With the seemingly endless number of security products, utilities and information sites available today the thought of putting together a set of tools to perform routine security tasks might seem daunting. It can be, but it doesn’t have to be. Over the next few entries I am going to walk through how someone would put together a security tool chest that can be used for almost all day to day security needs.
What is a Live CD?
The first step is ensuring we have a solid foundation to build upon. There is no question a UNIX based operating system lends itself to being a better choice in the security space. Luckily over the past decade “Live CD” have been created and evolved. A Live CD is an entire operating system that can be run directly off the distribution media. Simply insert the CD or DVD, configure the machines BIOS to boot from the removable drive before the hard disk and within a few seconds your Live CD distro will be up and running!
So why use a LiveCD as our base? Well over the past decade they have evolved from simple bare operating system environments into complete systems filled with numerous useful tools. From a security perspective there are now two clear choices in choosing a particular distro: Backtrack 3 and Helix3. However, they both fulfill different roles and needs.
Backtrack 3 - All-inclusive Pentest Distro
Backtrack 3 is the third iteration of the Backtrack distribution which came out of the merging of two other security tools focused LiveCD distros. Backtrack 3 is now the premier penetration testing LiveCD available. It contains over 300 modern security tools focused on penetration testing and uses Slackware Linux as its base operating system. One would be hard pressed to find an open source pen-testing utility that is not included in this distro. I will be covering the major tools included in Backtrack 3 in later posts. So stay tuned!
Helix 3 - Uncovering that lost information
Now it may sound like Backtrack 3 is all a security professional would ever need. Not true! Just as important to pen-testing and information recon is the ability to respond when an incident has occurred. For this, we turn to Helix 3. Released less than one month ago, Helix 3 represents the best open source forensics and incident response toolkit available. Based on the Ubuntu Linux as a base operating system, Helix 3 has had many of its utilities specially modified to ensure the host computer is not altered in any way. Thus allowing security professionals and forensic investigators the ability to preserve the chain of custody of any evidence uncovered.
With these two LiveCDs in hand you are well on your way to having all the tools necessary for any security problems that us professionals run into in our daily roles.
My next post will be covering information gathering and the sites and tools that allow security professionals to dig up all forms of interesting information.
Links:
Backtrack 3 - http://www.remote-exploit.org/backtrack.html
Helix3 - http://www.e-fense.com/helix/
Remember Me