Cyber Security File

Install and study chkrootkit security audit toolHere is a quick guide on how to install chkrootkit, this tool scans your server for any trace of a rootkit breach. More infor on chkrootkit is available here: http://www.chkrootkit.org

1. SSH to your server then su- to root (see previous post on how to disable direct root login)

2. Down load the chkrootkit by typing: wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz

3. Unpack the chkrootkit you just downloaded by typing: tar -xvzf chkrootkit.tar.gz

4. Change to new directory by typing: cd chkrootkit*

5. Compile chkrootkit type: make sense

6. Before we schedule cron run chkrootkit and scan your server by typing: ./chkrootkit

7. Once run you may see the following false positive: "Checking `bindshell'... INFECTED (PORTS: 465)", this is normal and is not an infection.

8. Get the current location of the chkrootkit folder, type & take a note of the location: pwd

8. Lets setup a cron job, type: pico /etc/cron.daily/chkrootkit.sh

9. Enter the following information, remember to change /filepath/ with the pwd output, change Servername to your server name and [email protected] to an email address:

#!/bin/bash cd /filepath/./chkrootkit | mail -s "Daily chkrootkit from Servername" [email protected]

10. Exit and save the file by pressing: CTRL & X then type Y

11. We need to change the cron file permissions by typing: chmod 755 /etc/cron.daily/chkrootkit.sh

12. Your chkrootkit scan will now run daily, to test simply cd to /etc/cron.daily and run ./chkrootkit.sh

Install and study Nessus network vulnerability audit toolNessus is one of the best vulnerability scanners out there and works on all major platforms. If you care about the security of the network then you should take a proactive mindset to defend from possible attacks. This is a guide on how to install Nessus the client and server on Ubuntu Linux, no explanation on how to use Nessus is given (sorry). The steps are similar for other Linux distributions (adapt), the major difference is that in this tutorial I use apt-get to install Nessus.

Nessus installationStart by installing Nessus client and server which are required to have a functional Nessus installation. Do not worry about creating certificates the installation automatically takes care of that.sudo apt-get install nessusd nessus nessus-pluginsNew user configurationBefore we can start using Nessus its required that you create a new user for Nessus. sudo nessus-adduserIn a multi-user environment you might want to add some restrictions on what the users can do. In this occasion I do not want any restrictions on what Nessus can do.Provide a username and password.Add a new nessusd user----------------------

Login : (my_nessus_username)Authentication (pass/cert) [pass] : (press_enter_to_use_a_password)Login password : (provide_a_password_for_the_username)Login password (again) : (confirm_the_password)I recommend you do not place any restrictions on what the new Nessus user can do, hit Ctrl + D. Then you will be asked to confirm the given user information by pressing y.User rules----------nessusd has a rules system which allows you to restrict the hoststhat user_name has the right to test. For instance, you may wanthim to be able to scan his own host only.

Please see the nessus-adduser(8) man page for the rules syntax

Enter the rules for this user, and hit ctrl-D once you are done : (the user can have an empty rules set)

Login : my_nessus_usernamePassword : ***********DN : Rules :

Is that ok ? (y/n) [y] yuser added.Now Nessus has a user to work with, lets start Nessus.sudo /etc/init.d/nessusd startYou can launch Nessus from Applications > Internet > Nessus.

