Security for Network

Brian Kelsay bkelsay at comcast.net
Wed Oct 20 21:56:22 CDT 2004 

djgoku wrote:

> Today at work we are having problems with "Viruses/spyware/stuff" and
> I am wondering what I could setup in linux to say passive/active
> scanning a network for viruses/spyware/stuff. And stuff that looks for
> viruses/spyware/stuff trying to connect to ports it shouldn't be. A
> packet sniffer would probably be one thing, my I don't know enough
> about tcp/ip/udp/stuff to work it and understand what it is showing
> me. I guess I might have to start reading up on packet sniffing. So
> tools I think might be good ethereal, snort, nmap.

Just look at what IPCop has included.  They monitor for intrusion with 
Snort, NAT all connections to prevent direct machine connection unless 
the PC internal to the LAN initiated it, open/port forward only the 
ports you specifically open.

Since you mention viruses and spyware, you must be using Windows.  If 
you have a Linux mailserver, add ClamAV or Amavis or some commercial 
product, several anti-virus companies now support Linux on the Mail/File 
server.  On the Windows PC you should have some virus scanning product. 
  You could occasionally scan with AdAware by Lavasoft AND also use 
Spybot Seek & Destroy.  If you want active/constant scanning like 
antivirus software does, you have to pay for the Pro version.  If you 
have a big problem it may be worth it.  You may also want a local 
firewall like Zone Alarm.  If you are using XP, you could at the very 
least activate the on-board personal firewall.

To sniff traffic on the LAN you could also use Nessus on a Linux box. 
It is semi-complicated.  you have to put your NIC in promiscuous mode so 
it listens and logs all traffic.  You need at least 256 MB ram and a 
decent size disk to capture all the logs and packets.  Look at some of 
the tools avail. on Phlak, Knoppix-Std and INSERT Linux.

Start with the client PCs though and get them all clean first.  You may 
just need to lock down regular users so they can't install software, 
turn off Direct X and other stuff in the browser, get them Firefox and 
remove their desktop icon for IE.  This is how it starts.

----------------------------------------------
Somewhere there is a village missing an idiot.

More information about the Kclug mailing list