Deploy Secure Network Defense Solution For Small Enterprises Using IPCop Firewall v1 4

Global Open Versity, Vancouver Canada Secure Network Defense for SMB using IPCop Firewall v1.
Global Open Versity

IT Security & Network Defense Hands-on Labs Training Manual
Deploy Secure Network Defense for Small Enterprises

using IPCop Firewall
Kefa Rabah
Global Open Versity, Vancouver Canada
krabah@globalopenversity.org
www.globalopenversity.org
Table of Contents Page No.
DEPLOY SECURE NETWORK DEFENSE SOLUTION FOR SMALL ENTERPRISE USING IPCOP
FIREWALL 3
1.0 Introduction 3
2.0 Historical Overview of IT Network Security 4

2.1 A Case for Multi-Layered Enterprise IT Security Network Defense 4
Network Diagram Configuration 6
Part 1: Install & Configure IPCop Firewall 8

Step 1: Install IPCop Firewall 8
Step 2: Test your Firewall Security from Outside your Private Network 25
Part 2: Install Internal PC (Virtual Machine 2) for Remote Administration of IPCop 26
Part 3: Testing IPCop Security using NMAP 29
Part 4: Installing Add-Ons to Extend IPCop Capability 31

Step: 1: Install & Configure URL Filter Add-on on IPCop 31
Step 2: Enable the Web Proxy 31
Step 3: Configure URL Filter 33
Step 4: Extending IPCop with Copfilter Add-on 36
Part 5: Checking IPCop Memory Usage 42
Part 6: Enable Intrusion Detection System (IDS) Monitoring on IPCop 43
Part 7: Install Zerina's OpenVPN Package for IPCop 44

Step 1: Install Zerina OpenVPN 44
Part 8: Troubleshooting Problem with Intrusion Detection (Snort) on IPCop Firewall 1.4.21 49
Part 9: Different IT Security Vulnerability Scanning and Testing Techniques 50

Step 1: Network Penetration Testing Methods 51
Step 2: Information Systems Security Assessment Framework (ISSAF) 52
Step 3: IT Risk & Vulnerability Testing Tools 52
1. Metasploit Framework 52
2. Nessus 52
1
© April 2007, Kefa Rabah, Global Open Versity, Vancouver Canada
www.globalopenversity.org ICT202 - Linux Enterprise Infrastructure Engineering Diploma

Global Open Versity, Vancouver Canada Secure Network Defense for SMB using IPCop Firewall v1.4
Part 10: Need More Training on Linux: 53
Part 11: Hands-on Lab Assignments 53
© A GOV Open Access Technical Academic Publications License

Enhancing education & empowering people worldwide through eLearning in the 21st Century
2

Global Open Versity

IT Security & Network Defense Hands-on Labs Training Manual
Deploy Secure Network Defense Solution for Small Enterprise

using IPCop Firewall
By Kefa Rabah, krabah@globalopenversity.org Jan 20, 2010 SerengetiSys Labs
Project: Deploy secure network defense Solution for small enterprise (SMB) using IPCop firewall with
URLfilter, Copfilter and OpenVPN add-ons.
Today, small and medium sized businesses (SMBs) are the backbone of the global economy – more-so in
the developed countries and recently emerging markets. However, with current global economic
meltdown, they’re all more inclined act cautious, they maintain a stable business and they are not subject
to the high demands of investors. But nevertheless, SMBs are affected by the current economic climate
even more so than larger businesses. This is why we see more and more businesses fall back to
consumer products to secure their IT environment in order to reduce costs and maintain ROI, they lower
their level of security. This is a dangerous compromise. However, there are great open source network
security solutions out there that when implemented correctly can go along way to keep the bad guys off
their network resources. In these series of IT Security & Network Defense Hands-on Labs Training, we’re
going to be looking at some of the software solutions that can easily be deployed to secure private
network resources.
1.0 Introduction
Information security is commonly thought of as a process and not a product. However, standard security
implementations usually employ some form of dedicated mechanism to control access privileges and
restrict network resources to users who are authorized, identifiable, and traceable. And firewalls have
been keeping guard between the private network and Internet and; is as old as the Internet itself.
Firewalls are one of the core components of a network security implementation. Several vendors market
firewall solutions catering to all levels of the marketplace: from home users protecting one PC to data
center solutions safeguarding vital enterprise information. Firewalls can be stand-alone hardware
solutions, such as firewall appliances by Cisco, Nokia, and Sonicwall. Vendors such as Checkpoint,
McAfee, and Symantec have also developed proprietary software firewall solutions for home and business
markets.
Apart from the differences between hardware and software firewalls, there are also differences in the way
firewalls function that separate one solution from another. In this guide, we’ll only concentrate in SMB type
of network configuration with very limited or no budget to carter for exotic firewall infrastructure. However,
with the open source Linux based operating system you have a lot of choices for protection. And for this
lab session, we are going to use IPCop firewall.
The IPCop project is a GNU/GPL project that offers an exceptional feature packed stand alone firewall to
the internet community. Its comprehensive web interface, well documented administration guides, and its
involved and helpful user/administrative mailing lists make users of any technical capacity feel at home. It
3

goes far beyond a simple ipchains / netfilter implementation available in most Linux distributions and even
the firewall feature sets of commercial competitors.
IPCop is a cut-down Linux distribution that is intended to operate as a firewall, and only as a firewall. It
has some advanced firewalling features, including VPNs using IPSec. It’s a complete firewall solution,
taking control of the machine and replacing any other operating system that is installed. Therefore, it is not
similar to packages like ipchains or any of the GUI firewall administration tools. It is not an additional
security service you would run on your machine; rather, it is a complete operating system and firewall
administration kit in a box that the user would dedicate a single machine to house and run as an Internet
gateway. And that is the format we’re going following in this Hands-on training labs.
Today, firewalls have had to undergo a tremendous metamorphosis as a result of evolving threats. IPCop
is exemplary in offering such a range of default features and even further a large set of optional plug-ins
which can provide further functionality and its security capability as will see later in the text.
Some of IPCops impressive base install features include: secure https web-based GUI administration
system, SSH server for Remote Access, TCP/UDP port forwarding, DHCP Server, Proxying (Squid), DNS
Proxying, Dynamic DNS, Time Server, Traffic Shaping, Traffic/Systems/Firewall/IDS graphing, Intrusion
Detection (Snort), ISDN/ADSL device support and IPSec based VPN Support (FreeSWAN) with Control
Area and support for Check Point SecuRemote. As if these base features were not an astounding enough
there are dozens of add-ons which can further expand the functionality of your IPCop from Web Filtering
to Anti virus scanning.
2.0 Historical Overview of IT Network Security

As attacks on enterprise grow more sophisticated and diverse; companies need to rethink their network
defense and entire enterprise risk management strategies. Security for that matter is not only about
protecting the network, but also the data. That requires a combination of tactics, from securing the
network perimeter to encrypting data on mobile and storage devices. Today, many enterprises look at
network as taking a layered approach. As security become more complex, businesses increasingly see a
need for enterprise security strategies, as well as ways to collate information from the various tools and
evaluate their performance. And they are grappling with new issues created by growing mobility and
anywhere, anytime access – making the remote users the “new perimeter” frontier and not the firewall –
thus increasing risk to enterprise resources. Therefore, getting the firewall configured correctly to allow
road-warriors access to the private network is very critical.
2.1 A Case for Multi-Layered Enterprise IT Security

