VMware

  Download

Download this Appliance

  Community Feedback

16 votes

Log in to rate item

Comment on this appliance

  Related Categories

Administration | Challenge Entry Appliance | Consumer | Networking | Security

Network Security Toolkit (NST) Virtual Machine

Best-of-breed open source network security applications with supporting scripts and a web-based front-end management interface.

Description

 

***NOTE: On 2007-02-23, A New NST Virtual Machine Was Released: v1.5.0***

Download: nst-vm-1.5.0.zip

The password for this release: nst2003

****************************************************************************

 

CONTENTS

NST OVERVIEW

The Network Security Toolkit (NST) is a system that provides easy access and management capability to best-of-breed Open Source Network Security Applications. The purpose for development of the toolkit was to provide the network security administrator with a comprehensive set of Open Source Network Security Tools for testing, assessing, analysis, monitoring and validation of security architectures. The majority of Open Source tools published in the article: "Top 100 Security Tools by insecure.org" are available for use with the toolkit. A Web User Interface (WUI) was designed with the toolkit and provides the management component for a NST system. Access to a NST system can occur through Secure Shell (SSH), Virtual Network Computing (VNC) or a SSL Web connection (HTTPS). Documentation and downloads related to the NST project can be found at http://www.networksecuritytoolkit.org/.

NST NOT BOOTING

We have had several reports that the NST Virtual Machine has failed to boot on some systems. This is due to the fact that this NST Virtual Machine was built using a SMP kernel (Linux 2.6.16-1.2108_FC4smp)

We have finally located a system which demonstrated this issue (a Dell Inspiron 8600).

We have concluded that some non-SMP systems, such as the Dell Inspiron 8600, are incapable of booting a SMP kernel within a VMware machine. Most systems, such as the Dell Inspiron 8200, do not suffer from this issue. Unfortunately, this discovery was not made until well after the contest was closed.

If you have a system which exhibits this problem, there is no easy fix that we are aware of. The next release of the NST Virtual Machine (v1.4.2) will be built with a non-SMP kernel.

NST FEATURES

NST has been used by many security administrators for network traffic analysis and management, intrusion detection, intrusion prevention, system forensics, network packet generation, wireless network monitoring, a virtual system service server, vulnerability exploit testing or a sophisticated network/host security scanner. Each network interface configured on a NST probe system can be used simultaneously by different network security applications. NST also makes an excellent tool to help one with different types of disk crash recovery forensics and hardware troubleshooting scenarios. This can all be done without disturbing or modifying any underlying system disk.

Two of the many NST WUI management interfaces are briefly described. The first is a Snort Intrusion Detection System (IDS) interface. NST provides complete end-to-end management and integration for Snort, Bleeding Edge of Snort, Open Source Snort Rules Consortium (OSSRC), a backend MySQL database for alert storage and the Basic Analysis and Security Engine (BASE). A federation of IDS probes can be deployed and managed in an enterprise class configuration using NST. The second is a Network Capture Management interface using the Ethereal Network Protocol Analyzer suite. This management interface provides a web-based front-end to the Ethereal dumpcap packet capture engine for capture monitoring, a specialized packet decoding interface, PDF packet report generation and downloading to a local or remote Ethereal protocol analyzer for analysis.

ALTERNATIVE DOWNLOAD

You may download the NST Virtual Machine from this page using a Torrent client.

Alternatively, you may download the NST Virtual Machine using a standard web browser from http://prdownloads.sourceforge.net/nst/nst-vm-1.4.1.zip?download.

For a full list of the files related to the NST project (including the source used to generate the NST Virtual Machine), see the SourceForge Files Page associated with the NST project.

NST VIRTUAL MACHINE CONFIGURATION OVERVIEW

The VMware Player application allows one to run a virtual machine instance of NST as a guest on any machine (Linux and/or Windows XP) configured with the VMware Player software. The NST Virtual Machine is installed on an 8 GB virtual disk ready to run. A full complement of virtual components (USB, 2 Serial, 3 Ethernet devices and Audio) are configured but left in a disconnected state permitting the user to choose what devices the NST Virtual Machine will have access to. The VMware tools and modules are pre-installed in the NST Virtual Machine to facilitate optimal performance and interoperability with the host OS.

GETTING STARTED WITH THE NST VIRTUAL MACHINE

Use these steps below to start up your NST Virtual Machine:

  • Download and install the "VMware Player".
  • Download the current NST Virtual Machine distribution: "nst-vm-1.4.1.zip".
  • Unzip the distribution: "nst-vm-1.4.1.zip" (this will require at least 1.2GB of disk space on your host system).
  • For a Windows based host system double click on the "nst-vm-windows-1.4.1.vmx" file contained within the "nst-vm-1.4.1" folder to startup your NST Virtual Machine. For a Linux based host system one can use the following command line: "vmplayer nst-vm-linux-1.4.1.vmx &" to startup your NST Virtual Machine.
  • You will initially see the BIOS screen, followed by the boot loader, followed by text output as the system loads. Next you will be presented with a graphical login screen.
  • At this point, you will need to log in as the system administrative user: "root" and an initial password of: "nst@2003".
  • Once logged in, a graphical desktop will be running with the following applications: “gkrellm' (system information), "VMware Tools" (minimized - enhanced Virtual Machine experience), and the "Firefox" web browser (NST WUI: System Management).
  • You will need to authenticate yourself to the "NST WUI: System Management" with “root” as your login and “nst@2003” as your password (these initial values have already been filled in - just press "OK").
  • After logging in, you should immediately change the system password using the large red "SET PASSWORD!" button.
  • From this point, we recommend that you explore the capabilities of the toolkit through the NST WUI. See: "Using the Network Security Toolkit" for additional details.
  • You can also launch network and security applications from the desktop (FluxBox) menu. You do this by right clicking on any open space on the desktop.
  • By default, the NST Virtual Machine will obtain its IP address using DHCP on the first network interface detected.

