the traffic can also help in the detection of attacks and probes on the network. The Snort program can detect the operating system fingerprinting attempts, gateway interface, overflows on the buffer, probes on the server message blocks and can also be used for the for scanning stealth ports.
There are several ways of configuring Snort namely the sniffer, packet loggers and detection of any network intrusion. The configuration allows the software provide output in different ways. In the Sniffer mode, the program reads network packets and displays the on the console. The packet logger enables the program to log packets onto the disk. Is can also be used to analyze and monitor a network against a defined set of rules created by the use. Finally, the program performs a task specific to the input made by the user.
Lamp
LAMP is a short form for the Linux operating system, the Apache HTTP Server, the MySQL relational database management system (RDBMS), and the PHP programming language. It is an archetypal web service stacks model. The LAMP components are largely interchangeable and are not restricted to the commonly used order. It is an important solution stack when it comes to the creation of dynamic websites and web applications. It has been used and adapted in many ways because of its typical free and open source software. Today, the LAMP is used to refer to the generic software stack model and become significantly common and popular. The popularity has grown over time because it is available at no costs and the flexibility provided by the developers, allowing the interchangeability of the components of the software. Another reason as to why the LAMP software is popular is because its ability to be used in conjunction with a load of other software. One Some of the software that is easily used by the LAMP include the Snort for intrusion detection and detection, netsniffing for security testing and enhancement. It is also easy to tailor the LAMP program to the desires of the user.
Lamp is used in getting web or network servers up and running. There are other variations of the software stack that are used to perform similar functions. For example, Wamp is used when the operating system is windows and not Linux. There is also MAMP for Macintosh and SAMP for Solaris operating systems. For one to have a functional LAMP, there is a need for them to have the four components in good. Usually, the MySQL database is required for the storage of data gathered by the LAMP and id it, therefore, important that one creates it before proceeding. After creating the database, the user can access it using a created PHP. Apart for the PHP language, LAMP can also use Python and Perl programming languages.
Apache
It is also known as the apache HTTP server. Apache is the most, common web server used by almost half of all the websites around the world. Apache was developed in the back of a stall of the work on NCSA code. It significantly influenced the growth of the World Wide Web (www) and has remained in the lead ahead of the NCSA HTTPd server. The advantage with Apache its ability to supports varieties of features. One of the features is the wide range of programming languages that can be used by the software. They include Perl, Python, Td and PHP. Apache also has loadable dynamics, it is highly scalable and supports millions of connections at ago, and real-time status view. The Multiple Processing Modules (MPM) allows for the implementation if several architectures. It can run in the process based, hybrid, and event hybrid modes which allow for a person to make a choice that meets their infrastructure. However, it is important for the users to choose the correct MPM and match it with a correct configuration to get optimum and best results. If not carefully chosen, the results may not be as desirable because of the problems with server issues and speed. Apache is naturally designed to prevent and reduce latency and increasing throughputs. Reduction of latency means that the server is able to handle as many requests as possible within the shortest time possible.
Apache uses the firewall or other operating system configurations for security. The operating system configurations have the ability to restrict malware and other risky attacks from accessing the computer and getting critical information that may lead to losses. The OS programs can also limit a computer from accessing too many pages at a go to help prevent cases of simple attacks.
Open Source Tripwire (OST)
Open Source Tripwire, as it is commonly known, is a tool used to enhance software security and data integrity. It is used to monitor files on a range of systems and reports in case there is a change in any of the files under monitoring. It functions as a host-based intrusion detection system and detects changes to file system objects. OST is different from other open source security software because it is not used to detect intrusion at the system network level but at the in the system files. The OTS, runs scans are commanded by the user (administrator) and stores the information on scanned files in a database. Another scan can be run at a later date and the results compared to the previous information to determine if there have been any changes in the files. The changes are then provided to the user in a report. OTS uses cryptographic hashes to detect changes in files and storing the changes instead of storing all the file contents.
By informing the users of nay changed, corrupted or damaged files, OTS help managers, and administrators put mechanisms in place to control the damages in time. The OTS is used to prevent cyber-attacks, heinous destruction of information and files, and breaches in data. The Software is laden with integrated security controls that help in detecting assets, improve configurations and identify vulnerabilities and threats to the systems and databases. It is the function of the administrator to ensure that they check and monitor the reports from the OTS from time to time to see if there is any change and effectively find a solution. The advantage of the OTS its ability to work on its own once the first scan has been set. One does not have to redo the entire procedures each time they need a report but just pick one from the ones already there for comparison.