Use Nmap port scanner to scan remote machinePort scanning is a technique used to determine the states of network ports on a host and to map out hosts on a network. In this article, Ill go over the very basics of port scanning with the NMAP tool.NMAP OverviewPort States NMAP will categorize ports as being in one of the following states: Open The port is accepting TCP connections and UDP packets. This means that an application is running that is using this port. Closed The port responds to NMAP probe requests but no application is using this port Filtered The port state cannot be determined because packet filters prevent NMAP probes from reaching the port Unfiltered The port is accessible but NMAP cannot determine if it is open or closed Open | Filtered NMAP cannot determine if the port is open or filtered Closed | Filtered NMAP cannot determine if the port is closed or filteredPort Scanning TechniquesNMAP supports different methods of port scanning. These methods are called scan techniques. Each technique is tailored to solving a specific problem. Often times you will have to run several scans using different techniques in order to get a more complete picture of the host(s) you are scanning. TCP SYN scan (-sS) Can be performed on many thousands of hosts very quickly on a fast network with no firewalls. It starts to open a connection by sending a SYN packet, but it never finishes the connection. The response from this packet is used to determine the port status: 1. A SYN'ACK response indicates that the port is open and listening2. A RST response indicates that the port is closed3. A no response or ICMP unreachable error will result in the port being marked as filteredTCP SYN scans are difficult to detect since a connection is never actually opened. This scan type uses RAW sockets and requires root access under UNIX. This is the default scan. TCP connect scan (-sT) Uses the OS to establish a TCP connection to the host. This scan type is slower and has more overhead than a SYN scan. A TCP connect scan is the default when a SYN scan (RAW sockets) is not possible. UDP scan (-sU) Sends a data less UDP header to every specified port. The response from this header is used to determine the UDP port status: 1. An ICMP Unreachable error response indicates that the port is closed2. Other ICMP errors indicate that the port is filtered3. UDP bases services (DHCP, DNS and SNMP) may respond. This indicates that the port is open.4. If after several attempts of communication no response is received, the port will be marked as open|filtered. This could mean that packet filtering may be blocking communication with an otherwise open port. The version detection option (-sV) may be used in order to determine if ports marked as open|filter are actually open.UDP port scanning may be done at the same time as TCP port scanning in order to speed up the process. Custom TCP scan (--scanflags) - Custom scans allow advanced users to create a scan type tailored to specific needs. This is useful to create scans that will less likely be detected by intrusion detection systems. IP protocol scan (-sO) This scan scans a host for the protocols it supports by cycling through the 8 bit protocol header of an IP packet.NMAP offers the following additional scans. I list them here for completeness, but will not discuss them further. TCP Null, FIN and Xmas scans Uses a loophole in TCP RFC to determine if a port is open or closed. TCP ACK scan Used to map firewall rulesets. It cannot tell between open and closed ports. TCP Window scan Used to map firewall rulesets. It can tell between open and closed ports depending on the host being scanned. TCP Maimon scan Similar to the TCP Null, Fin and Xmas scans but exploits a slightly different TCP stack implementation detail specific to many BSD systems. Idlescan Scans hosts using packets with a falsified ip address such that the scan appears to originate from another host. FTP bounce scan Scans for ftp servers configured as ftp proxies.Installing NMAPNMAP is an open source application and may be downloaded for free from insecure.org. Installation is straight forward. To install on Windows using the executable package:1. Double click the installer file2. Click the I Agree button to accept the licensing terms 3. Accept the defaults on the Choose Components dialog box. Click the Next button. 4. Choose an installation directory (or accept the default). Click the Install button. 5. Installation of NMAP will proceed. 6. Winpcap is required component of NMAP. Its installation will start during the install if NMAP. Read the license agreement and click the I Agree button. 7. Select an installation directory (or accept the default). Click the Install button. 8. The installation of Winpcap will now proceed. Click the Close button on the Winpcap completed dialog box. 9. Click the Close button on the NMAP completed dialog box. Running NMAP on WindowsLaunching NMAPNMAP does not have GUI under windows and must be run from the command line.

NMAP Example Scan 1This is a scan of all port on my laptop (running Windows XP sp2) from a Windows Server 2003 sp1 machine. Each of the interfaces on my laptop are fire walled. NMAP is using a SYN scan, so it reports that all ports scanned are filtered.Options used: -v for increased verbosity -A for os and software version detection -p1-65535 to set the range of ports to scanNotice that this scan took almost an hour to scan all ports on one host. This scan would take considerably longer if a TCP connect scan were used.Also notice that at least one open and one closed port are required in order for OS version detection to work reliably.Finally, vv may be used for even more detailed output reporting.C:'Documents and Settings'Administrator>Nmap -v -A -p1-65535 192.168.1.124