Assume Prior Layers Fails
Network Defense
Perimeter Defenses
In IT speak; security is a many-layered thing for most IT
managers. This is basically because attacks may target Network Defenses
network, workstation, server or application vulnerabilities.
Host Defenses
Blended threats combine multiple attack vectors – Trojan
horses, spyware, worms and viruses, for example – in an Application Defenses
attempt to outflank an organization’s defenses. And over
the years, starting from the mid 80s and the birth of PCs, Data & Resources
4
© April 2007, Kefa Rabah, Global Open Versity, Vancouver Canada Fig. 1: Enterprise Security – Defense-In-Depth

the attack tools have been growing in sophistication, which require almost no technical skills to use, as
depicted in Fig. 2. In response, enterprise erected a series of barriers on the principle that an attack that
beats one security measure won’t get past other protections. This approach goes by several names:
layered security, defense-in-depth – but the underlying premise is the same, see Fig. 1
The traditional thinking view of layered security places firewall at the outermost ring of the protection –
guarding the corporate network from public network (the Internet) borne incursions, see Figs. 1 & 2. After
the firewall, attention turns to network-based intrusion detection/prevention systems that aim to snuff out
attacks that sneak through the firewall. Antivirus software and host-based intrusion detection/prevention
systems protect servers and client PCs, providing still another layer.
Fig. 2: Typical Secure Internal Network Infrastructure
Firewall – via filter rules (TCP, UDP, & ports) must be the gateway for all communications between trusted and
untrusted and unknown networks (NWs). It is the choke point where all communication must pass through
Perimeter network (NW) or DMZ which is put in place using: firewalls & routers – on the NW edge, permits
secure communications between corporate NW and third-parties. It includes: DMZ, extranet, & intranets. Perimeter
network is the key that enables many mission-critical NW services. It also offers a layer of protection for the internal
NW in the event that one of Internet accessible servers is compromised
Bastion Hosts: cannot initiate, on its own, a session request back to the private NW. Implies it can only forward
packets that have already been requested by clients from internal private NW. To maintain secure communication
and Private network protection, bastion hosts should have all appropriate up-to-date service packs (SP), hot fixes,
and patches installed. System/network admins must also ensure that logging of all security-related events should
also be enabled and regularly reviewed/analyzed to track both successful and unsuccessful security events.
While emerging classes of tools may fend off attacks at multiple layers, there are pitfalls if the tools are not
properly configured, managed or integrated with existing systems. In effect, chief information and security
officers have to be jack of all trades to implement an effective layered security strategy. In overall, a
5

layered security strategy – built around numerous preventive controls – requires good perimeter defenses
– i.e., you need to have host- and network-based intrusion detection integrated with other security
solutions all the way down to the desktop level, also known as end-point. Current statistics indicate that a
typical enterprise spends more than 5% of its IT budget on security, with expected growth in annual
spending pegged at 9%, compared to 4% to 5% for IT overall.
Today, most IT network security strategists prefer to define layers in terms of critical security processes –
tasks such as vulnerability management and intrusion prevention. Process-based definitions like these
don’t commit IT managers to a specific technology approach and also guard against redundant
technology. For example, anti-spyware products entered the market a few years ago – as a product set
distinct from antivirus; however, both support the same process. In this respect, one may wonder “what is
so different about process of blocking spyware from the process of blocking viruses”. Currently, vendors
such as Symantec have since consolidated anti-spyware and antivirus on the same desktop. This new
approach, has given rise to increased emphasis on host security for so-called end-points such as servers
and PCs so that these devices can defend themselves. These technologies include host-based intrusion
protection systems (HIDS). For information more read: Developing IT Security Risk Management Plan.
In this Hands-on Labs we’ll concentrate only on firewall part of layered network IT security infrastructure
using IPCop firewall with URLfilter, Copfilter and OpenVPN add-ons.
Hardware Pre-requisite
IPCop installation generally runs for 25 minutes, and you can complete it with relatively modest hardware
requirements such as a 386 processor with 32MB RAM and >300MB of disk, and 3 Network Cards (2 if
there is no need for a DMZ). If you plan to utilize caching proxy, IDS or other add-ons, consider additional
horsepower in terms of RAM/Processor.
Solution:
In this Hands-on Lab session, you’ll learn how to setup virtual network on VMware (you may also use any
other virtual machines like MS VirtualPC, Linux Xen, or VirtualBox from Sun). Next you will learn how to
initialize a virtual machine with three NIC adapters, which we’ll use to install & configure IPCop firewall.
You’ll also learn how to install & configure a second virtual machine with WinXP to use for testing your
firewalled network connectivity to public network (Internet), and also configure and update the as-installed
IPCop. Finally you’ll have an opportunity to do the Hands-on Labs assignments to test what you have
learned in this lesson. Once you’re done with this labs session you should have gained an experience and
capability to enable you to plan design implement and deploy a simple but secure SMB network
infrastructure.
In this Hands-on lab, you’ll also learn how to extend IPCop’s functionality using URL filter to implement
company policy about web surfing and internet access. Also you learn how to install and configure
Copfilter to add web security functionality, like AntiVirus, safe web surfing, email scanning, FTP scanning
for viruses. You’ll also learn how to setup and Metasplot and Nessus to test and audit your network
security vulnerabilities.
Network Diagram Configuration

It’s assumed that you have a good understanding of Linux operating system and its working environment.
It’s also assumed that you know how to install windows XP on VMware.
6

Figure 3 shows our network setup for pilot lab test session of our private SMB LAN, which we have
configured using VMware with three NIC adapters attached to IPCop firewall (Virtual Machine 1). The
eth2 (RED) is attached to the public side of the network and is receiving its IP address from DHCP
server. The eth0 (GREEN) is configured with static IP address and is also the NIC that is attached to
DHCP server which feed the dynamic IP address to the devices located within the private LAN via the
VMnet2 virtual switch. The third NIC adapter, eth1 (ORANGE), is attached to DMZ network side. Virtual
Machine 1 is running Linux based IPCop firewall.
© Global Open Versity,

Vancouver Canada Internet
Modem
DMZ LAN
Virtual NIC Virtual NIC Virtual NIC

192.168.3.0/24
eth1 eth2
Virtual network switch

VMnet3 Virtual Machine 1
Virtual Machine 3 IPCop Firewall
Web Server
eth0
Virtual network switch

Note: eth0 = 192.168.2.1 VMnet2
eth1 = 192.168.3.1
eth2 = DHCP Virtual NIC
192.168.2.0/24
Virtual Machine 2
“Internal PC”
Internal LAN
Fig. 3: Small Enterprise LAN, with test PC (Internal PC) added, and Web server in DMZ
Note: once you’re done with pilot testing and all is working great then you can migrate your setup
to your production environment.
7