Barnyard
Barnyard is basically the reader of Snort’s outputs. Snort is an important monitoring tool but for small networks. There is a need for an output reader for snort if it has to run at full speed. Barnyard was written to take off some duties (reading the outputs) from Snort to enhance its ultimate performance. After receiving and reading the outputs, Barnyard sends the information to the MySQL and ProgressSQL. It is considered Snort’s unified output format because of its ability to handle larger amounts of output and sending them to similar storage databases except for Oracle and ODBC outputs. The user needs to configure Snort to ensure that the input and log information are synchronized with Barnyard such so that both software can read the information. The user then configures the Barnyard software so that it runs in the background each time Snort is activated. Configuration is done to create packets that can be read by the Snort interface, and this makes Snort to detect the presence of Barnyard. Snort will now send the outputs of its scan to the Barnyard which reads them and sends them to the desired database. Snort’s function is decoupled in that it now runs the scans or detections only, making it run faster than when it scans and reads the outputs simultaneously.
Barnyard runs only one type of a unified log, i.e. alert or log, at a time. However, for a person who wants to simultaneously have alert and log outputs, they will have to run Barnyard instances for both. After that, the user then determines where the data (alert or log outputs) is to be sent by Barnyard (database choice). They can use the fast_alert.log or ascii.log plug-ins for Snort’s fast alert mode or Barnyard’s generated ASCII packet dumps respectively. Alternatively, the alert and log data can be sent to the SNORT MySQL database.
Mutt
Mutt is an open source email client written for Linux or UNIX environments. Today, Mutt has become commonly used by the many people because of its support for a variety of protocols. Some of the protocols include IMAP, POP3, and SMTP, its ability to integrate with other protocols such as S/MIME and GPG, its threaded conversation and color coding and many other features. Another feature that makes Mutt common and likable is its lightweight characteristics. It being lightweight makes it a better alternative for mailing as compared bulky web browser emails like Yahoo and Gmail and GUI-based clients like Thunderbird and MS Outlook. However, Mutt password credentials are always stored in plain text raising security concerns for the users. There is a way to encrypt Mutt configuration so that such risks are taken care of and there is no chance for one to compromise access the data and use it by dubious means. One can configure the Mutt sensitive data using the GPG, an open-source implementation of OpenPGP. They have to create the GPG key. Once the key has been created, the sensitive mutt configuration is encrypted by creating a new text file in the mutt directory and the public key. The full mutt configuration can then be encrypted to make the information safe and protect it from access by any unauthorized persons. The encryption totally secures the data carried by mutt and protects it from access by attackers who mind intercept emails. Mutt remains one of the best emails reading software although today, it has been used for other reasons such as sending and retrieving emails, especially with the built in of IMAP, POP3, and SMTP packages.
Lynx
Lynx is a software that works as an operating system. It is a real-time operating system that is compatible with UNIX and is POSIX-compliant. The latest version (7.0) is embedded with security features to prevent security issues from happening other than trying to solve them once they have happened. It is a protective and not a curative type of software. Lynx seeks to solve the networking problems by preventing them, to stop them before they occur. The security provided by the Lynx software can be employed in user accessible and machine to machine based devices. Lynx provides one of the unmatched secure capabilities because of the combination of the separation kernel technology and virtualization. One can safely use the Lynx OS on embedded, desktop or server platforms. Apart from its unmatched security features, Lynx is also very flexible and suitable for users who like accessing many platforms at the same time. It is also a technology that can be used to equip other developers with software and hardware resources to build stronger Operating Systems based systems. The Lynx inbuilt security system is considered a solution to the present day malicious internet and software security issues. It can be sued to protect critical infrastructure in large companies and governmental departments by separating sensitive information from key attach points denying infiltrators a chance to lay their hands on such information.
Lynx also provides certified avionics RTOS solutions based on open standards such as POSIX, ARINC, and FACE that allow reusability of certified code and systems. The security provided by the standards remains credible even when reusing them. By recycling the certified codes and systems, there is significant resource utilization as it is cheaper compared to when the companies or organizations would have had to get new ones after their expiry.