Starting Nmap 4.20 ( http://insecure.org ) at 2007-04-23 22:04 Central America Standard TimeInitiating ARP Ping Scan at 22:04Scanning 192.168.1.124 [1 port]Completed ARP Ping Scan at 22:04, 0.17s elapsed (1 total hosts)Initiating Parallel DNS resolution of 1 host. at 22:04Completed Parallel DNS resolution of 1 host. at 22:04, 0.03s elapsedInitiating SYN Stealth Scan at 22:04Scanning 192.168.1.124 [65535 ports]SYN Stealth Scan Timing: About 2.04% done; ETC: 22:29 (0:23:58 remaining)SYN Stealth Scan Timing: About 58.48% done; ETC: 22:46 (0:17:26 remaining)SYN Stealth Scan Timing: About 88.44% done; ETC: 22:52 (0:05:29 remaining)SYN Stealth Scan Timing: About 96.95% done; ETC: 22:54 (0:01:30 remaining)Completed SYN Stealth Scan at 22:54, 2951.77s elapsed (65535 total ports)Initiating Service scan at 22:54Warning: OS detection for 192.168.1.124 will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP portInitiating OS detection (try #1) against 192.168.1.124Host 192.168.1.124 appears to be up ... good.All 65535 scanned ports on 192.168.1.124 are filteredMAC Address: 00:16:41:17:9D:B1 (USI)Too many fingerprints match this host to give specific OS detailsNetwork Distance: 1 hop

OS and Service detection performed. Please report any incorrect results at http://insecure.org/Nmap/submit/ .Nmap finished: 1 IP address (1 host up) scanned in 2976.652 seconds Raw packets sent: 131095 (5.770MB) | Rcvd: 1 (42B)NMAP Example Scan 2This is a TCP connect scan of all ports on my laptop from a Windows 2003 Server SP1 machine. Again all ports are filtered. This scan took almost two hours to complete.Options used: -v for increased verbosity -sT for a TCP connect scan -p1-65535 to specify the port rage from 1 to 65535 (all tcp ports) C:'WINDOWS'system32'drivers'etc>Nmap -sT -p1-65535 192.168.1.124

Starting Nmap 4.20 ( http://insecure.org ) at 2007-04-24 00:39 Central America Standard TimeAll 65535 scanned ports on 192.168.1.124 are filteredMAC Address: 00:16:41:17:9D:B1 (USI)

Nmap finished: 1 IP address (1 host up) scanned in 6925.996 seconds

Install a proxy server and scan the user activitiesSquid - Proxy ServerSquid is a full-featured web proxy cache server application which provides proxy and cache services for Hyper Text Transport Protocol (HTTP), File Transfer Protocol (FTP), and other popular network protocols. Squid can implement caching and proxying of Secure Sockets Layer (SSL) requests and caching of Domain Name Server (DNS) lookups, and perform transparent caching. Squid also supports a wide variety of caching protocols, such as Internet Cache Protocol, (ICP) the Hyper Text Caching Protocol, (HTCP) the Cache Array Routing Protocol (CARP), and the Web Cache Coordination Protocol. (WCCP) The Squid proxy cache server is an excellent solution to a variety of proxy and caching server needs, and scales from the branch office to enterprise level networks while providing extensive, granular access control mechanisms and monitoring of critical parameters via the Simple Network Management Protocol (SNMP). When selecting a computer system for use as a dedicated Squid proxy, or caching servers, ensure your system is configured with a large amount of physical memory, as Squid maintains an in-memory cache for increased performance. InstallationAt a terminal prompt, enter the following command to install the Squid server: sudo apt-get install squidConfigurationSquid is configured by editing the directives contained within the /etc/squid/squid.conf configuration file. The following examples illustrate some of the directives which may be modified to affect the behavior of the Squid server. For more in-depth configuration of Squid, see the References section.

Prior to editing the configuration file, you should make a copy of the original file and protect it from writing so you will have the original settings as a reference, and to re-use as necessary. Copy the /etc/squid/squid.conf file and protect it from writing with the following commands entered at a terminal prompt:

sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.originalsudo chmod a-w /etc/squid/squid.conf.original To set your Squid server to listen on TCP port 8888 instead of the default TCP port 3128, change the http_port directive as such: http_port 8888 Change the visible_hostname directive in order to give the Squid server a specific hostname. This hostname does not necessarily need to be the computer's hostname. In this example it is set to weezie visible_hostname weezie Again, Using Squid's access control, you may configure use of Internet services proxied by Squid to be available only users with certain Internet Protocol (IP) addresses. For example, we will illustrate access by users of the 192.168.42.0/24 subnetwork only: Add the following to the bottom of the ACL section of your /etc/squid/squid.conf file: acl fortytwo_network src 192.168.42.0/24Then, add the following to the top of the http_access section of your /etc/squid/squid.conf file: http_access allow fortytwo_network Using the excellent access control features of Squid, you may configure use of Internet services proxied by Squid to be available only during normal business hours. For example, we'll illustrate access by employees of a business which is operating between 9:00AM and 5:00PM, Monday through Friday, and which uses the 10.1.42.0/42 subnetwork: Add the following to the bottom of the ACL section of your /etc/squid/squid.conf file: acl biz_network src 10.1.42.0/24acl biz_hours time M T W T F 9:00-17:00Then, add the following to the top of the http_access section of your /etc/squid/squid.conf file: http_access allow biz_network biz_hours

After making changes to the /etc/squid/squid.conf file, save the file and restart the squid server application to effect the changes using the following command entered at a terminal prompt:

sudo /etc/init.d/squid restart

Write a program to hide text data in image file(Steganography)If youre looking to hide files on your PC hard drive, you may have read about ways to encrypt folders or change the attributes on a file so that they cannot be accessed by prying eyes. However, a lot of times hiding files or folders in that way requires that you install some sort of software on your computer, which could then be spotted by someone else.Ive actually written quite a few articles on how you can hide files and folders in Windows XP and Vista before, but here Im going to show you a new way to hide files that is very counter-intuitive and therefore pretty safe! Using a simple trick in Windows, you can actually hide a file inside of the JPG picture file!You can actually hide any type of file inside of an image file, including txt, exe, mp3, avi, or whatever else. Not only that, you can actually store many files inside of single JPG file, not just one! This can come in very handy if you need to hide files and dont want to bother with encryption and all that other technical stuff.Hide File in PictureIn order to accomplish this task, you will need to have either WinZip or WinRAR installed on your computer. You can download either of these two off the Internet and use them without having to pay anything. Here are the steps for creating your hidden stash: Create a folder on your hard drive, i.e. C:\Test and put in all of the files that you want to hide into that folder. Also, place the image that you will be using to hide the files in.

Now select all of the files that you want to hide, right-click on them, and choose the option to add them to a compressed ZIP or RAR file. Only select the files you want to hide, not the picture. Name it whatever you want, i,e. Hidden.rar.

Now you should have a folder that looks something like this with files, a JPG image, and a compressed archive:

Now heres the fun part! Click on Start, and then click on Run. Type in CMD without the quotes and press Enter. You should now see the command prompt window open. Type in CD \ to get to the root directory. Then type CD and the directory name that you created, i.e. CD Test.

Now type in the following line: copy /b DSC06578.JPG + Hidden.rar DSC06578.jpg and press Enter. Do not use the quotes. You should get a response like below:

Just make sure that you check the file extension on the compressed file, whether it is .ZIP or .RAR as you have to type out the entire file name with extension in the command. I have heard that some people say that they have had problems doing this with a .ZIP extension, so if that doesnt work, make sure to compress to a .RAR file.And thats it! The picture file will have been updated with the compressed archive inside! You can actually check the file size of the picture and see that it has increased by the same amount as the size of the archive.You can access your hidden file in two ways. Firstly, simply change the extension to .RAR and open the file using WinRAR. Secondly, you can just right-click on the JPG image and choose Open With and then scroll down to WinRAR. Either way, youll see your hidden files show up that you can then extract out.

Thats it! That is all it takes to hide files inside JPG picture files! Its a great way simply because not many people know its possible and no one even thinks about a picture as having to the ability to hide files. Write a program to implement RSA algorithmRSA Algorithm /* C program for the Implementation Of RSA Algorithm */

