Cover

Evaluation of Some Windows and Linux Intrusion Detection Tools

Evaluation of Some Windows and Linux Intrusion Detection Tools

 

 

 

 

 

 

 

 

 

 

By

Dr. Hedaya Mahmood Alasooly

 

 

 

 

 

 

 

 


GFI LANguard, Nessus, Snort, Base, ACID, Rman, SnortCenter, OSSEC, Sguil

Evaluation of Some Windows and Linux Security Tools

GFI LANguard, Nessus, Snort, Base, ACID, Rman, SnortCenter, OSSEC, Sguil

 

1.Abstract:

The paper evaluates some the security tools. Top security tools can be found in http://sectools.org/. Most important vulnerabilities in Windows and Linux can be found in www.sans.org/top20/. The paper covers the installation and configuration of the following security tools:

  • LANguard
  • Nessus
  • Snort
  • BASE
  • ACID
  • Rman
  • SnortCenter.
  • OSSEC
  • Sguil

 

Keywords: Vulnerability Assessment Tools, Intrusion Detection Tools, LANguard, Nessus, Snort, BASE, Rman, OSSEC, Sguil.


3.Vulnerability Assessment Tools:

2.What it Does:

In this paper I will evaluate some the security tools. Among my work in this area, I found the best site that lists the security tools is http://sectools.org/. Most important vulnerabilities in Windows and Linux can be found in www.sans.org/top20/. There is a good course that covers most of the hacking and security issues, the Certified Ethical Hacking course.

 

The paper covers the installation and configuration of the following security tools:

  • LANguard
  • Nessus
  • Snort
  • BASE
  • Rman
  • OSSEC
  • Sguil


3.1 GFI LANguard:

3.Vulnerability Assessment Tools:

The following vulnerability assessment tools were tested in order to look for the main differences between them when scanning Linux and Windows machine:

LANguard in Microsoft Windows

Nessuss in Windows and Linux

 

Some other that can be tried also: Tenable NeWT , Shadow Security Scanner, Microsoft Baseline Security Analyzer.


3.2. Nessus:

3.1 GFI LANguard:

GFI GuardLAN and Microsoft Base Line Security Scanner are mostly same. Download GFI GuardLAN from http://www.gfi.com/lannetscan/. After installation, you can start scanning any machine with the administrative privilege.


3.3 Testing:

3.2. Nessus:

Download the nessus from http://www.nessus.org and install it.

 

The installation is straight forward. Download the software after registration, and install the package after providing the activation code (you shall get it through email), and the necessary plugins will be downloaded automatically upon the installation. You can use the Nessus Client that installed with the package. You can also create users, download and run NessusWX Client as its output is clearer.

 

Installation in Linux needs some preparation.

 

1- Download the latest version of Nessus from http://www.nessus.org/download/

Install it with the following command depending on your version

# rpm –ivh Nessus-*.rpm

 

2- Create a Nessus User. At minimum, one Nessus user should be created so client utilities can log into Nessus to initiate scans and retrieve results.

# /opt/nessus/sbin/nessus-add-first-user

In the file /opt/nessus/etc/nessus/nessusd.conf there are several options that can be configured. For example, this is where the

Imprint

Publisher: BookRix GmbH & Co. KG

Publication Date: 12-07-2020
ISBN: 978-3-7487-6760-2

All Rights Reserved

Next Page
Page 1 /