X hits on this document

144 views

0 shares

0 downloads

0 comments

23 / 47

Orion Incident Response Live CD 2

True to its roots, the Citadel server still has a completely functional command line interface reminiscent of the bulletin board systems (BBS). The citadel command initiates this text-based interface.

alpha@orion:~/$ citadel Citadel 7.37 Orion

This system is soley for use by authorized users for official purposes. Users have no expectation of privacy. Use of this system constitutes consent to monitoring, retrieval, and disclosure of any information stored within for any purpose including criminal prosecution.

Enter your name: alpha Please enter your password:

Lobby> Who is online User Name

Room

Idle

From host

------------------------- ------------------- ---- -------------------- alpha Lobby orion -----------------------------------------------------------------------

Lobby> Chat Entering chat mode (type /quit to exit, /help for other cmds)

Figure 17: Citadel’s old school interface

Finally, Citadel can speak standard Internet protocols such as Simple Mail Transfer Protocol (SMTP), Internet Message Access Protocol (IMAP), and Extensible Messaging Presence Protocol (XMPP) – sometimes referred to as the “Jabber protocol.” With this capability, team members can use email and chat clients of their choice.

The ability to access the Citadel server information from three different interfaces (web- based, text-based, and native protocol) allows the team members to communicate in whatever form is available, convenient, and desired for them at the time. Orion secures these communication channels via SSH encrypted tunnels between responder systems. The Orion default firewall configuration only allows SSH traffic, so connections to the Citadel services must be authenticated and encrypted from remote systems. In practice, the SSH tunnels to these services can also be created from other systems – such as the Windows 7 client used to take the screen shots in this paper.

John Jarocki, john.jarocki@gmail.com

Document info
Document views144
Page views145
Page last viewedThu Dec 08 00:21:30 UTC 2016
Pages47
Paragraphs864
Words8806

Comments