Part 1: Install & Configure IPCop Firewall

To understand IPCop or any other Firewall let's take a look a very common scenario for small business.
We need to provide internet access to all computers in the network and yet we want them all to be
protected from outside access. The best access is transparent where the user behind firewall doesn't feel
the presence of firewall when he accesses the internet. However external access must be blocked except
where specifically allowed. IPCop shines in such setup. You can setup this configuration in just about over
an hour. And the best part of all is that the client machines need nothing more than a simple configuration
during setup wherein you specify that the IP address etc. information will be provided by DHCP.
Step 1: Install IPCop Firewall

To install IPCop firewall, perform the following procedure:
1. Hope over to IPCop website and download the latest package, which at the time of writing this lab
manual was "Latest installation ISO (i386 1.4.20) "
2. Once you have downloaded the IPCop ISO specific to your distribution, you have the option burning it
into CD or just by using the ISO package to install it from your virtual machine, in our case VMware.
3. Fire-up a new virtual machine and perform the initial configuration and setup to use ISO package,
ensure give the virtual machine three NIC adapters
4. Start the virtual machine, and you should be able to see the first IPCop installation screen as shown
Fig. 4. Hit the Enter key to commence installation.
8

Fig. 4: IPCop installation
5. From Fig. 5, select the desired Language and the click OK.
Fig. 5
9

6. From Fig. 6, click the OK to start installation.
Fig. 6
7. From Fig. 7, select thee CDROM/USB-KEY and then select OK to continue.
10

Fig. 7
8. From Fig. 8, hit OK to prepare the harddisk.
Fig. 8
9. From Fig. 9, the partitioning process is started.
11

Fig. 9
10. Since we’re not using data from backup to populate this new IPCop install, therefore, select Skip by
using the Tab key to make the selection, and then click OK as shown in Fig. 10.
Fig. 10
11. From Fig. 11, the select Probe to enable IPCop install to probe all the available NIC adapters
installed, and then click OK when done.
12

Fig. 11
12. From Fig. 12, IPCop has detected the first NIC card for the GREEN interface. Click OK to continue.
Fig. 12
13. From Fig. 13, enter the IP address for the GREEN interface, and then click OK to continue.
13

Fig. 13
14. As can be seen from Fig. 14, IPCop has been successfully installed. Remember to make a note port
numbers 81 and 445, and the respective URLs: http://ipcop:81 or for secure https://ipcop:445. Click
OK to continue
Fig. 14
15. For the next successive screens choose your keyboard type and time zone.
14

16. From Fig. 15, accept the default hostname "ipcop", or change as desired, and then click OK to
continue.
Fig. 15
17. For next screen, accept the default Domain name "localdomain", or change as desired, and then
click OK to continue.
18. From Fig. 16, accept the default Protocol/Country selection, and then click "Disable ISDN", as
we’re not going to use it.
Fig. 16
19. For the next screen, accept the default selection "Network Configuration type", and then click
OK to continue.
15

20. Recall that we have three NIC adapters to be used by this firewall, therefore, we’ll choose "GREEN +
ORANGE + RED", and then click OK to continue, see Fig. 17.
Fig. 17
21. Recall that we have already assigned the GREEN interface an IP address. Now it’s time to assign the
ORANGE and RED interfaces. Use the down-arrow key to "Drivers and card assignments",
and then click OK to continue, see Fig. 18.
Fig. 18
22. From Fig. 19, we’re informed that the "ORANGE" and "RED" interfaces are UNSET. Click OK to
continue.
16

Fig. 19
23. From Fig. 20, accept the default "ORANGE" selection to assign the unclaimed Ethernet card. Click OK
to continue.
Fig. 20
24. Repeat the same on the next screen to assign the unclaimed "RED" Ethernet card, and then click OK
to continue.
25. From Fig. 21, we’re informed that all the cards have been successfully allocated. Click OK to
continue.
17

Fig. 21
26. From Fig. 22, accept the default selection "Address Settings", and then click OK to continue.
Fig. 22
27. From Fig. 23, select "DHCP" to set the RED interface public IP address, and then click OK to
continue.
18

Fig. 23
28. From Fig. 24, go ahead and set the ORANGE interface with a static IP address, and then click OK to
continue.
Fig. 24
29. From Fig. 25 accept the default selection "DNS and Gateway Settings", and then click OK to
continue.
19

Fig. 25
30. From Fig. 26, if you had selected to use Internet DHCP with RED interface as in case, then you do not
need enter the DNS and Gateway settings, leave them blank. Next, go ahead and click OK to
continue.
Fig. 26
Note 1: For production network, the public Primary DNS server address and Default Gateway address
would have been given to you by your ISP. Then in this case it would have been preferable to use
Static IP address on your RED interface.
Note 2: Failure to add the correct gateway IP address will prevent computers in the private LAN from
accessing the Internet.
20

31. From Fig. 27, the DHCP server configuration, we’ll have the firewall to play the DHCP server role,
so we’ll enable it by hitting the space bar. Set the Start Address and End Address as desired.
Click OK to continue.
Fig. 27
32. From Fig. 28, we’re done adding all the required interfaces IP address, Gateway and DNS settings, so
we can now move out of this menu by clicking Done to continue.
Fig. 28
21

33. From Fig. 29, enter root user password. For security reason remember to use root password with
good complexity!
Fig. 29
Note: when typing the password there will be no echo from the keyboard or movement of the cursor! So just go
ahead and type the password and hit the Tab key to re-type it again.
34. For the next two screens, enter admin and backup users’ password. Again for security reason
remember to use password with good complexity!
35. The Setup is complete, as shown in Fig. 30. Press OK to reboot the IPCop firewall.
Fig. 30
22

36. Once the virtual machine has rebooted, go ahead and login into the IPCop console as the user root
user with root password you entered earlier during setup, as shown in Fig. 31.
Fig. 31: Login into the IPCop console using root user and password
37. Next, we want to check if all our interfaces were configured correctly. To do this, issue the
"ifconfig" command to test each interface, i.e., eth0 (GREEN), eth1 (ORANGE) and eth2 (RED).
And from Fig. 32, we can see that all the configurations were done correctly.
Fig. 32a: Ifconfig interface eth0 (GREEN)
23

Fig. 32b: Ifconfig interface eth1 (ORANGE)
Fig. 32c: Ifconfig interface eth2 (RED)
38. Now want to test all our interfaces connectivity using the PING command. So let’s see if we’re able to
ping all the network interfaces i.e., the GREEN interface "192.168.2.1"; on the DMZ ORANGE
interface "192.168.3.1"; and on the RED interface "192.168.83.211", as shown in Fig. 33.
Fig. 33a: Ping interface eth0 (GREEN) – IP address "192.168.2.1"
Fig. 33b: Ping interface eth1 (ORANGE) – IP address "192.168.3.1"
24

