What is a Network Security Toolkit?

S.A. Keel

The Network Security Toolkit (NST) is a suite of free, open-source applications for the monitoring, analysis, and maintaining of security on a computer network. NST comes standard as a International Organization for Standardization (ISO) disk image that contains its own, complete operating system, the top open-source network security applications used by security professionals, and a web user interface (WUI) for working with those tools. The disk image can be written to an optical disk, CD Rom or DVD Rom, and booted on most any 32-bit and 64-bit computer systems based on the Intel 8086 (x86) Central Processing Unit (CPU).

The Network Security Toolkit allows for the monitoring, analysis and maintaining of security on a computer network.
The Network Security Toolkit allows for the monitoring, analysis and maintaining of security on a computer network.

As a stand-alone system, the Network Security Toolkit operating system is based on the Fedora Linux operating system distribution. NST uses many of the software packages included in the standard Fedora Linux distribution — including the Yellowdog Updater, Modified (YUM) package manager — to manage updates to its operating system components as well as the software packages for the network security applications themselves. Though NST can be downloaded, burned to an optical disk and run as what's called a live distribution, it's not the only way the Network Security Toolkit can be run or installed. Some methods for installation provide benefits over others, depending on how NST is intended to be deployed and used.

A network security toolkit can be installed on a CD or DVD.
A network security toolkit can be installed on a CD or DVD.

As a live distribution, the Network Security Toolkit can be installed on an optical disk, such as a CD Rom or DVD Rom, or a portable universal serial bus (USB) flash drive and then booted, or loaded, into a computer system's random access memory (RAM). While very portable, the live method is incapable of retaining information such as passwords or other saved data between sessions, and any updates to the NST software is limited by the amount of available RAM. It is possible to setup a persistent version of NST on a USB flash drive that is as portable, and will retain security information that has been gathered during the session and can then be transferred to another computer for analysis. Again, though, even using the persistent USB method, software updates are limited. NST can also be installed in a fixed form, on a computer hard drive, which will provide persistence of data and easy updates, but is incapable of relocation.

Another method for implementing the Network Security Toolkit is by way of a virtual machine, a virtual computer running on an existing hardware computer system. A virtual machine can be set up using a software system such as VMWare, and NST can then be set up in either a live mode or fixed mode. Either virtual method carries with it the same benefits and shortcomings as their real counterparts, but is further incapable of monitoring wireless networks depending on the hardware where the virtual environment has been established. The benefit of using a virtual machine for running NST is that it can be configured to monitor not only the computer of the host machine, but also any other virtual machines running on that host, a method referred to as an inline tap. Many enterprise server software systems run on virtual machines to better allocate hardware resources, so NST can be used in this way to monitor and analyze a large array of virtual servers very easily.

Whichever method for installing or running the Network Security Toolkit is employed, much of its functionality cannot be fully utilized until it has been given a root password, at which point many of NST's services will start up. Once NST is up and running, it is capable of detailed network analysis, diagnostics, monitoring, and other security forensics using its suite of applications. Most of the applications are available through the WUI, where user can setup a terminal server, monitor serial ports, map computer hosts and services on a network, trace the paths data packets take from one host to another, and more. NST also provides visualization for much of this functionality with a geolocating feature that can pinpoint the physical locations of hosts anywhere in the world and display them on a Mercator World Map image or via Google Earth™.

You might also Like

Discuss this Article

Post your comments
Forgot password?