Network monitoring
Network monitoring consists of analyzing information that flows on the edges of a connected graph over time. At the graph level, network monitoring helps balance workload, plan for increased capacity or change in the graph topology. In the context of computing vertices mutually distrutful of each other, merely passing incoming information around is not a begning act. Complex processing of that information, such as executing it as code, increases the risk of compromising the integrity of the vertex.
Network monitoring can be decomposed in three logical steps:
-
logging
Protocols, applications and further analysis algorithms dictates the information to log but source, destination, packet type and length are amongst the minimum requirements. (\todo log storage and deletion.)
-
categorizing
Categorization tools will put log entry into buckets based on different matching rules. This can be done either in real-time as the log is generated or off-line on a captured log file. When real-time categorization is done, there is further the possibility to either do log polling or direct trigger by kernel events. (\todo schema polling, triggers )
-
reacting
The purpose of categorization is to make informed decisions. One of the major decision of any network vertex is to decide if it is safe to accept some incoming packet or not.
Description | Available | Implememtation | License | logging | categorizing | reacting | report tools |
---|---|---|---|---|---|---|---|
Wireshark |
|
C | GPLv2 | kernel, ldcap files | regex filters | call external shell | Cascade Pilot |
Snort (see also Snort-Setup for Statistics HOWTO) |
|
GPLv2 | C | kernel, pcap files | regex filters | not sure yet | Snorby, SnortSnarf, SnortAlog |
fail2ban |
|
perl | GPL | poll any log files | regex filters | iptables updates | none? |
sshguard |
|
BSD | C | poll sshd, dovecot log files | built-in regex | iptables updates? | none? |
Related Articles
- Network Security/Analysis Software for Linux
- Squid log analysis
- AMaViS A Mail Virus Scanner
- OSSEC
- Fun with Splunk: SSHD
- DenyHosts, an SSH Server Attack Denial Tool
- Ubuntu Tricks: Analyse illegal SSH login attempts
- logwatch
- Daily mail reports with logwatch
- Script for auth.log and kern.log analysis
- AWstats
- Zed Attack Proxy
- Basic Analysis and Security Engine
Filesystem Auditing
Either through a deliberate act of sabotage or a simple programming mistake, programs run amock. It is thus important to audit all parts of the system regularly, especially persistent storage mostly meaning the file system.
Authentication and privacy
Once systems to monitor and analyze a computer infrastructure are understood, it is time realize how access is granted to computing resources.
Full disk encryption
- The Problems with Full Disk Encryption
- Disk Encryption HOWTO
- System Encryption with LUKS for dm-crypt - ArchWiki
- lfde.org
- Ubuntu Full Disk Encryption with USB Key Two Factor Authentication (Hardy, Intrepid, Jaunty) « Mark Knowles' Blog
- Encrypted filesystem [rigacci.org]
- XercesTech
- DM-Crypt with LUKS - Gentoo Linux Wiki
- Encrypt filesystem with DM-CRYPT — Synoptick.com
- [dm-crypt] a possible "attack" on dm-crypt
Capabilities
Web authentication
- SSL and the future of authenticity (DEFCON 2011 video)
- Rails at work: Static Web Page Access Authentication via Apache
- Apache 2.0 authentification module cookie based...
- FAQ - memcached
- OpenLDAP
- Robert Harder » Two Factor Authentication in Snow Leopard SSH with Perfect Paper Passwords
- Can I read a PEM format openssl generated public key using a cryptopp one-liner...?
- PKCS#7 and PKI encryption/decryption
- IETF/W3C XML-DSig Working Group
Routing
Everyday life rely increasingly on distributed computing infrastructure, it becomes of primary importance that no single entity can arbitrarly monitor nor shutdown complete services as it sees fit. As technology solutions, peer-to-peer infrastructures go to great length to implement de-centralized control structures. Peer-to-peer networks concerns about privacy heavily rely on understanding routing algorithms.
- Chapter 4. IP Routing
- Better networking with SCTP
- The OpenPrivacy Initiative is a collection of software frameworks, protocols and services providing a cryptographically secure and distributed platform for creating, maintaining, and selectively sharing user profile information.
- Google search: "Peer to Peer Routing", "P2P Networks"
Description | Implementation | License |
---|---|---|
The Freenet Project | ? | ? |
The Monkeysphere Project extends OpenPGP's web of trust to new areas of the Internet. | ? | ? |
Cloud computing
The requirements to deploy highly-scalable peer-to-peer infrastructure with the possibility to provision and decomission virtual machines on the fly poised "cloud computing" to be an integral part of any future network infrastructure.
DeltaCloud and OpenStack are two competiting APIs for managing cloud clusters.
This is a great starting point to create an EC2-like on a local machine.
The Ubuntu Cloud portal contains all things ubuntu-cloud related.
Penetration testing
There is preparation than running drills, actively trying to get into the system.
Web technologies
Standards
- HTML5
- URL encoding (also known as Percent-encoding) is a mechanism for encoding information in a Uniform Resource Identifier (URI) and is often used in the submission of HTML form data in HTTP requests.
- base64 is a group of similar encoding schemes that represent binary data in an ASCII string format. It is often used to present cryptographic keys.
- FastCGI
- OAuth 2.0
- WebDAV
- iCalendar is a data format for calendaring and scheduling information.