Identifying and Investigating Network-Bound Software in a Linux Server

In this article we will learn how to correlate open ports with software running in a Linux server and understand why this knowledge is critical to operating and maintaining a secure environment. When a server is compromised, the result is not always as rash as complete data loss. Often the hacker will use the compromised host to perpetrate his primary goal, which is maintaining anonymity. One method to achieve this is install and operate software which proxies network traffic. Due to this, the ability to generate a list of network-bound software and audit each is important.

This information is not limited to analyzing compromised or servers with security issues, as understanding what software running in your server that accepts input over the network (internet) is vital to keeping your server secure.

Network Mapping Software

After ssh'ing to our server as root, lets check which software is listening on tcp sockets.

# netstat -alntp | grep LIST
tcp 0 0 10.100.10.10:322 0.0.0.0:* LISTEN 9653/sshd
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 8118/mysqld
tcp 0 0 10.100.10.10:80 0.0.0.0:* LISTEN 5266/httpd
tcp 0 0 10.100.10.10:80 0.0.0.0:* LISTEN 15404/openvpn
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 10065/perl
tcp 0 0 10.100.10.10:18081 0.0.0.0:* LISTEN 5266/httpd
tcp 0 0 127.0.0.1:8118 0.0.0.0:* LISTEN 23952/privoxy
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 9301/exim4
tcp 0 0 127.0.0.1:9050 0.0.0.0:* LISTEN 9664/tor
#

Each row represents an open socket, possibly to the internet. The fourth column tell us the IP address and port on our server the software is listening for connections on. 0.0.0.0 means all IP addresses. If the server does not have a firewall, one can assume that packets from the internet will be processed by the software listening on the appropriate port. Even with a firewall, it is worthwhile to ensure that software is secure. This is because software firewalls can be disabled/malfunction and hardware firewalls can be removed from the network without notice. The last column is in the format X/Y. X is the process ID or PID of the network-bound software. Y represents the name of the running program (this "name" is controllable by the program itself, and thus cannot be relied upon to know what that program actually is). It is critical that you are able to correlate an open socket in your server with a program (PID) in your Linux server.

The first row tells us that "sshd" is running at PID 9653 and listening on IP address 10.100.10.10 port 322. This means tcp connections to 10.100.10.10 port 322 are handled by "sshd". We can see that "httpd" is listening on ports 80 and 18081. The first port makes sense, this is the default port for http traffic. Port 18081 is a little strange, as it is an uncommon port number. To verify the authenticity of PID 5266, we can start by running this command to determine the absolute path to the binary which is network bound:

# ls -al /proc/5266/exe
lrwxrwxrwx 1 root root 0 Jun 24 20:34 /proc/5266/exe -> /usr/sbin/httpd

This tells us "httpd" is actually /usr/sbin/httpd. This makes sense because this is the normal path and name of the Apache webserver in CentOS. To verify that /usr/sbin/httpd is the true Apache binary, we can run two RPM commands:

# rpm -qf /usr/sbin/httpd
httpd-2.2.3-31.el5.centos.2
# rpm -V httpd-2.2.3-31.el5.centos.2
S.5....T c /etc/httpd/conf/httpd.conf

The first command uses flags "-qf" to query a file; the output is the package which the file belongs to. We then use the "-V" flag to verify the authenticity of that package in the system. The output consists of any modified files. In this case, we learn that httpd.conf has been modified. This makes sense and is common, as the default apache configuration is not very useful for most organizations.

If /usr/sbin/httpd had been replaced with another binary, we see an immediate sign that the server could be compromised. We will simulate this by placing another binary in place of httpd.

# mv /usr/sbin/httpd /usr/sbin/httpd.real
# cp /bin/ls /usr/sbin/httpd
# rpm -V httpd-2.2.3-31.el5.centos.2
S.5....T c /etc/httpd/conf/httpd.conf
S.5....T /usr/sbin/httpd

In this case, /usr/sbin/httpd fails in three areas (periods represent passed tests):

S is the file size.
5 is the MD5 checksum of the file.
T is the modification time of the file.
We can see that it makes sense for /etc/httpd/conf/httpd.conf to fail S and T, since the file was modified (modification time and file size changed). A failed md5 checksum in this case tells us that /usr/sbin/httpd is not the file which Centos provided us with.