Fig. 33c: Ping interface eth2 (RED) – IP address "192.168.83.211" from the Internet DHCP.
Note: from all the ping tests we’re able to get all the required replies back indicating they’re configured
and communicating correctly as per their respective interfaces. So we know that the three interfaces
are correctly connected to the Virtual Machine 1 holding IPCop firewall.
Step 2: Test your Firewall Security from Outside your Private Network
In this section we will test our firewall security using PING test again, however, this time round from
outside our firewalled network.
To perform this login into any computer that is not part of your network. In our case I am going to perform
my ping test from my WinXP host machine (IP address 192.168.1.113) which is hosting my
VMware virtual machines (i.e., the IPCop and Internal PC virtual machine2).
1. From Virtual Machine 1 (IPCop console), Fig. 3 ping WinXP host machine (IP address
192.168.1.113) not shown in the network diagram, you should be able to have connectivity without
any problem, as shown in Fig. 34.
Fig. 34: Ping WinXP host machine– IP address "192.168.1.113"
2. Now from WinxXP host machine issue the ping test again, to the RED interface eth2 with IP address
"192.168.83.211". Thus, if your firewall is working correctly, you should get connectivity without
any problem, as shown in Fig. 35
25

Fig. 35
3. Next, from WinxXP host machine issue the ping test again, first to GREEN interface eth0 with IP
address "192.168.2.1"; and then ORANGE interface eth1 with IP address "192.168.3.1",
respectively. Again, if your firewall is working correctly, you should not be able to ping the eth0 and
eth1 from outside the firewalled network. You should see "Request time out" or "Network
unreachable", as shown in Fig. 36.
Fig. 36
Part 2: Install Internal PC (Virtual Machine 2) for Remote Administration of IPCop

In this section we’re going to install the second virtual machine "Internal PC". So go ahead and fire-
up a new virtual machine, which in case will be a Windows XP, however, you can use any Linux distro of
your choice. Do ensure that the Internal PC is installed with its NIC adapter connected to VMnet2 switch.
This is the machine that we’re going to use to test and configure IPCop through it’s web-based
administration GUI. The new virtual machine should be able to receive its IP address dynamically through
the firewall’s DHCP server we configured during IPCop installation.
26

1. Login into your Internal PC and perform the following procedures

2. Ping any public domain to test if we’re able to access the Internet from the internal private network,
e.g., ping www.google.com, as shown in Fig. 37.
Fig. 37
3. Next, fire-up your favorite browser and from the Address bar type: https://192.168.2.1:445.
Accept the security warning regarding the security certificate.
4. From Fig. 38, click then Connect button and then login using admin credentials.
Fig. 38: IPCop Web Administration GUI
5. After logging in, we need to check for and install updates to bring our firewall system up-to-date with
the latest security updates.
6. To do this, perform the following procedure: Go to Systems Æ Update Æ Download new updates,
and then perform the following procedure (see Fig. 39):
27

1. Click the Download button to download "ipcop-1.4.21-update.i386.tgz.gz" file at

the time of writing and save it in your favorite folder
2. Click the Browse button and locate and select the file, and then click Upload button.
3. Finally click Apply now to complete updating the IPCop firewall system.
Fig. 39: Updating IPCop firewall system
7. Now, click Status Æ SYSTEM STATUS to view which Services and other systems activities, as
shown in Fig. 40.
Fig. 40: View system services and other system activities
28

Part 3: Testing IPCop Security using NMAP

Nmap ("Network Mapper") is a free and open source (license) utility for network exploration or security
auditing. Many systems and network administrators also find it useful for tasks such as network inventory,
managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets
in novel ways to determine what hosts are available on the network, what services (application name and
version) those hosts are offering, what operating systems (and OS versions) they are running, what type
of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan
large networks, but works fine against single hosts. Nmap runs on all major computer operating systems,
and official binary packages are avalable for Linux, Windows, and Mac OS X. In addition to the classic
command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap),
a flexible data transfer, redirection, and debugging tool (Ncat), and a utility for comparing scan results
(Ndiff).
1. Run NMAP Test

Now let’s NMAP against the public IP on the firewall from another computer outside our private network to
test the firewall this is what came up.
To do this, perform the following procedure:

1. Login into a machine outside the private network
2. Now, hope over to nmap.org and download the latest Nmap package for Windows in case "nmap-
5.20-setup.exe", at the time of writing.
3. Click Run and Run again when prompted, and then read and Accepted the license.
4. From Fig. 41, select the components to install, in case we selected all, and then click Next.
5. On the next screen, click install and services and then click Finish to complete then installation.
Fig. 41
29

6. Once the installation is completed, click Start Æ Programs ÆNmap Æ Nmap – Zenmap GUI
7. Next, enter the IP address of Internet facing IP address "192.168.83.211", i.e., the RED NIC
adapter, eth2, and then click Scan, as shown in Fig. 42.
Fig. 42: Performing Nmap scan on the RED NIC adapter.
8. As can be observed from Fig. 42 above, NMAP confirms the firewall is filtering traffic sent to the public
IP (RED). The nice thing with IPCop it is a stateful firewall.
9. For best security we need to disable ping responses from the RED interface using IPCop's web GUI
under the Firewall tab | Firewall Options | Save, as shown in Fig. 43.
Fig. 43: Disabling ping response on RED interface.
You’re done with NMAP installation and using it to test our IPCop firewall.
30

Part 4: Installing Add-Ons to Extend IPCop Capability

As you may recall IPCop was primarily designed to be a firewall but there are numerous add-ons which
does extend IPCop's functionality and security capability. In this section you’re going to learn how install
and configure Add-Ons to extend IPCop’s capability.
Step: 1: Install & Configure URL Filter Add-on on IPCop

The URL filter Add-on allows IPCop firewall to not only act as a proxy server but a web content filter as
well as to help enforce a company's Internet use policy. Access to inappropriate sites whether they be
YouTube, job search or just not work-related will be denied automatically at the firewall. The URL filter is
free to download and use.
1. Login into your IPCop Web-admin GUI, wee need to enable SSH, to allow us to transfer files securely
into IPCop systems. Go to the System Æ SSH Access Æ Check the box and then click Save.
2. Download and Install WinSCP, which we’re going to use to transfer fires into IPCop system. Ensure
that you installed the Explorer version for ease of use.
3. Download and Install URL Filter Add-on at the time of writing "ipcop-urlfilter-1.9.3.tar.gz"
and place it on the Desktop.
4. To complete the install, I’ll connect to IPCop via Remote Access, click Start Æ Program Æ WinSCP
Æ WinSCP. Use. Hostname: ipcop, Port Number: 222 for SSH access and use the root credentials
and then click Login button. Click Yes when prompted.
Charge to IPCop’s /tmp directory, then drag and drop the "ipcop-urlfilter-1.9.3.tar.gz"
file into the directory.
5. Now login to IPCop’s Console and change into the /tmp directory, and Untar the downloaded file, as
shown in Fig. 44.
Fig. 44
6. Next change into the unpacked "ipcop-urlfilter" directory, and then run the install, as follows:
# cd ipcop-urlfilter
# ./install
Click yes to proceed. The install process begins and will scroll through the installation process and
verify that the installation was successful. After the installation is completed, go back and disable the
SSH access to IPCop by unchecking it. The rest of the configuration will be done using IPCop’s Web
GUI.
Step 2: Enable the Web Proxy

7. Login to the IPCop's Web GUI and under Services tab; you should see a new link for the URL filter
(you may need to refresh the Web page.) indicating it’s successfully installed, however, it will not be
actively filtering web access yet.
31