ADJUSTING THE DISPLAY SETTINGS

The system comes pre-configured to run with a virtual screen resolution of: "1024x768". You can alter this default value by:

  • Pressing the "System Configuration" button.
  • Next, press the "Video Configuration" button.
  • Scroll down to the "Adjust X Settings" section.
  • Enter the values to match your display and then press the "Adjust X Configuration" button (some common resolutions values are provided for quick entry in the table below).
  • After changing the values, you will need to apply them by pressing the "Terminate/Restart X Services" button. NOTE: This will restart your desktop and you will need to log back in.

ADDING ADDITIONAL NETWORK ETHERNET ADAPTERS

The NST Virtual Machine is initially configured to support 3 ethernet devices to facilitate multiple network security applications on different network interfaces. You will will need to configure your VMware environment in order to use additional network adapters. A detailed guide on how to do this for both Windows and Linux can be found in the "VMware Questions" section of the "NST FAQ".

REMOTE ACCESS TO A NST VIRTUAL MACHINE

By default, the NST Virtual Machine will start with "HTTPS" and "SSH" services enabled for secure remote access. This allows one to use a web browser or a "SSH" client for remote management and monitoring.

In order to access the NST Virtual Machine remotely, you will need to determine its IP address. The NST Virtual Machine will obtain its IP address using DHCP. The DHCP IP address is conveniently located on the title line of the Web User Interface (WUI) which is displayed immediately upon login or by pressing the "Home" icon on the "Firefox" toolbar.

We recommend one uses the "Firefox" web browser, with its "tabbed" browsing support, for optimal NST WUI usage. For example, if your NST Virtual Machine has a IP address of: "192.168.0.56", you could access it from a Windows System on your network using "Firefox" (or "Internet Explorer") by entering the URL of: "https://192.168.0.56/". Alternatively, you could use a "SSH" client application (such as PuTTY for Windows) and open a connection to: "root@192.168.0.56".

NST also includes a VNC session management interface for the creation of up to 99 vitual display desktops for remote access. Additional NST users may also be created. One can use a VNC client to remotely attach to one of these virtual desktops.

UPDATING A NST VIRTUAL MACHINE

NST includes a mechanism for updating the NST WUI management interface. Maintenance patches or enhancements to the NST WUI can be downloaded to a NST Virtual Machine. One could also create customized NST WUI interfaces for site specific requirements. The NST WUI page for update management can be found under: "System" => "Downloads" => "Update NST WUI". Check this page periodically for updates to the NST WUI management interface.

A "NST WUI System File Patch Management" page also exists and is used for maintaining system files within a given NST distribution. This page can be found under: "System" => "Downloads & Updates" => "NST System Patch Management". Check this page periodically for updates to system files associated with your NST distribution. ***Note: You will first need to update your NST WUI management interface with the latest updates in order to use the "NST WUI System File Patch Management" page.

VIRTUAL APPLIANCE GENERATION

One of the fundamental strengths of the NST architecture is the fact that we automate the build and packaging process as much as possible. We start with a base Fedora Core 4 distribution and process numerous scripts to fetch, build and install best-of-breed Open Source Network Security Applications.

In order to maintain our "automation" philosophy, the "nstvmware" script was created for the purpose of building virtual appliances. Details on how the "nstvmware" script was used can be found in the "Creating The NST Virtual Machine" section of the "nstvmware" man page.

While creating scripts and documentation takes time, there are several benefits:

  • Since we have automated and documented the process of generating the NST Virtual Machine, it will will simplify our lives in future releases. It will also help reduce the chances of "forgetting" what needs to be done.
  • We can create different “appliances” via the “-a APPLIANCE” option. The hooks are in place for an developer to easily create many different types of virtual appliances (SQL servers, proxy server, network attached storage, etc).
  • We have made the “-a APPLIANCE” option truly optional. If one runs: “nstvmware -m install” (without the appliance option), NST will be installed into the VMware virtual machine in its normal mode (appear as if one had a standard NST hard disk installation via the "nsthdinstall " script).

Last updated: 02/28/2007

Operating system: Linux 2.6.16-1.2108_FC4smp

Applications installed:
NST Web User Interface (WUI), ethereal, nessus, nmap, ntop, snort. See the NST manifest for a full listing.

VMware Tools installed: Yes

Size: 330 MB
Torrent available: Yes
(What is BitTorrent?)

Primary account
Username: root
Password: nst@2003

Submitted by: pblankenbaker :O

Download link provided by the submitter, not VMware. Report broken downloads here.


« BACK...