Wednesday, 1 October 2014

NAGIOS

Nagios is one of the well-knows tools for monitoring servers and services in a network. It works on a client-server structure that means there is a server regularly connects to Nagios clients and obtain the latest state of the servers and services.
In Nagios we define hosts, and services and we can group them together for ease of management.
A Host is an actual machine. e.g. a physical server or a work station.
We define a host as below:

define host {
        use                     generic-host
        host_name               ns1.ksa.com
        alias                   NameServer
        address                 10.10.0.4
        }

A service is an actual UDP, TCP, or ICMP that does specific job such as HTTP service. We define a service as below:

define service {     
        use                     generic-service
        host_name             ns1.ksa.com
        service_description   PING
        check_command               check_ping!100.0,20%!500.0,60%
        }

Nagios comes with a bunch of plugins and each of which does a specific job. As shown above, a PING service was defined to regularly check the state of the target (a Nagios client).

On each client a nagios-nrpe-server should be installed. This component allows the Nagios server to send the service/server health-check commands to the clients. It is installed with the following command.

sudo apt-get –y install nagios-nrpe-server

It should be configured that to which server the Nagios client should listen to.

allowed_hosts=10.10.0.5     //IP address of the nagios server

So far, we have deployed a Nagios Server on a raspberry pi and a Nagios client on the KSA’s main server. We have configured the Nagios to check the following services:
·            Number of running processes
·            * Disk usage
·           * Number of logged in users
·           *HTTP service monitoring
·         *  And MySql service monitoring


One of the functionalities of the Nagios is to notify network administrators when incidents happen. For example a server goes down or a service stops working. We will configure the Nagios to send us email when a service/server fails using our email server.

Sunday, 21 September 2014

working for cisco ASA & Wordpress Content Management system(CMS)

I have been working on Cisco ASA to facilitate both internal and external access (from NZ and the USA) to the KSA’s web server. Because we only have got one DNS server in the main branch (Saudi Arabia), we should set all clients to use the main DNS server for resolving *.ksa.com IP addresses. For this reason, I opened access to UDP port 53 in ASA. Similarly, I opened TCP port 80 and 443 for both the client to visit www.ksa.com web site.
I am currently working on creating a simple website for the KSA using the WordPress Content Management System (CMS). The reason I am chose the CMS is that it is easy to create and manages pots (content). I am going to create the following items for the KSAs’ website.
1- Introduction: brief explanation of the KSA oil company
2- Products: briefly talking about KSA products
3- Contact US: A simple form for the user to contact the KSA company

Monday, 18 August 2014

Report for the period of 28th July till 18th Aug

I have been working on deploying Internal firewall. I was struggling with it as I observed the GUI was not working properly and I had to reset the configurations and set it up again. I finally could manage to get it working.

Besides, I have spent some time on installing Snort IDS. There weren't a lot of materials for Installing  the latest version of snort on Ubuntu 14.04. However, I could find a good resource to follow and could install it on my Ubuntu server. Now, I can use the pre-built rules as well as creating new rules using the following:

action protocol fromIP fromPort -> toIP toPort (msg:"message"; sid: any number;)
Now I am trying to install a web-interface to easily interpret the snort logs and statistics.

Sunday, 27 July 2014

Research on IDS-IPS

I have spent some time researching on Intruder Detection System (IDS) and Intruder Prevention System (IPS) last week. I offered IDS/IPS to detect and prevent network attacks (both onside and outside). There are two types of IDS. Network-based IDS or NIDS or host-based IDS or HIDS. In this research I mainly focused on NIDS. I am going to install IDS/IPS on the honeypot machine (a server mirroring all functionalities of a real server) because honeypot is the point of attraction for attackers. I can capture and store network traffics using Snort (linux-version) on the honeypot server and use latest signatures to identify attacks.
In next few days I am going to deploy the IDS/IDS on the honeypot server.

In addition to above research, I was working on the demo and trying to solve the ASA issue. The problem is when we added the ASA into our network, it sometimes causes problem. For example, it sometime passes the ICMP packets and sometimes gives me "Request Timeout" messages. I reckon the problem is I made a loop in the network somewhere in my configurations. So, solving this problem is going to be my main focus for next couple of days.

Sunday, 20 July 2014

Nagios

·      Nagios: Nagios allows us to cover the following items:
o   Monitor the Internal networks in the branches
o   Detect problems before they happen
o   Notify network administrators immediately when problems occur
o   Improve the availability of the servers and services
Using a free version of Nagios on Ubuntu is proposed to use in the project



1.   $ sudo apt-get install openssl nagios-nrpe-server nagios-plugins nagios-plugins-basic nagios-plugins-standard
2.   cp -p  /etc/nagios/nrpe.cfg /etc/nagios/nrpe.cfg.orig
3.   vi /etc/nagios/nrpe.cfg
4.   Change allowed_hosts=127.0.0.1 to nagios server

5.   /etc/init.d/nagios-nrpe-server restart


Xmpp

Extensible Messaging and Presence Protocol (XMPP): XMPP is known as secure and free instant messaging protocol. We want to use ejabberd to implement XMPP in this project. Ejabberd uses erlang (distributed database language) to share the user database with another XMPP server. In other words, we can have a chain on XMPP servers (one in each branch). 


to install xmpp by following stapes :-

1-    One XMPP server for each branch.
a.   xmpp.ksa.com
b.   xmpp.nz.ksa.com
c.   xmpp.us.ksa.com
2-    Using ‘ejabberd’ for implementing XMPP. Ejabberd was chosen for KSA because it is free, open-source and multi-platform instant messaging service that supports offline messaging with distributed databases (using ERLang).
3-    Downloading and running XMPP
e.   following the installation steps
4-    Creating an XMPP user
a.   sudo ejabberdctl register {username} ejabberd.thehii.com {password}
5-    Access to web based control panel

a.   http://IP address:5280/admin/