Going back to our netstat report, we find this open socket:

tcp 0 0 10.100.10.10:18081 0.0.0.0:* LISTEN 5266/httpd

We will now check out this "httpd":

# ls -al /proc/5266/exe
lrwxrwxrwx 1 root root 0 Jun 25 05:29 /proc/20424/exe -> /tmp/.var/lib/httpd

This is a rogue process, as "programs" should not be stored in /tmp in any normal Linux server. This file should not belong to any package, as rpm can verify for us:

#rpm -qf /tmp/.var/lib/httpd
file /tmp/.var/lib/httpd is not owned by any package

At this point, we know there is some insecurity in this server, as sockets are open by software which we did not install. Tracing the source of this rogue network program is another topic. Deleting the file may solve the immediate issue but rest assured the file and process will return without solving the underlying insecurity.

We should continue to audit each network bound process in our server. PIDs 23952 and 9664 are of particular interest based on the process names. Network connections can also be established via UDP sockets. To generate a list of udp ports bound to programs running in your server, we can use command:

# netstat -alnp | grep udp
udp 0 0 0.0.0.0:53 0.0.0.0:* 18443/dnscache
udp 0 0 10.100.1.100:53 0.0.0.0:* 19029/named

The same procedure in identifying the responsible binary via the PID can be used.

When provisioning a new server, it is critical to understand and research each open socket. Disabling unnecessary network bound software is critical in limiting the entry points to the server, thus increasing security. After we identify each piece of software which may be exploited, we should check the version and configuration of that software to ensure it is not vulnerable to any known security issues.

Identifying and Investigating Network-Bound Software in a Linux Server

Network Mapping Software

Free MLM Software In Network Marketing

You are probably sick and tired in pitching your Network Marketing opportunities to your prospects. So, it is about time you start marketing yourself in MLM. The best thing to do is to get a free MLM Software like Prosperity Central so you can grow your business with less effort is using this tool to generate leads for your Network Marketing business. I would recommend getting this Free MLM Software if you want to sponsor more reps into your primary Network Marketing opportunity.

Using this software can be an excellent tool that can benefit you that makes Prosperity Central gets you to take action with little efforts with the most cutting edge lead generation, presentation, team building, and back office tools that are available. Prosperity Central can change the way you market your Network Marketing business.

Network Mapping Software

So get ready to experience for yourself in the MLM industry just learning these tools by utilizing this free MLM software towards your advantage, You definitely want to stand out of the crowd and stop doing the marketing methods that are taught from your sponsor in your Multi-Level Marketing Company. Nonetheless, you can be in an excellent position to build your business from the ground floor.

Therefore, I would recommend in trying out the free MLM software with Prosperity Central for 30 days. No need to have your credit card to sign up using this software. The basic account doesn't charge you a monthly fee, but you can upgrade to paid membership to either professional or premier account for a low monthly fee. If this is the right fit implementing these Prosperity Central tools then I would encourage you to upgrade so you can grow your Network Marketing business online.

When you decided to sign up with Prosperity Central, you will have the advantage over other network marketers in the industry. It is having the capability to communicate effectively and fast. So if you are in a position to learn these tools that work for both new prospects and your own personal recruits in MLM, having this software that can get you to be one of the top producers in your primary business opportunity.

This unique software can give you excellent communication resources in the back office. Nonetheless, a great way of getting information and input in your business that you are trying to build on the internet.

Since you came across this article, then you are probably interesting in getting started in Network Marketing business without dealing with a boss and working 9-5 until the age of 65. It is ok if you have no experience in MLM, and you don't have to do it alone. So the Prosperity Central basic membership in using this free MLM Software that can overcome the most common struggles by most marketers that can get you up and running to build a downline in Network marketing.

This is an ideal opportunity to start from scratch in multi-level marketing and there shouldn't be any excuses to get to start your own home-based business. It would not hurt to take a look at the Prosperity Central Software, So I encourage you to get started and be an active member today!

Free MLM Software In Network Marketing

Network Mapping Software

MSP Software Can Streamline Your Network Management Tasks

MSP software is a must for all managed service providers. Managers who've this type of software program, can instantly access pertinent details about the networks they're monitoring. Whether or not you are monitoring a LAN network for a small company, or you are attempting to monitor the routers within a big enterprise, MSP software can make the process of monitoring networks seamless and extremely simple to handle overall.