#include< stdio.h>#include< conio.h>

int phi,M,n,e,d,C,FLAG;

int check(){int i;for(i=3;e%i==0 && phi%i==0;i+2){FLAG = 1;return;}FLAG = 0;}

void encrypt(){int i;C = 1;for(i=0;i< e;i++)C=C*M%n;C = C%n;printf("\n\tEncrypted keyword : %d",C);}

void decrypt(){int i;M = 1;for(i=0;i< d;i++)M=M*C%n;M = M%n;printf("\n\tDecrypted keyword : %d",M);}

void main(){int p,q,s;clrscr();printf("Enter Two Relatively Prime Numbers\t: ");scanf("%d%d",&p,&q);n = p*q;phi=(p-1)*(q-1);printf("\n\tF(n)\t= %d",phi);do{printf("\n\nEnter e\t: ");scanf("%d",&e);check();}while(FLAG==1);d = 1;do{s = (d*e)%phi;d++;}while(s!=1);d = d-1;printf("\n\tPublic Key\t: {%d,%d}",e,n);printf("\n\tPrivate Key\t: {%d,%d}",d,n);printf("\n\nEnter The Plain Text\t: ");scanf("%d",&M);encrypt();printf("\n\nEnter the Cipher text\t: ");scanf("%d",&C);decrypt();getch();}

/*************** OUTPUT *****************

Enter Two Relatively Prime Numbers : 7 17

F(n) = 96

Enter e : 5 Public Key : {5,119}Private Key : {77,119}Enter The Plain Text : 19Encrypted keyword : 66Enter the Cipher text : 66

Install wireless Intrusion Detection System (WIDZ) and detectattacks on Wireless network 802.11The WIDS software can be installed in standalone mode or in networked mode. This document contains information about setting up and running WIDS 7.5 in networked mode. There are prerequisites for running WIDS 7.5 from a network:1. Each WIDS user must have a network home directory a personal folder unique to that network user. 2. This folder must be mapped as a drive letter, e.g. 'H'. 3. This same mapped drive letter must be common to all the WIDS users. The WIDS 7.5 network installation consists of the following four steps. A. Install the software to the network. B. Edit the .ini files in preparation for the client installations. C. Conduct the client installations. D. Test the software. A. Install WIDS to the network 1. Create a Wids7 application folder on a network drive, e.g. M:\Wids72. Install the WIDS software to this application folder. The WIDS 7.5 program file and its auxiliary files are copied into this network application folder. The system files needed by WIDS 7.5 install to the workstation, not to the network server. 3. Copy the Setup.exe and Custdata.ini files from the WIDS installation CD-ROM to the WIDS application folder on the network. 4. Grant WIDS users with read, file scan, write, create,modify, and delete privileges to the application folderand all the files and subfolders it contains. 5. Download and install the latest WIDS software updates from the WIDS website:http://www.wids.org/utility_content.asp?id=22&groupid=4You can run the update program directly from the website. Install the update to the central WIDS application folder on the network. B. Edit the .ini files in preparation for the client installations 1. Using a standard text editor such as Notepad or WordPad, edit the Custdata.ini file that you copied from the installation CD to the WIDS application folder. Modify the Clientand AppPathlines of the Custdata.ini file as follows: Client=1 AppPath=M:\Wids7 The Client=1value tells the installation program to omit the installation of the WIDS files already present in the WIDS network application folder. The installation program simply installs and registers the system files necessary for running the WIDS software on the clientworkstation. The AppPath value is used for the creation of the WIDS shortcut icons. Substitute M:\Wids7with the valid pathname ofyour WIDS application folder. 2. Edit the UserPathline in the Wids.ini file found in the WIDS application folder. UserPath=H:\Wids7 The drive H:is an arbitrary example. The letter 'H' should be replaced with whatever drive letter is mapped asa personal network drive for the WIDS users. Option: If you want to point the users to a common location for saving WIDS project files, you can edit the SavePathline in the Wids.ini file as follows: SavePath=M:\WIDS Project FilesSubstitute M:\WIDS Project Fileswith a valid pathname of your choice. C. Conduct the client installationsA streamlined client installation mustbe performed on each WIDS workstation to install and register the system files necessary to run WIDS on the client workstation. The application shortcut icons are created for the workstation. The installation process understands this isa client installation because of the Client=1value you indicated inthe Custdata.ini file. D. Test the software Testing the network installation is a crucial step. Its possible to load WIDS on a network, run it froma workstation, and have everything seem OK, when actually WIDS is running in single-user mode. Its important to test the software from two workstations, loggingon as two different WIDS users. 1. Start WIDS from a workstation. 2. Choose the Learning Design option on the opening screen. The Open Project dialog box appears. 3. Open a project from the \Samples subfolder located under the application folder. The Learning Design flowchart appears. 4. Explore the software, checking to see if any error messages arise. If you receive any error messages, please check the user rights to the network application folder and check the wids.ini settings for the correct UserPathvalue. 5. Log onto a second workstation as a different WIDS user. 6. Start WIDS. On the opening screen,the bottom menu choice should indicate that there is no project to recover. 7. Repeat steps 2-3. Create VPN using IPSEC toolInstalling IPSec ToolsThe IPsec-Tools software started as a port of the KAME IPsec utilities to the Linux platform. The most important component of this software is an advanced Internet Key Exchange daemon that can be used to automatically key IPsec connections. For our test environment, we require version 0.7 or later which will need to be download and compiled manually. To obtain the download url for the latest version of the IPsec Tools source code archive, please visit the IPsec Tools Source Forge Web Page.

