Evaluation of Some Windows and Linux Intrusion Detection Tools
By
Dr. Hedaya Mahmood Alasooly
Evaluation of Some Windows and Linux Security Tools
GFI LANguard, Nessus, Snort, Base, ACID, Rman, SnortCenter, OSSEC, Sguil
1.Abstract:
The paper evaluates some the security tools. Top security tools can be found in http://sectools.org/. Most important vulnerabilities in Windows and Linux can be found in www.sans.org/top20/. The paper covers the installation and configuration of the following security tools:
Keywords: Vulnerability Assessment Tools, Intrusion Detection Tools, LANguard, Nessus, Snort, BASE, Rman, OSSEC, Sguil.
2.What it Does:
In this paper I will evaluate some the security tools. Among my work in this area, I found the best site that lists the security tools is http://sectools.org/. Most important vulnerabilities in Windows and Linux can be found in www.sans.org/top20/. There is a good course that covers most of the hacking and security issues, the Certified Ethical Hacking course.
The paper covers the installation and configuration of the following security tools:
3.Vulnerability Assessment Tools:
The following vulnerability assessment tools were tested in order to look for the main differences between them when scanning Linux and Windows machine:
LANguard in Microsoft Windows
Nessuss in Windows and Linux
Some other that can be tried also: Tenable NeWT , Shadow Security Scanner, Microsoft Baseline Security Analyzer.
3.1 GFI LANguard:
GFI GuardLAN and Microsoft Base Line Security Scanner are mostly same. Download GFI GuardLAN from http://www.gfi.com/lannetscan/. After installation, you can start scanning any machine with the administrative privilege.
3.2. Nessus:
Download the nessus from http://www.nessus.org and install it.
The installation is straight forward. Download the software after registration, and install the package after providing the activation code (you shall get it through email), and the necessary plugins will be downloaded automatically upon the installation. You can use the Nessus Client that installed with the package. You can also create users, download and run NessusWX Client as its output is clearer.
Installation in Linux needs some preparation.
1- Download the latest version of Nessus from http://www.nessus.org/download/
Install it with the following command depending on your version
# rpm –ivh Nessus-*.rpm
2- Create a Nessus User. At minimum, one Nessus user should be created so client utilities can log into Nessus to initiate scans and retrieve results.
# /opt/nessus/sbin/nessus-add-first-user
In the file /opt/nessus/etc/nessus/nessusd.conf there are several options that can be configured. For example, this is where the
Publisher: BookRix GmbH & Co. KG
Publication Date: 12-07-2020
ISBN: 978-3-7487-6760-2
All Rights Reserved