8. Now to have the IPCop's Web proxy use this content filter, we need to enable it first. You can activate
the URL filter; click Services tab and then select Proxy server and then checkmark the following
options, as shown in Fig. 45:
Enabled on Green: This turn on the Web Proxy
Transparent on Green: This silently redirects Web traffic to be processed by the web proxy
Log Enabled: Create a log file of all usage, even when it is blocked
Finally, under URL filter heading, checkmark Enabled to activate it.
Note 1: Here we wanted the Web content filter to always be enabled even if computer geek users
manage to change the proxy settings within the browser. As long as all of the computer's on the LAN
are using this firewall as their gateway it will always force Internet access traffic to pass through the
web content filter.
Note 2: To enable web content filter, both Enable on Green and Transparent on Green must
be checked. Leaving the Transparent on Green unchecked will still provide web content filtering as
long as it has been set in the web browser's proxy settings. Note also that we have used the default
proxy port of 8080. Click Save to apply the changes, as shown in Fig. 45.
Fig. 45: Enabling Proxy Services
32

Step 3: Configure URL Filter

In this section, we now need to configure the URL filter. To do this, perform the following procedure:
1. Again login to the IPCop admin GUI page, if you done so yet.
2. Next, got the URL filter administrative web page, by clicking the Service tab again and then select
URL Filter; and then scroll down to URL filter maintenance heading. We now need to download the
latest update of blocked sites. The URL filter by default comes with a small block list that is out of
date, and therefore, needs to be immediately updated before using it, see Fig. 46.
3. To update the filter list scroll down to the Automatic blacklist update heading, and select how often
the blacklist is updated. You can set it to Weekly, which is fine for most applications. All four of the
blacklist update sources are free. However, you may opt for a commercial backlist available for a fee
from URLblacklist for which you will choose Custom source URL option.
Using larger blacklist like University of Toulouse or Shalia Secure Services will increase
the number of filter categories to choose from.
Fig. 46: Setting Automatic blacklist update
Clicking Update now will download the latest lists. Be patient it does take some time, depending on
your network bandwidth. When completed, you need to refresh the page, after which you should be
able to see an expanded lists of categories to choose from.
4. The URL filter is highly configurable with many options, and its simple web filter is easy to setup.
Simple click the block categories as desired, e.g., in our case we have selected to block: porn, ads,
gamble, hacking, spyware, and jobsearch., as shown in Fig. 47.
33

Fig. 47
5. Now that we’re done with blocking sites that enforces company web use policy – we need way to
notify users via a warning page – in the event that a user "accidentally" surfs these sites against
company policy.
Key Advanced Settings
There are a few additional settings that most network admin do make the firewall more robust. To this
scroll down, and perform the following tasks, see also Fig. 48:
1. Under Block page settings headings, we need to enable the following:
• Sow category on block page: When a page is blocked, this will show the user what web
filter category is enforced to cause the site to be blocked.
• Show URL on the block page: This will show the actual address that triggered the filter.
• Show IP on the block page: This list the actual IP address of the page visited.
2. Under Advanced settings heading, we need to enable the following:

• Block "ads" with empty window: in the event that an ads category is enabled, this will
be replaced with a blank picture rather than the typical (what?)
• Block sites accessed by its IP: This will block any user trying to access any site
using IP address e.g., http://10.10.1.4 instead of domain name. Almost no legitimate
web sites by there IP address.
34

• Enable log: This setting when enabled ensures that users’ web visits are logged.
4. Finally, don't forget to click on the Save and restart button to apply and effect all the changes.
Fig. 48: Performing additional URL filter settings.
6. Now, anyone surfing to sites which are blocked will get this message on their monitor screen, as
shown Fig. 48. To test this, enter any URL or domain name related to a blocked category.
In this case a user has been denied access to the website, because he tried to search for a job on
accompany computer, which is set to block "jobsearch" category under a company policy. In this
case employees for this respective company are not allowed to use computer non-work relateted use,
e.g., search for job while at work using company’s computers.
35

Fig. 48: A web user denied access to a job search website due to company web use policy.
7. You’re done with URL filter installation configuration and settings.
In the next section we’re going to further extend IPCop firewall capability by installing Copfilter, which
comes with an impressive list security programs like antivirus to keep watch on your network.
Note: At this point before continue with the next section it may be necessary to backup your current
status of your IPCop, as we’re going to do more installation and configuration of the system.
Step 4: Extending IPCop with Copfilter Add-on

The main goal of Copfilter is to provide a free and easy to use solution to filter and scan traffic from any
unsecure network, like the internet, for viruses and spam. It has been designed as a preconfigured and
easy to install add-on for the open source firewall IPCop
Copfilter is a package of various open source traffic filtering software and tools, customized and built to
work together smoothly. All included proxies filter traffic transparently, which means that no client
reconfiguration is necessary.
36

It scans POP3 and SMTP emails for viruses and spam. Instead of a virus infected emails, a user will
receive virus notification messages containing details about originally sent emails, which can also be
quarantined if desired.
Spam emails will be tagged as spam by inserting the following text into the subject field: *** SPAM ***
With this procedure any email client will be able to use its own message filtering rules to automatically
delete or move these spam messages into a different folder for a later review.
HTTP and FTP traffic will also be scanned for viruses. If a virus is found, access to that web page or file
will be denied.
Figure 49 shows the network diagram of an IPCop machine running Copfilter:
Fig. 49: Network diagram of an IPCop machine running Copfilter
Install & Configure Copfilter Add-on on IPCop

We now need to download install and configure Copfilter add-on on IPCop. To do this, perform the
following procedure:
1. Login to the IPCop’s web admin GUI and then ensure that you enable SSH access to allow uploading
of Copfilter.
2. Hope over and download Copfilter, at the time of writing we used copfilter-0.84beta3a.tgz which the
author considers the most stable and place it in your favourite browser
3. Fire-up your WinSCP and login using SSH access, and then move the downloaded file into the /tmp
directory:
# cd /tmp
# tar –xzvf copfilter-0.84beta3a.tgz
# cd copfilter-0.84beta3a
# ./install
# [y/N] y
37

Reboot the systems after installation is successfully completed for the changes to take effect.
Note: On rebooting, the systems might report some errors, as shown in Fig. 50. Hitting enter on the
terminal brought up the login prompt. The problem was the e-mail address where to send reports was
still not set.
Fig. 50: Errors reported during reboot after Copfilter installation. Hit enter and proceed to login.
4. Login to the IPCop web admin GUI, and proceed to correct the email problem by going into the Email
link from Copfilter menu, as shown in Fig. 51.
Fig. 51: To correct the errors, configure the email settings as desired.
5. Reboot the systems again after configuring the Email link on Copfilter.
6. This time round you shouldn’t any errors unless your messaging server is not working correctly.
38

1. Enable HTTP Scanning

7. Next, let’s go ahead and activate some of the security programs that we want to use via Web GUI and
then selecting Copfilter tab. Let’s enable HTTP Scanning to protect internal private network users’
web wandering, as shown in Fig. 52. Next, scroll down and click Save settings (and restart service)
button.
Fig. 52: Enabling HTTP Scanning on Copfilter.
2. Enable AntiVirus (ClamAV, AVG, F-Prot)