Fedora Core 6

Fedora Core 6 will have an older version of IPsec Tools already installed. Before a new version can be installed, you will need to remove the existing version. To lookup the name of the installed package, use the rpm and grep utilities as shown below:

rpm -qa | grep ipsec-tools

In this example, the ipsec-tools-0.6.5-6 package is currently installed. To remove the package, use the rpm utility as shown below:

rpm -e ipsec-tools-0.6.5-6

Once you have uploaded the latest stable IPsec Tools source code archive to the Gateway, you can extract the distribution using the tar utility as shown below:

tar zxvf

Note: If you downloaded a bzip archive instead of a gzip archive, use jxvf instead of zxvf with the tar command.

Next, change to the newly created directory as shown below:

cd

Before compiling the software, the configure script needs to be used to set some compile parameters and enable some advanced options. To view a list of all available options, execute the configure script with the --help switch as shown below:

./configure --help

The default install prefix for ipsec tools is /usr/local. Because Linux typically installs software in /usr and expects configuration files to exist under /etc, you will need to add some extra options to cope with these differences. The other options shown below are to enable XAuth, Dead Peer Detection, IKE Fragmentation and NAT Traversal support. Execute the configure script as shown below:./configure --prefix=/usr --sysconfdir=/etc/racoon --enable-hybrid --enable-frag --enable-dpd --enable-natt

To compile and install the software, use the make command as shown below:

makemake install

FreeBSD 6.2

Once you have uploaded the latest stable IPsec Tools source code archive to the Gateway, you can extract the distribution using the tar utility as shown below:

tar zxvf

Note: If you downloaded a bzip archive instead of a gzip archive, use jxvf instead of zxvf with the tar command.

Next, change to the newly created directory as shown below:

cd

Before compiling the software, the configure script needs to be used to set some compile parameters and enable some advanced options. To view a list of all available options, execute the configure script with the --help switch as shown below:

./configure --help

The default install prefix for ipsec tools is /usr/local. This is the normal location for add-on software in FreeBSD so you won't need any extra options to deal with this. The other options shown below are to enable XAuth, Dead Peer Detection, IKE Fragmentation and NAT Traversal support. Execute the configure script as shown below:

./configure --sysconfdir=/usr/local/etc/racoon --enable-hybrid --enable-frag --enable-dpd --enable-natt

Note: The last option line is only valid if the NAT Traversal kernel patch was applied

To compile and install the software, use the make command as shown below:

makemake install

NetBSD 3.1

Once you have uploaded the latest stable IPsec Tools source code archive to the Gateway, you can extract the distribution using the tar utility as shown below:

tar zxvf

Note: If you downloaded a bzip archive instead of a gzip archive, use jxvf instead of zxvf with the tar command.