Considering that the task of managing multiple networks is pretty much impossible to deal with for most network managers, this device is an absolute have to for most network managers currently. Network managers who utilize MSP software program can make their services much more efficient and successful by assessing the complications a network is facing in a quite simple manner.

Network Mapping Software

This type of software program can supply detailed specifics about a number of several aspects of a network as well. So, no matter whether you might be monitoring countless networks, or you're monitoring only 1 network, you'll be able to access detailed information and facts about the networks you are viewing with the click of a button once you have this sort of software in your possession.

By using MSP software program, it is easy to access data which will reveal the primary complications which are causing difficulties to arise inside your network. Whether or not you'll need to access specifics about individual computers in a network, or you need to simply assess the overall efficiency of an entire network, this kind of software program can provide the facts and tools you'll need to assess troubles and uncover the source of complications quickly.

This software can even automate the method of managing a network as well. This software can present notifications when a difficulty is about to arise within a network too. In this way, MSP software can help managed service providers stay clear of issues altogether, because the challenges could be fixed prior to they really cause a disruption within the communications of a network.

Network managers rely on all of these features, but among the most valuable functions provided by this kind of software is the remote access capability. This remote access capability permits network managers to access devices without having really being physically present at the location the devices reside in. By becoming able to remotely access devices, network managers can fix problems instantly and efficiently so that you can offer higher quality and far more efficient services to their clients.

Several network managers use these programs to monitor whole networks, but network managers can boost the quality of their services by also monitoring individual devices inside a network too. Various components inside networks often offer insufficient computing power to handle the tasks they are facing. When this type of problem arises within a network, a network manager can recommend the improvement of certain devices in order to improve the overall efficiency of an whole network.

Naturally, MSP software may be used in a great number of distinctive ways. In case you are a managed service provider, you'll want to undoubtedly look into how this software program can improve the quality of the services you offer to all of your clients.

MSP Software Can Streamline Your Network Management Tasks

Network Mapping Software

Network Monitor Software

Most Network monitor software offers combines package of asset management, Wide Area Network (WAN), WAN traffic analysis function, Local Area Network (LAN) and server. network monitoring software makes monitoring computer network an easy task. network monitor software automatically notifies network administrator when there is problem with network. According to recent research, some network monitor software can monitor and notifies almost anything about network related issues. It is very important for network administrator to have network monitor software installed as it is very useful when trying to solve network associated issues.

Proper network monitor software can identify future and present problems with the network. network monitor software is designed to monitor LAN and all network equipment components. It troubleshoots almost all network associated issues and also renders reports on network equipments component. network monitor software reduces unnecessary waste of time, allows the user to monitor network equipment component and notifies when failure occurs. Entire network can be managed from a central location. Users should consider his requirement of network monitoring before purchasing the software. network monitor software is used worldwide by network administrator, IT solution provider and system specialists.

Network Mapping Software

It continuously monitors internet servers, intranet servers, modems, database, routers, event logs and more for 24 hours a day, assuring that devices and networks are performing properly. Continuous monitoring of network helps detect the problems long before any serious problem occurs. network monitor software gathers data on remote machines with the help of Remote Registry service. When network monitor software detects network related problem, it automatically sends alert via pager, e-mail, SMS or network message. Some network monitor software supports WAP, that permits to check network status through WAP enabled cellular phone from anywhere in the world.

Most network monitor software can support Windows XP Home, Windows XP Professional, Windows 2000 Professional, Windows Server 2003, and Windows Server 2000. Some more advanced server can also support Linux.

Network Monitor Software

Network Mapping Software

Critical Path Mapping with Activity Network Diagrams

The activity network diagram is a method of displaying the timelines of all the various subtasks that are involved in any project. By doing this, the total task duration and the earliest and latest start and finish times for each task are also calculated and displayed. In addition to showing which subtasks are critical to on-time task completion, the activity network diagram can help determine where extra effort to speed a subtask will have the greatest payoff to overall speed.

The activity network diagram has had a relatively long history, dating back to the 1930s. In the 1950s, the technique emerged as the Program Evaluation Research Technique (PERT) and as the Critical Path Method (CPM). There are several ways to represent the output of the PERT/CPM process.