8. To enable AntiVirus protection; click Copfilter ÆANTIVIRUS, and then enable settings as shown in
Fig. 53. Remember to update the virus database by click update clamd now button.
Fig. 53: Enabling AntiVirus settings.
Scroll down and click Save settings (and restart service) button.
39

3. Enable FTP Scanning

9. Next, we need to protect users’ who download files using FTP protocol. Click Copfilter tab Æ FTP
Filter, as shown in Fig. 54
10. Now, for maximum protection, we need to enable FTP Scanning through Copfilter by enabling it on
the GREEN and ORANGE network. Next, click Save settings (and restart service) button.
Fig. 54: Enabling FTP Scanning settings.
4. Enable POP3 Scanning (P3Scan)

The Post Office Protocol Version 3 (POP3) is the industry standard for receiving email. The goal of our
configuration is to block spam/malware from being received via our email clients.
To do this, perform the following procedure:
1. To access these setting go to Copfilter Æ POP3 FILTER configuration, to access POP3 Scanning
(P3Scan), as shown in Fig. 55. The following options detail those to be turned ON and all others will
be left in the default OFF configuration.
• Enable P3scan on incoming traffic on GREEN: ON

• Enable P3scan on incoming traffic on ORANGE: ON
• Add Copfilter Comment to Email Header: ON
• Quarantine Spam if … ***: OFF
• Tag Spam in Emails and modify the subject: ON
• Stop Virus email and send virus notification instead: ON
• Send a copy of virus notification to Email address ON
• Quarantine virus infected emails: ON
• Remove emails in quarantine if older than (in days): 7
• Finally, click on Save settings (and restart service)
40

Fig. 55: Enabling POP3 Filter on Copfilter
Note: The net effect of this configuration will be an aggressive stance on scanning, dropping and
notifying you of the spam/malware, before it reaches your internal network
5. Enabling Monitoring of Copfilter

To enable Copfilter monitoring, click Copfilter tab Æ Monitoring, and then change Monitor all
enable service to on. Next, click Save settings (and restart service) button, as shown in Fig. 56.
This service enables you to monitor the core services of the Copfilter application. It provides you some
resilience by automatically restarting applications should they fail.
Fig. 56: Enabling monitoring on Copfilter

41

6. Viewing Copfilter Status

11. Finally, we need to view the settings that we have enabled under Copfilter Add-on.
12. To do this, click Copfilter tab Æ Status, to access the Copfilter status web page, as shown in Fig. 57.
From here you can manage the settings as desired.
13. You’re done with Copfilter installation and configuration.
Fig. 57: Viewing Copfilter status.
Note: You may enable other Copfilter service as desired.
Part 5: Checking IPCop Memory Usage

Now that we managed to expand the functionality of IPCop, we also need to keep an on the memory
usage to ensure that our firewall systems is staying healthy.
1. To do this, click Status tab Æ System. There is 40% increase in memory usage after enabling
security programs under Copfilter.
2. Since we’re running IPCop firewall as a virtual machine, adding more memory is as easy as editing
the virtual machine’s settings, i.e., no more need to open a physical box!
3. Shutdown the IPCop virtual machine, then from the VMware Machine infrastructure, click VM menu Æ
Settings and then from the Hardware tab, click Memory and then adjust memory settings as desired,
in our case we have set it to 1.5G.
42

Part 6: Enable Intrusion Detection System (IDS) Monitoring on IPCop

1. To enable IDS on IPCop, click Services tab Æ Intrusion Detection and then enable IDS setting as
shown in Fig. 58.
2. To utilize Sourcefire VRT Certified Rules, you need to register on www.snort.org. Activate you’re your
Account via the link emailed to you.
3. Go to USER REFERENCES, press "Get Oink Code" button and copy the 40 characters Oink
Code and past it on the empty text box space next to Oink Code:, as shown in Fig. 58.
4. Click the Save button, and then click Refresh update ruleset button
5. You’re done.
Fig. 58: Enabling IDS on IPCop.
Note 1: Remember to backup you IPCop virtual machine just in case you may want to restore it in
case a catastrophic system failure.
Note 2: In case of error like "HTTP::Response=HASH(0x82a3c14)->code registered md5",

then check the solutions at the end of this Hands-on Lab.
6. The final system Services running is now as shown in Fig. 59.
43

Fig. 59: Services running on IPCop.
You’re done with lab assignment for now. However, you may continue to explore and expand the
functionality of your IPCop machine as desired.
Part 7: Install Zerina's OpenVPN Package for IPCop

In this section of this Hands-on Labs, I’ll walk through setting up a basic VPN server that would work for
most people that want constant access to their files or want to take advantage of being secure no matter
where they are, i.e., anywhere anyplace anytime access, there is an IPCop module called Zerina that set
ups OpenVPN on IPCop. While IPCop does come with a built-in VPN server, by using OpenVPN you will
be able to leverage the nice GUI clients that are available for it.
Step 1: Install Zerina OpenVPN

To install Zerina’s OpenVPN, perform the following procedure from the InternalPC (Virtual Machine 2):
1. Login to the IPCop’s Web Admin GUI and enable SSH, this will allow us to use WinSCP to upload
OpeneVPN package into IPCop system.
2. Hope over and download the ZERINA installer and save it to one of your favorite directory. At the time
of writing this article, we downloaded "ZERINA-0.9.7a14-Installer.tar.gz"
3. Now use WinSCP to upload the downloaded file into /tmp directory, and then issue the following
command
# cd /tmp
# tar –xzvf ZERINA-0.9.7a14-Installer.tar.gz
# ./install
The addon is now installed.
44

Troubleshooting: If you encounter a problem during Zerina installation with IPCop versioning, it’s
because Zerina installer does a version check. Open the "install" file with your favorite Text
editor and change the relevant line. This has been discussed here before and a search on "1.4.21"
and "Zerina" would have got you this information. OpenVPN is copyright and trade mark of OpenVPN
Technologies, Inc., a Delaware corporation in US.
4. When done with OpenVPN installation, do ensure that you have disabled SSH.
5. Head back to http://192.168.2.1:81, click VPN tab, and then select OpenVPN. You will see the
screen as shown in Fig. 60. This page has all of the configuration options for OpenVPN.
1. Configure OpenVPN
6. Now set up the following:
• Check the box next to "OpenVPN on Red", which is the external connection you want
OpenVPN to listen on.
• Change "Local VPN Hostname/IP" to a different IP Range (i.e., 192.168.83.211)
• Change "OpenVPN Subnet" to the appropriate settings for your IP range
• Change "Protocol" to TCP.
• Check the box next to "LZO-Compression"
• Click Save
Fig. 60: Configuring OpenVPN on IPCop
7. Next, from Fig. 60, click the Advanced Server Options screen and under the Additional Push
Route section, in the first box type in the IP / Subnet of your Remote IPCop GREEN network. There
are 6 boxes, in our case, I’ll only fill the 1st box, as follows:
GREEN Subnet: 192.168.0.0/255.255.255.0
Click: Saved Advanced Options
2. Generate OpenVPN Root/Host Certificates

8. Click Generate Root/Host Certificates button to generate the certificates. Complete the required and
optional fields as desired, see Fig. 61. When done click the Generate Root/Host Certificates again.
45

