Toolsets and Resources

Introduction
Lab Environments
Free Virtual Environments
Linux Operating Systems
Network Security Monitoring & Intrusion Detection System Tools
Network Mapping, Discovery, & Assessment Tools
Reconaissance
Vulnerability Assessment and Penetration Testing Tools
Threat Modeling Tools & Resources
Cloud Security References and Resources
Writing and Reports
Cryptography

Introduction

This is a curated list of tools and tips for students in the National University MS and BS Cybersecurity Programs.

Lab Environments

Infosec Learning Labs
NICE Challenges
National Cyber League
ITPro.tv
Immersive Labs

Free Virtual Environments

As a supplemental resource to the commercial CSIA labs that will be used for most courses, the following VM tools may be used, which allows local system setup and configuration for students to practice with toolsets. NOTE – most CSIA course assignments require the use of a hosted lab environment, where student activity is reported to the instructor; therefore, unless specifically given permission by an instructor to use a personal VM for an assignment, the options listed below are for students’ convenience only, to practice using the tools.

VMWare Player - also available through the NU SSO Portal using the VMWare chiclet/link
Oracle Virtual Box

In addition, students have access to free and low cost software through the NU SSO Portal, using the "VMware" chiclet or the "Microsoft Imagine" chiclet. On the VMware site, you can obtain WMware Workstation (current full version) for Windows or VMware Fusion for Mac-OS, to install a hosted VM platform; as well as vCenter Server (bare-metal VM platform) and vSphere (web-based workstation/client).

Linux Operating Systems

Debian Linux

Fedora Linux Workstation

Fedora Linux Server

Ubuntu Linux

Debian Documentation

Debian User Forums - Caution: you may get an "insecure website" warning.

Using the Terminal

There are some Linux commands you should learn and become familiar with, but first, some background and syntax used in many lab assignments: When you open a Terminal (text prompt) session in Linux, you will see something similar to the following command prompt, which indicates logged-in user, the system name, and the current directory (in this case, “~” indicates the student’s Home directory): [student@fedora ~] $ █
{The cursor will be black on a light color background or white on a black background and it will blink} In the lab instructions, when you see a pound-sign “#” (aka hash mark), that indicates a comment and not part of the actual command; however, the particular comment may be telling you to enter a specific command, which would be entered immediately after the “$” (as in the sample command prompt above). A comment can be entered on the same line as a command, after the full command and options/parameters are entered; the system will not execute anything after the “#” comment symbol. This is useful in documenting scripts. Now, the Linux commands you should research and learn to use for the labs (with comments):
$ su # this will let you change from the current logged in user to a different user; such as ‘Root’; however, you must know the other user’s password $ sudo # or a similar command option (next line)
$ sudo -i # these two let you issue a command with Admin rights; and you will be prompted to enter your login password
$ chmod # modifies permissions to a folder/directory or file
$ chown # changes ownership of a folder/directory or file
$ ifconfig # lists the local network adapters and their settings; the most common option is ‘-a’ (for “all”)
$ ls # lists the files/folders within the current directory/folder the first character is lower-case “L” not the number one
As other common commands are developed for the various lab assignments, they will be added to the section above.

Network Security Monitoring & Intrusion Detection System Tools

Security Onion
Bro IDS
Sguil: The Analyst Console for Network Security Monitoring
Snorby
SOF-ELK® VM Distribution
Rock NSM
Suricata IDS/NSM engine
Wireshark
Network Miner
CapLoader
SplitCap
How to: Split large packet captures with tcpdump

EBooks available in the NU Library (Login required)

Network Intrusion Analysis: Methodologies, Tools and Techniques for Incident Analysis and Response; Fichera, Joe and Bolt, Steven; 2013
Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems; Sanders, Chris; 2007
Snort 2.0 Intrusion Detection; Beale, Jay / Caswell, Brian / Foster, James C. / Posluns, Jeffrey; 2003
Network Flow Analysis; Lucas, Michael; 2010