Next, change to the newly created directory as shown below:

cd

Before compiling the software, the configure script needs to be used to set some compile parameters and enable some advanced options. To view a list of all available options, execute the configure script with the --help switch as shown below:

./configure --help

The default install prefix for ipsec tools is /usr/local. NetBSD ships with an older version of ipsec tools installed in the /usr prefix and expects configuration files to exist under /etc. If you choose to overwrite the current version you will need to add some extra options to cope with these differences. You may choose to install the new version of ipsec tools in a different prefix but there may be issues associated with having multiple library versions installed in different paths. The other options shown below are to enable XAuth, Dead Peer Detection, IKE Fragmentation and NAT Traversal support. To overwrite the existing version, execute the configure script as shown below:

./configure --prefix=/usr --sysconfdir=/etc/racoon --enable-hybrid --enable-frag --enable-dpd --enable-natt

To compile and install the software, use the make command as shown below:

makemake install

Install and study PGP using Mozilla ThunderbirdInstalling PGP on WindowsTo complicate matters a little - PGP is the protocol used for encrypting e-mail by various softwares. To get PGP to work with Thunderbird we need to install GPG - a free software implementation of PGP and Enigmail - an extension of Thunderbird that allows you to use GPG... Confused?! Don't worry about it, all you have to know is how to encrypt your email with PGP and you need to install both GPG and Enigmail. Here is how to do it...Installing PGP (GPG) on Microsoft WindowsThe GNU Privacy Guard (GnuPG) is software which is required to send PGP encrypted or signed emails. It is necessary to install this software before being able to do any encryption.Head to the website of the Gpg4win project. Go to http://gpg4win.org/On the left side of the website, you will find a 'Download' link. Click on it.This will take you to a page where you can download the Gpg4Win. Click on the button which offers you the latest stable version (not beta) of Gpg4Win.

This will download you an .exe file. Depending on your browser, you may have to double-click on this downloaded file (which will be called something like gpg4qin-2.1.0.exe) before something happens. Windows will ask you if you are sure you want to install this program. Answer yes.Then complete the installation by agreeing to the license, choosing appropriate language and accepting the default options by clicking 'Next', unless you have a particular reason not to.The installer will ask you where to put the application on your computer. The default setting should be fine but make a note of it as we may need this later. Click on 'Next' when you agree.Installing with the Enigmail extensionAfter you have successfully installed the PGP software as we described above you are now ready to install the Enigmail add-on.Enigmail is a Thunderbird add-on that lets you protect the privacy of your email conversations. Enigmail is simply an interface that lets you use PGP encryption from within Thunderbird.Enigmail is based on public-key cryptography. In this method, each individual must generate her/his own personal key pair. The first key is known as the private key. It is protected by a password or passphrase, guarded and never shared with anyone.The second key is known as the public key. This key can be shared with any of your correspondents. Once you have a correspondent's public key you can begin sending encrypted e-mails to this person. Only she will be able to decrypt and read your emails, because she is the only person who has access to the matching private key.Similarly, if you send a copy of your own public key to your e-mail contacts and keep the matching private key secret, only you will be able to read encrypted messages from those contacts.Enigmail also lets you attach digital signatures to your messages. The recipient of your message who has a genuine copy of your public key will be able to verify that the e-mail comes from you, and that its content was not tampered with on the way. Similarly, if you have a correspondent's public key, you can verify the digital signatures on her messages.Installation stepsTo begin installing Enigmail, perform the following steps:Step 1. Open Thunderbird, then Select Tools > Add-ons to activate the Add-ons window; the Add-ons window will appear with the default Get Add-ons pane enabled.Step 2. Enter enigmail in the search bar, like below, and click on the search icon.

Step 3. Simply click on the 'Add to Thunderbird' button to start the installation.Step 4. Thunderbird will ask you if you are certain you want to install this add-on. We trust this application so we should click on the 'Install now' button.

Step 5. After some time the installation should be completed and the following window should appear. Please click on the 'Restart Thunderbird' button.