Fig. 61: Generating Root/Host Confiscates
2. Generate Client Certificates

9. Scroll down and click on the "Add" button "Roadwarrior Client status and control"
heading. If you are using the stable version you can only click Roadwarrior, so just click the "Add"
button again. Fill out the form to generate an OpenVPN certificate for the computer that you want to
access the VPN, see Fig. 62. Click on the Save button when done
Fig. 62: Generating Roadwarrior client confiscates

46

Note 1: On the OpenVPN configuration page, under the Roadwarrior Client status and control
heading, after you have created a client connection profile, you will see the icons next to it on the
right-hand side, as shown in 63. You can download it by clicking the Diskette icon.
Fig. 63
Note 2: Click the icon to the left of the info icon, and save the .zip file in favorite folder. You’ll need
to get this file to the client/remote computer (e.g. via USB memory stick or email).
10. Now that everything is set up, click on the "Start OpenVPN" button to start the OpenVPN server. If
everything is set up correctly the status will change to "Running".
Step 2: Install and Configure OpenVPN on the Client
In this section we’re going to install and configure OpenVPN on the Client machine (Roadwarrior
machine). To do this, perform the following procedure:
1. Hope over and download and install OpenVPN, in our case we’re going to setup on Windows, so we’ll
download OpenVPN GUI as it allows the user to start and stop OpenVPN from a taskbar icon.
(Linux/Unix users can either download and compile OpenVPN or download it via their package
managers.)
2. Click to download "openvpn-2.0.9-gui-1.0.3-install.exe" at the time of writing; and then click Run and
Run again and follow the OpenVPN Setup Wizard shown in Fig. 64 to complete the installation.
Fig. 64
Note: When done you should see an additional icon on your Task bar.
47

Unzip OpenVPN client package

3. Take the client package that you saved in Step 2 item 9, and unzip the contents into your OpenVPN
client config directory, i.e., probably located at: "C:\Program Files\OpenVPN\config".
4. Extra these files in the C:\Program Files\OpenVPN\config folder on your client computer. Open
the ".ovpn" file in a text editor verify that the ‘remote’ line IP Address points to your external IP; if it’s
not change as desired. If you have a dynamic IP address, then I would suggest signing up for a
dynamic DNS service like DynDNS.org (which IPCop has an update client for) and replacing the IP
with your DynDNS address.
5. Connect to the VPN Server on IPCop

Make sure that OpenVPN is running on the IPCop virtual machine or box, and that you are connected
to the Internet.
Right-click on the OpenVPN icon and click Connect, as shown in Fig. 65. Enter password we set in
Step 2, list 9, and you should be connected, and the icon should change to .
Fig. 65
6. OpenVPN should connect to your firewall and assign you an internal IP address in the range
"10.231.132.0" range by default. From this point you can browse your home computers just like
you were sitting at home
7. To test your connectivity to the Private network, ping the Internal PC from the Roadwarrior Remote
client machine, and as can be seen in Fig, 66, we are able to have connectivity without any problem.
Fig. 66
48

Connect to the Exchange Server 2k3 to check Email

8. You can even connect to the Exchange Server 2003 to check and manage your emails while on the
road, as shown in Fig. 67.
Fig. 67: Accessing Email while on the road.
You’re now done with installing and configuring OpenVPN on IPCop firewall
Stay tuned as I’ll continue to add more info and hands-on labs!
Part 8: Troubleshooting Problem with Intrusion Detection (Snort) on IPCop Firewall 1.4.21
To solve the problem when updating issue error: "HTTP::Response=HASH(0x82a3c14)->code
registered md5",
1. In case you encountered any problem after installing & setting up Intrusion Detection with Surcefire
VRT Certified Rules using Oink Code, and when you tried to Refresh update list, if you see the
following error messages:
• When running update the Error is:

HTTP::Response=HASH(0x82a3c14)->code registered md5
1. When running download the Error is:

49

HTTP::Response=HASH(0x82a3c68)->code
The reason is that currently snort.org publishes rules now on current branch that are no more
compatible with snort-2.6.1.5
We have manually added the current branch, to - date it is 2. You can find on snort if you have
your account on snort.org under My Account-->My Oinkcodes along with the code (You must
have account at snort to access code and use snort in IPCop).
Solution: it is a manual fixation in the code.
2. Open the /usr/local/bin/snortrules.pl in a Text editor.

root@ipcop:~ # /etc/snort # nano /usr/local/bin/snortrules.pl
3. Change the value from 2.6 to 2.8 at line no 54.

my $rulesbranch="2.8"; # version should match snort branch version
2. Save to effect the changes.
3. Click Save Æ click Apply now Æ click Refresh update list Æ click Download new ruleset.
Note: It should work, no update rule-set failure or MD5 checksum error.
You’re done with IPCop firewall setup and configuration. In the next session, you’ll learn how to test and
audit your network security defence and vulnerability effectiveness.
Part 9: Different IT Security Vulnerability Scanning and Testing Techniques

1. Security testing service can provide different levels of security assurance as shown in Fig. 68.
2. Vulnerability scanning typically uses automated systems. It requires minimal hands-on intervention in
the qualification and assessment of vulnerabilities. This is a fast and inexpensive way to ensure that
no obvious vulnerabilities exist, but it doesn’t provide the granular analysis found in a full manual test.
3. Network security assessment sits between vulnerability assessment and full penetration testing and
utilizes an effective blend of tools. It requires qualified and trained security analysts.
4. Full penetration testing involves multiple attack vectors to compromise the target environment. Within
the security community penetration testing is considered an ‘art’
50

Assessment
Depth
Network Security Areas

Internal - Border routers
Penetration Testing
Network - Firewalls
- IDS (Intrusion Detection System)
DMZ Network Assessment - IPS (Intrusion Prevention System)
- VPN devices
Internet
- Software architecture
Vulnerability Scanning
- DMZs and screened subnets
- Hosts
Cost/Time
Fig. 68: Cost of performing network vulnerability testing
Step 1: Network Penetration Testing Methods

1. Enterprise security analyst should perform penetration testing and vulnerability assessments based on
proven security methodologies (e.g., ISSAF and OSSTMM) and industry recognized best practices
e.g., ITIL and ISO_17799. There are three types of approaches to penetration testing:
• zero-knowledge test
• full knowledge test
• partial knowledge test
2. The target organization must decide what type of test is the best according to their IT security needs.
i. Zero-knowledge attack (black box): the penetration team has no real information about the
target environment and must generally begin with information gathering. This type of test is
obviously designed to provide the most realistic penetration test possible.
ii. Partial knowledge test (partial black box): the target organization provides the penetration
test team with the type of information a motivated attacker could be expected to find, and
saves time and expense. To conduct a partial knowledge test, the penetration team is
provided with such documents as policy and network topology documents, asset inventory,
and other valuable information.
iii. Full-knowledge attack (white box): the penetration team has as much information about the
target environment as possible. This approach is designed to simulate an attacker who has
intimate knowledge of the target organization’s systems, such as a current or former
employee.
51

Step 2: Information Systems Security Assessment Framework (ISSAF)