Network Mapping Software

The method called the activity-on-arrow or, more simply, the arrow diagram will be reviewed in this article. An arrow diagram treats numbered nodes as instantaneous stop/start points for activities. The activities themselves are considered to take place on the arrows connecting the nodes.

What can it do for you?

An activity network diagram can show you which activities or which series of activities is critical to the timing of a more complex collection of interactive activities. This can be very helpful in deciding where and when to apply extra energy to keep projects on time. Creating an activity network diagram is time-consuming, however, so you should consider these questions before you decide to create one:

1. Is the task a complex one with simultaneous paths that must be coordinated? Creating a diagram for a relatively simple task may be a waste of time.

2. Are the durations of the subtasks known with relative certainty? If the actual timing of events is markedly different from diagram times, it will have little value, and people will dismiss the diagram as a useless exercise.

3. Are the task and the timing of the task completion critical to the organization? The effort involved in creating a diagram should be applied to tasks that have little margin for timing error and have either serious consequences if completion of the overall task is delayed or large rewards if completion can be sped up.

Critical path mapping can be especially valuable in project bounding and in the measure and improve phases of the Lean Six Sigma methodology.

How do you do it?

1. Assemble the right team. The team must have either personal knowledge of the timing of all the subtasks involved or connection to that information. The team should include managers and other employees as close to the actual situation as possible.

2. Identify all of the subtasks necessary to complete the overall task. You might use brainstorming techniques or begin with a list of tasks from a previous project. Record the tasks so that you can rearrange them. A good way to do this is to write each job on the top half of a 3x5 card or Post-It(TM) note. (The bottom half of the card will be used for timing data later in the process.)

3. Put the activity cards in the sequence in which they must be performed to complete the overall task. To do this, create paths or strings of tasks that follow one after the other. These strings will often describe sequences of activities that occur in parallel with each other. After all the activities are in some string or path of activities, create the overall sequence by connecting the paths. These connections will show where jobs or tasks require input from parallel sequences before the next task can begin. Feel free to add new cards for missing tasks or to remove duplicates.

4. Assign time duration to each task or job. Write it on the bottom half of the card. Since you will be adding these times, keep the numbers consistent. For instance, do not have some cards showing days for completion, some showing hours and some showing minutes. Select the Lowest Common Denominator.

5. Calculate the shortest possible time within which the overall task can be completed by adding the times of each subtask to find the path of the longest cumulative duration. This is the critical path. Knowing the critical path is important because this will tell if the time objectives of the project are attainable. The critical path identifies those jobs or tasks that have no slack. Each must be done on time if the project is to stay on schedule. The critical path also identifies targets for improvement to increase speed. (If tasks on the critical path can be sped up, the overall time to complete the project may be able to be shortened. Remember, however, that if a task on the critical path is sped up, a different path may become the critical path.)

6. Calculate the earliest starting and finishing times and the latest starting and finishing times for each job or subtask in the project. Begin at the start of the diagram. The earliest start time for each job is the cumulative duration of all the previous jobs on that path. The earliest finish time is the earliest start time plus the duration of that task. Repeat this process for each job on each path until you reach the finish point. Next calculate the latest start and finish times. Begin with the earliest finish time at the end of the diagram.

To calculate the slack time for any job or task, subtract the earliest start time from the latest start time. All of the jobs on the critical path, by definition, will have zero slack time. Remember that slack time is dependent on the time of completion of the previous job or task. If some of the slack time in a path other than the critical path is used in an early task, the slack times for the remaining tasks in that path will each be reduced by that amount.)

Note: A dummy is an extra node symbol used to clarify an activity network diagram if one node has more than one job or task feeding into it from one other node. Since the diagram cannot show two activities coming from one node and going to another, a dummy node is created, with zero as the job duration shown on the arrow connecting them.

Review the completed activity network diagram with the people who will be doing the work described by it. Consider any feedback. Expand or modify the diagram as necessary to fit the actual situation.

Now what?

As a tool, the activity network diagram is like a time-map of any time-sensitive project. As you are proceeding down the paths of the project, the map will help keep you on track. If you should falter or wander off the path, the map can be used to help get you back on the critical path. This description of the activity network diagram will help you to manually calculate and construct a process map.

