Intrusion detection software is meant to monitor network traffic or host activities for malicious actions, such as successful or unsuccessful intrusion attempts, hostile traffic (i.e., malicious scans and denials of service), unauthorized configuration changes, malware symptoms, and user policy violations. An intrusion detection system (IDS) typically can produce reports describing the details of the potentially hazardous activity which generated alerts. OSSEC is particularly useful in this context for many reasons. First, it is an established, reputable product with a proven track record (OSSEC was first released in 2004 and has been owned by Trend Micro since 2009). Second, it is free and open source. Third, it is compatible with most modern operating systems such as Linux, Windows (Server 2008, Server 2003, 7, Vista, XP, 2000) BSD (Free/Open/Net), Unix (Solaris, HP-UX, AIX), and MacOS.
One of the key tenets of IT security is to keep intruders from gaining access to your organization’s network. Not only must the network’s edge be hardened to resist a myriad of attacks, but measures must be put into place to detect attackers who have successfully breached the perimeter. These two measures are important steps in achieving a “defense in depth” security posture, and OSSEC is an effective and affordable option to fulfill the IDS role.
Intrusion detection systems (IDS) are generally classified as either network-based or host-based in nature. A network-based IDS (NIDS) attempts to discover unauthorized access to a network by analyzing traffic as it flows between nodes for signs of malicious activity. A host-based IDS (HIDS), on the other hand, is designed to detect threats occurring on the hosts where they are installed (on servers, for example). A HIDS monitors local actions and attempts to identify those which could be hazardous. In this way a HIDS is similar to antivirus applications that identify and block certain attack patterns and raise alarms to alert users and administrators.
When you want to perform network queries for troubleshooting or data collecting purposes, the standard approach has been to launch a non-graphical command line interface (CLI) in Windows or a shell prompt (such as Bash) in Linux to display the input and output of the commands you use. While this practice is undoubtedly quick and lightweight, the functionality of many networking commands has been replicated on dozens of websites which allow network administrators the same capabilities in graphical, web-based environments.
Nearly all of the networking-related command utilities have been listed and described in this blog. Some of these commands include netstat, nslookup, ping, traceroute, and whois among others. This post will show you the best and most popular websites for using these types of commands in browser-based graphical user interfaces (GUIs). These websites will be listed in alphabetical order based on domain name.
Can You See Me
CanYouSeeMe.org issues probes to see if certain ports on your external IP address respond.
The technical standards that govern how the Internet and modern computer networks operate are debated and approved by a number of organizations. These organizations exist to ensure the proper functionality and long term feasibility of network transmission methods. IT professionals should be familiar with these organizations, how they operate, and what their specific roles and responsibilities are. After all, it is clearly within our professional purviews to intimately know the standards which dictate how the Internet’s core technologies work. For example, detailed knowledge of IPv4 (and very soon, IPv6) is a must for today’s system and network administrators. But who determines how the IP protocol operates? Who sets the standards regarding networking technologies? Read on to find out.
Internet Protocol version 6 (IPv6) is the next generation networking protocol that is slated to replace Internet Protocol version 4 (IPv4) as the dominant protocol powering modern computer networks and the global Internet.
The problem with IPv4 is that it was developed and initially rolled out in the 1970s and 80s, long before anyone had any idea of what the Internet would become (IPv4 is defined in RFC 791, published in 1981). Simply put, the ability for IPv4 to support modern Internet traffic is decreasing steadily. The Internet Engineering Task Force (IETF) recognized the potential for a crisis and commenced work on IPv4′s replacement in the mid-1990s.
The rest of this article will assume that you know why the Internet needs to evolve from IPv4 to IPv6. If you do not understand this, please stop reading and view this Youtube video of Vinton Cerf explaining the rationale behind the protocol migration (Cerf is considered one of the “fathers of the Internet”).
