Security Toolkit?

Re: Security Toolkit?

BT4 is very nice to work with, like Thorn said, the De-ICE stuff is amazing. I'm going through the first disc right now.

I'll add Foundstone into the mix as well: http://www.foundstone.com/us/resources-free-tools.asp They have a bunch of nice objectives to hack (Hackme Travel, Books, etc)

Re: Security Toolkit?

As far as using BTx for pentesting, I truly could not agree more. That being said, it often does take some modification, be it to the live cd, or to your hardware to get it as close to perfect for an individual's needs. It is the broadsword of utility collections. On that same note, no one has brought up the issue of hardware. Sure these days with drivers, a laptop is a laptop and a netbook is a netbook, but depending on the setting in which you plan to explore your horizons, the gear can make a huge difference. A stock wifi card in your Macbook vs an amplified USB card with a nearly unlimited combination of N-type or RP-SMA antennae, or a router targeted towards home use vs what you would find in a corporate environment just as a couple of examples.

Sir, I must protest. For my distro surely must be the superior of those in question.

Re: Security Toolkit?

For penetration testing Back Track is the Linux distro of choice. That said, the best stance you can take when it come to OSS, is to be above the politics; because there is quite a lot. OSS is a lot like the Democratic Party, yes they are all democrats, but there is a lot of disagreement about the issues.

An OS is a tool, nothing more. Linux is free, but try playing a blueray movie with it. Opensuse plays well with Windows, and apparently that is a fault. If you are in Europe Opensuse is cool, in American Ubuntu is cool; go figure.

Some people are just so zealous about OSS, it is like another poster mentioned, almost religious. It's best to stay objective, and use the right tool for the job. Whatever that tool might be.

xor

Ps My distro is better than yours

Re: Security Toolkit?

I think the distribution choice depends on why you are making the move to Linux. Everyone has their favorite distro (and to some it's like a religion). It's hard to say what is the "best" distro. The best distro is the one that meets your needs. I will suggest a few, but there are plenty of really great Linux distros.

If it is a second machine and you really want to learn the ins-and-outs of a Linux operating system I would suggest Gentoo. Gentoo is difficult, and even the well versed Linux users can pull their hair out trying to get it to work. However, when you are done you can truly say you understand the software.

If you want an operating system that just works out of the box, I really think Mandriva is a great distribution for Linux newbies and old-timers alike. There is a little blasphemy in Mandriva One to the free software "elite", but they'll still respect you more than if you were using Ubuntu.

Mandriva One has proprietary drivers and windows drivers that work on installation. With Mac hardware, there may be no open source alternative. It has an option to partition the hard drive and install Grub on its own if you prefer to dual boot with two operating systems.
It just works out of the box. There is something to be said for that.

It is based off of the old Mandrake software (that was based off of Red Hat), so you have the rpm package manager. There are better out there (Gentoo's Portage is my favorite), but the Mandriva package manager just works out of the box too. You can go in the settings and open up more repositories (which I suggest), and there is a bunch of software to choose from. (FYI, the Tor onion router is a wise choice)

The firewall catches things like possible click-jacking and port scanning. You can set it to automatically blacklist anyone that scans your ports. (If you renumber away from standard ports first, it helps with security). It isn't on the radar too heavily, being a French owned
operating system, and you will be less likely to be exploited than a more common OS like Ubuntu.

So to sum up, my suggestion would be:

Gentoo - If you dedicate a system to it and want to play around.
Mandriva - If you want it to be your main computer.

Re: Security Toolkit?

Thanks guys, awesome info so far! I definitely did not know about the De-ICE stuff, and although I'd heard of BackTrack I had totally forgotten about it. I think someone in my class had mentioned Nessus. I will have to check all of this stuff out!

Re: Security Toolkit?

Get BackTrack 4 like streaker suggested.


Discussion of security tools and their various advantages and disadvantages is fine. The "teach me to hack" posts that we specifically exclude are the skriddie posts of "Teach me to hax0r the local bank!"

One thing you might want to consider doing is setting up an isolated test LAN, and using the De-ICE sets. The De-ICE sets are designed to be broken into, using BackTrack.

http://heorot.net/livecds/
http://forums.heorot.net/

Re: Security Toolkit?

1. Well wait–what can Gilligan here do?
2. Gilligan is actually Fred. And he can order pizza like nobody’s business.
3. Hey! Well…you gotta eat, right?

xor

Re: Security Toolkit?

No problem. I got your back, but you'll have to order pizza's again at Shmoo.

Re: Security Toolkit?

I've yet to sip my liquid life(coffee) yet, I guess I need to do that. :-)

xor

Re: Security Toolkit?

It's 1pm, do you know where your brain is?

Re: Security Toolkit?

I didn't see SNORT mentioned. Also, look into Microsoft subscription services. Great way to save money, and get legit, clean copies of Microsoft OS'es do to work on.

xor

Re: Security Toolkit?

Did you download BackTrack4 yet? I believe it contains most of the stuff you've mentioned. May also want to get the Helix Live disk too.

Nessus is a good one to have as well, you can get a home license for free, otherwise it costs $1200/year.

Re: Security Toolkit?

xor, thanks, but I already know about that site. I'm looking more for what people here really think of these tools and others.

Re: Security Toolkit?

http://sectools.org/

It's Sunday & early.

xor