Automated tools, such as SigmaFlow, are also available. SigmaFlow produces other valuable scheduling information, as well. Computer scheduling programs like SigmaFlow are able to easily deal with complex processes, recalculating times whenever you modify the data.

A critical path map can help uncover opportunities for increasing speed. Used in this fashion, critical path mapping is another tool to make the Lean Six Sigma method work smoothly. It is important to remember, however, that these diagrams, whether produced manually or by computer, are not intended to drive you, but to signal you if something is wrong.

Critical Path Mapping with Activity Network Diagrams

Network Mapping Software

Network Marketing Software - Software for MLM System

Network marketing requires constant interactions with people. These people are not just those that are members of your marketing team, but including your potential and actual prospects or customers.

Driving people to your business is the primary task of a network entrepreneur as they are the ones who will bring profits to your business. When you are just thinking of the wide of scope of the internet, you can certainly think that driving people to your business is not that difficult. However, if you lack knowledge regarding the new tools and strategies in marketing venture, it would be difficult for you to apply and implement these tools and strategies.

Network Mapping Software

The various strategies of this marketing business are supported by network marketing software. The software is a collection of tools that can help marketers in implementing strategies. It involves features that can drive people that can be your prospects or even your actual customers automatically, referred as the traffic system.

The traffic system of network marketing software does not only focus on prospecting or inviting people to become part of your business, but also presents the opportunity to various people in the world via the internet. The system can also help in updating prospects, as it is difficult for them to trust a business immediately.

Network marketing software can automatically resend updates and e-mails to various customers even in faraway places. The automated features of the software is a great help for online marketing entrepreneurs as they will not need to manually send updates and interact with their customers constantly. Using this kind of software truly saves time and effort, thus marketers will be able to have more time in monitoring the other aspects of the business.

Network Marketing Software - Software for MLM System

Network Mapping Software

Network Monitoring Software: Architecture Considerations

The enterprise IT environment is continuing to experience significant changes. An organization's network monitoring software solution has to be capable of supporting future requirements, whether it is growth in the volume of monitored components, new custom applications/devices that need to be monitored, or different use models. If you are in the midst of considering an upgrade from your open-source or point monitoring tools, or replacing an inflexible legacy solution, make sure whatever solution you are evaluating is scalable, open and extensible to ensure that it is future-proof.

A key limitation of traditional network management systems is the existence of a centralized database for processing of performance data. Even if the collection of data is managed by distributed components, the solutions invariably require centralization of the data for processing and alert generation. For large infrastructures, this introduces a significant performance bottleneck. The multiplier effect of the amount of data that needs to be processed as new devices are added is enormous.

Network Mapping Software

Capturing and processing these metrics in a single centralized database will put immense pressure on the overall application, creating a significant bottleneck. A key consideration in a replacement solution is whether it is based on a distributed architecture that does not have centralized database bottlenecks. For example, some solutions will have both distributed collection capability and a distributed database architecture. In these solutions, individual data gathering components will often have small local databases that are able to process tens of thousands of metrics every few minutes to generate alarms as needed, and also store the data locally for multiple years. Monitoring consoles receive notifications as they occur, and are able to retrieve performance data from these separate databases when needed for analysis and reporting. No sophisticated database scaling or specialized database administration expertise is required for these systems.

A next generation network performance monitoring software system also has to support different points of integration depending on the stage of the service management lifecycle, whether it be configuration of devices and tests, establishing user privileges, capturing performance data from custom applications/systems, initiating actions/notifications in external ticketing systems, or displaying performance data on external portals. In many modern data center environments, the monitoring software has to be capable of accepting performance data feeds from custom applications. This could also include processing syslogs and event logs generated by applications. Certain events generated by the network monitoring system may require initiating an action or process in some external system (e.g. ticketing).

All of these requirements need to be supported via flexible, open APIs and plug-in frameworks within the monitoring system. Make sure your replacement solution exposes a rich set of two-way APIs and open extensibility for integrating with existing systems or technology. The API and external feeds need to provide interface points to either import or export data throughout the IT environment. Ensure that the API supports standard technology, such as Web Services, Java, Perl and C, and allows provisioning and updating users, devices and tests (see solution example).

Network Monitoring Software: Architecture Considerations

Network Mapping Software