Install SNORT and study its different security features.Installing SnortQuick Note on OSFor the installation of Snort, we are going to use Ubuntu 10.04, 32 bit. I don't personally use Ubuntu often, but anyone reading this tutorial is more likely to use Ubuntu for their Linux variant and I want people to be comfortable with their OS. This is important for troubleshooting issues and for ensuring their deployments stay secure. How many Windows Server Admins out there deploy a Linux box for one specific purpose and never keep up-to-date with patches? I've seen too many and I know a younger me was caught in this trap...Other Operating SystemsCheck out Snort's website for other operating systems: http://www.snort.org/docs . Do realize that these guides are not written with the intent of installing Snorby as the front-end. Those documents are still stuck in the days of BASE, so ignore that part if you want Snorby.Installation MethodsThere are two methods to install Snort on Ubuntu: with apt or from source. The easiest method is through apt-get. Using apt, you will lose some functionality and you are at the mercy of the repository and package managers. If Snort releases a new version, you must wait until the package manager updates the package and puts it in the apt repository. The preferred method is compiling from source, but some users may feel uncomfortable with that method.Important note on Database SchemaDO NOT run any script that creates a database schema for snort other than rake snorby:setup. The rake command creates the database schema for you. Snorby creates the fields required by Snort; however, Snorby creates additional fields that are needed.Installing with apt-getTo begin, you'll need root-level access. Issue the following command:sudo apt-get install snortYou should see the following prompt:Reading package lists... DoneBuilding dependency tree Reading state information... DoneThe following extra packages will be installed: libprelude2 oinkmaster snort-common snort-common-libraries snort-rules-defaultSuggested packages: snort-docThe following NEW packages will be installed: libprelude2 oinkmaster snort snort-common snort-common-libraries snort-rules-default0 upgraded, 6 newly installed, 0 to remove and 194 not upgraded.Need to get 1,740 kB of archives.After this operation, 10.4 MB of additional disk space will be used.Do you want to continue [Y/n]?Input "Y" and hit Enter. Grab some coffee or a smoke. Right now, it is downloading snort and it's dependencies. When you return, hopefully you see the screen "Configuring snort". It is now asking you for your home network IP address range. Typically this will be one or more of the following: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/26. If you do not know, it is probably safest to enter: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/26Hit your Enter key and Snort will finish installing. To verify Snort is running, enter the following at the command prompt: ps aux | grep snort | grep -v grepIf you see output containing "/usr/sbin/snort", you have Snort installed!! Continue with Installing Snory. ## Compiling from Source A good guide for Ubuntu installing is located on Snort's website [reference: http://www.snort.org/assets/158/011-snortinstallguide2905.pdf]. This guide follows along with their work. Download Snort from: http://www.snort.org/snort-downloads. It should come with the file extension ".tar.gz". We need to uncompress this and install it: tar-zxvfsnort2.9.0.5.tar.gzcdsnort-2.9.0.5/sudo./configureprefix=/usr/local/snort--enable-ipv6--enable-gre\--enable-mpls--enable-targetbased--enable-decoder-preprocessor-rules\--enable-ppm--enable-perfprofiling--enable-zlib--enable-active-response\--enable-normalizer--enable-reload--enable-react--enable-flexresp3sudomakesudomakeinstallsudomkdir/var/log/snortsudomkdir/var/snortNow, to change permissions on your Snort directory:sudogroupaddsnortsudouseraddgsnortsnortsudochownsnort:snort/var/log/snortLoggingLogging using Barnyard2Again, this is the preferred method. Edit /etc/snort/snort.conf to make a line that reads like the following (adapted to your environment):output unified2: filename snort.out, limit 128And sure any other lines that start with "output database:" are commented out (that they have a # in front of it).Logging Snort to a Mysql DatabaseEdit /etc/snort/snort.conf, and add the following line:output database: alert, mysql, user=root password=password dbname=snorby host=localhostModify it for your needs. If Snorby isn't located on this sensor, change the host to the IP of the server that Snorby is installed.Configuring SnortIf you're running Ubuntu, you can run sudo dpkg-reconfigure snort and skip the below, as this command will take you through the steps.Logging Snort to a Postgres DatabaseEdit /etc/snort/snort.conf, and add the following line:output database: alert, postgresql, user=snort dbname=snortModify it for your needs. If Snorby isn't located on this sensor, change the host to the IP of the server that Snorby is installed.Clean upWe will be creating the database for Snort and Snorby soon. Check for the existence of the file /etc/snort/db-pending-config and if it exists, delete it.Setting snort variablesThis is declared in /etc/snort/snort.conf.Important variables: $HOME_NET, $EXTERNAL_NETThese variables are used in the rules you run. $HOME_NET should be set to your internal IP schema. In my lab, my computers get 10.0.0.1 - 10.0.0.255. So I will set this line to:var $HOME_NET 10.0.0.0/24Typically $EXTERNAL_NET will be set to any. This is describing the internet