The ISSAF is intended to comprehensively report on the implementation of existing controls to support
IEC/ISO 27001:2005(BS7799), Sarbanes Oxley SOX-404, COBIT, SAS70 and COSO, thus adding value
to the operational aspects of IT related business transformation programs.
Rationale: It provides a useful framework and comes with a detailed documentation for penetration
testing. In particular, in reference to section S - Web Server Security Assessment , section T - Web
Application Security Assessment, section U – Web Application Security Assessment - SQL injections,
section V - Source Code Auditing.
Step 3: IT Risk & Vulnerability Testing Tools

There are two very powerful open source tools that can be used for IT Risk & Vulnerability Assessments,
these are: Metasploit Framework, Nessus, and FoundScan (see also Fig. 69).
1. Metasploit Framework
• What is it?
The Metasploit Framework is a development platform for creating security tools and exploits. The
framework is used by network security professionals to perform penetration tests, system
administrators to verify patch installations, product vendors to perform regression testing, and
security researchers world-wide. The framework is written in the Ruby programming language
and includes components written in C and assembler.
• What does it do?
The Metasploit Framework consists of tools, libraries, modules, and user interfaces. The basic
function of the framework is a module launcher, allowing the user to configure an exploit module
and launch it at a target system. If the exploit succeeds, the payload is executed on the target and
the user is provided with a shell to interact with the payload.
2. Nessus
Nessus is an open-source network vulnerability scanner that uses the Common Vulnerabilities and
Exposures architecture for easy cross-linking between compliant security tools. Nessus employs the
Nessus Attack Scripting Language (NASL), a simple language that describes individual threats and
potential attacks.
Nessus has a modular architecture consisting of centralized servers that conduct scanning, and remote
clients that allow for administrator interaction. Administrators can include NASL descriptions of all
suspected vulnerabilities to develop customized scans. Significant capabilities of Nessus include:
• Compatibility with computers and servers of all sizes.
• Detection of security holes in local or remote hosts.
• Detection of missing security updates and patches.
• Simulated attacks to pinpoint vulnerabilities.
• Execution of security tests in a contained environment.
52

• Scheduled security audits.
The Nessus server is currently available for UNIX, Linux and FreeBSD. The client is available for UNIX- or
Windows-based operating systems.
Part 10: Need More Training on Linux:

Are you having trouble understanding or comprehending the working of Linux OS, if so, then check out
some of our introductory courses on Linux at: Global Open Versity, Vancouver Canada.
Part 11: Hands-on Lab Assignments

Use Figs. 3 and 70 to help you with your Hands-on labs:
1. Install and configure DNS server for your private network placed within the DMZ LAN
2. Install configure a messaging server for your network placed within the private LAN with mail relay
placed in DMZ.
3. Install and configure a Web server for your network placed within the DMZ LAN
4. Install and configure a LAMP server for your network placed within the private LAN
5. Install and configure a CRM server for your network placed within the private LAN
6. Finally ensure that all systems are able to connect and communicate seamlessly.
7. Enable & Configure VPN access for company road warriors to access the private network.
8. Install & setup Metasplot and Nessus and use them to test and audit your network.
-----------------------------------------------
Kefa Rabah is the Founder and CIO, of Serengeti Systems Group Inc. Kefa is knowledgeable in
several fields of Science & Technology, IT Security Compliance and Project Management, and
Renewable Energy Systems. He is also the founder of Global Open Versity, a place to enhance
your educating and career goals using the latest innovations and technologies.
ICT202 - Linux Enterprise Infrastructure Engineering Diploma

This is an advance Linux course for IT professionals, Network Infrastructure
Engineers in enterprise business information technology (IT) strategy &
development. The goal of this course is to equip students and IT professionals with
advance Linux skills required in enterprise infrastructure planning, design,
development, implementation and deploying complex network infrastructure. In this
course you will learn how to install and configure Linux OS. Design & implement a
DNS master & slave servers for redundancy. Deploy virtual domains suitable for ISP
solution. Configure DHCP and Firewall solutions. Design & Install & Deploy Secure
Apache Tomcat AS. Design & Implement OpenLDAP or OpenDS infrastructure for
Single-Sign-On (SSO). Deploy Sendmail, Postfix & Zimbra messaging systems.
Install Email clients Thunderbird & Evolution. Deploy JBoss & JPortal infrastructure.
Integrate Samba with Windows Active Directory & Mac OSX infrastructure for SSO.
GlassFish & SAML on Linux, Deploy Moodle LMS. Deploy SugarCRM. Upon
completion of this course you will have gained advance knowledge and skills at
expert competency with capability to deploy complete medium enterprise level
network infrastructure solution. Or start your own ISP business or Linux consultancy
services. PREQ: BM103, BM200, CIS102, CIS105, CIS107, CIS200,
CIS202/CIS402, & CIS204.Donate and help others bridge the digital divide
Enhancing experiential education to all through eLearning in the 21st Century
53

Fig. 70: A more practical network
Internet
© January 20, 2007
Global Open Versity,
Vancouver Canada
Business
Partners
Access
Public IP address
Internet Wi-Fi
DMZ Network
Switch 1
FTP Server
192.168.0.0/24
IDS IPCop
Switch 2 Firewall
Web Server
Internal Private LAN

Linux
Messaging RHE5
Server Samba
Server
192.168.10.0/24
IDS IDS
Switch 4 - Rm 301 Switch 3 Switch 5 - Rm 302
Win7
Mac OSX Server: Win2k8 AD
Dbase
Linux Internal
Wi-Fi Wi-Fi
Win-Vista
Switch 6 - Rm 300
SSO Access to
Network Resources
Terminal
WinXP
Note: Add network devices to switches 3 & 4 or any other part of the network as desired.
54

Deploy Secure Network Defense Solution For Small Enterprises Using IPCop Firewall v1 4

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Deploy Secure Network Defense Solution For Small Enterprises Using IPCop Firewall v1 4

Hochgeladen von

Copyright:

Verfügbare Formate

Global Open Versity, Vancouver Canada Secure Network Defense for SMB using IPCop Firewall v1.

Global Open Versity

Deploy Secure Network Defense for Small Enterprises

Table of Contents Page No.

2.0 Historical Overview of IT Network Security 4

Network Diagram Configuration 6

Part 1: Install & Configure IPCop Firewall 8

Part 2: Install Internal PC (Virtual Machine 2) for Remote Administration of IPCop 26

Part 3: Testing IPCop Security using NMAP 29

Part 4: Installing Add-Ons to Extend IPCop Capability 31

Part 5: Checking IPCop Memory Usage 42

Part 6: Enable Intrusion Detection System (IDS) Monitoring on IPCop 43

Part 7: Install Zerina's OpenVPN Package for IPCop 44

Part 9: Different IT Security Vulnerability Scanning and Testing Techniques 50

www.globalopenversity.org ICT202 - Linux Enterprise Infrastructure Engineering Diploma

Part 10: Need More Training on Linux: 53

Part 11: Hands-on Lab Assignments 53

© A GOV Open Access Technical Academic Publications License

www.globalopenversity.org ICT202 - Linux Enterprise Infrastructure Engineering Diploma

Global Open Versity