The death of IPv4 as a relevant networking protocol was delayed considerably by the deployment of two addressing-related solutions: Network Address Translation (NAT) and Classless InterDomain Routing (CIDR). However, given the current and projected growth in human population and the ever expanding quantity of devices connecting to the Internet, IPv6 is required to accommodate and sustain the necessary expansion of Internet availability and services. For example, two well-known technology growth sectors, mobile devices (e.g., smartphones) and cloud-based computing, require public IPv4 connectivity to function and therefore, they are contributing to the exhaustion of the public IPv4 address space (even with NAT relieving some pressure).
Image source: Wikimedia Commons
Despite their differences in age, IPv4 and IPv6 do share some characteristics. Both protocols were designed to allow for host identification, host discovery, and optimal routing. They both work at Layer 3 of the OSI networking model and at the internet layer of the TCP/IP networking model. In order for hosts to properly communicate using IPv4 or IPv6, they must be assigned a unique IP address. IPv6 hosts need the same information as IPv4 hosts to properly network, e.g., they need to know the IP addresses of DNS servers (to translate host names to IP addresses) and default gateways (to transmit to remote destinations). As in IPv4, IPv6 hosts will send packets directly to destinations on the same subnet.
However, as IPv6 was developed from the ground up to be a future-oriented redesign and modernization of the IP structure, IT professionals will notice that it offers many distinct advantages over its aging cousin. Some noteworthy differences are:
- IP addressing – as described below, IPv6 addresses use a different format and can provide an astonishingly huge address space for network hosts, far larger than what IPv4 can offer.
- Multicast and broadcast – IPv6 utilizes more multicast traffic while dropping broadcast functionality altogether.
- Multi-address interfaces – In IPv6, interfaces (such as network interface cards, or NICs) can natively operate using several IP addresses. IPv6 offers improved support for multiple addresses sharing one interface.
- Automatic IP address assignment – While IPv4 clients can receive address assignments via DHCP, IPv6 hosts are capable of autoconfiguration with stateless address autoconfiguration (SLAAC) via Neighbor Discovery Protocol (NDP). Alternatively, IPv6 hosts can utilize the new DHCPv6 in a manner similar to traditional DHCP.
- Packet fragmentation – Routers processing IPv6 will not fragment packets. Instead, fragmentation responsibility belongs to the originating hosts.
- Checksum – the IPv6 header does not include a checksum while IPv4 does. Removing the checksum from OSI Layer 3 should improve IP throughput.
- Layer 2 (data link) address discovery – while IPv4 uses Address Resolution Protocol (ARP), IPv6 uses ICMPv6-based Neighbor Discovery Protocol (NDP).
- IPSec – IPSec support is optional in IPv4 but is required in IPv6.
- IGMP – IPv6 replaces Internet Group Management Protocol (IGMP) with Multicast Listener Discovery (MLD).
Subnetting – it’s the subject that IT professionals love to hate. Believe it or not, the frustration that it caused me as a student years ago made me question whether I wanted to go into the information technology (IT) field. Furthermore, with the availability of many subnet calculator programs and subnetting websites, the ability to manually perform subnet calculations may seem superfluous at first. However, a solid understanding of IP subnetting will not only allow IT pros to create appropriately-sized networks in the absence of specialized software and web applications (on paper, for example), but given IP’s foundational role in modern computer networks and the global Internet, it behooves us to keep our comprehension of this protocol sharp. Lastly, if you plan on obtaining a networking certification like the Cisco CCNA, you are just going to have to master the material below.
The purpose of this article will be to thoroughly explain how IP subnetting works and to provide some relevant examples. Therefore a detailed analysis of all the workings of IP, such as packet structures, packet switching, and routing will not be provided. However, we will review what the Internet Protocol (IP) is, how it works, and what purpose it serves on networks. We will focus solely on Internet Protocol version 4 (IPv4) which is the version of IP that has powered the Internet revolution and remains the most widely utilized networking protocol today.
Computers must share a common protocol to communicate, and nowadays IP has become ubiquitous on nearly all operating systems. So what does IP do? Simply put, IP allows computers to locate and facilitate communications with other hosts that are either on the same logical network or on separate, distinct networks (for instance, networks such as those owned by different organizations – businesses, universities, Internet service providers, etc.). IP provides for this communication by enabling the routing of data packets between sources and destinations, often through multiple intermediary hosts.