Tip

Using BackTrack to check for Linux vulnerabilities

Whether you've used the Bastille UNIX tool, hardened your Linux systems manually or just want to get a good snapshot of where your systems currently stand, you have to check out BackTrack. It's a Slackware Linux-based distribution that's ready to run via a bootable CD or virtual machine image (VMI). Officially in its third version (fourth if it you count the latest pre-release), BackTrack Linux is chock full of handy security tools for poking and prodding to bring out the worst in your Linux systems. In the spirit of ethical hacking, BackTrack integrates this common security testing methodology:


Figure 1 - BackTrack's security testing method (Click image to enlarge)

BackTrack contains niche security tools that would otherwise be a real pain to download, compile and install. Whether you're a Linux pro or just getting started, it's hard to argue against being able to download a fully-functional version of Linux with most, or maybe all, the security testing tools you'd want to use. BackTrack's main interface is shown in the following screenshot:

    Requires Free Membership to View


Figure 2 - BackTrack desktop and security tool categories (Click image to enlarge)

A typical security assessment scenario that used BackTrack to test internal Linux systems could consist of the following:

  1. Use fping to identify live hosts
  2. Use nmap to identify the operating system and detect open ports
  3. Use amap to identify running applications
  4. Use SAINT to seek out vulnerabilities in the operating system (OS)
  5. Use Metasploit to exploit OS and application vulnerabilities

The Linux-centric possibilities are endless. Furthermore, BackTrack has an extensive set of database, Web and wireless tools for finding and exploiting flaws in systems outside of the Linux realm. It even includes built-in HTTP, TFTP, SSH and VNC services that'll be necessary during your vulnerability identification and analysis. And if you ever have such a need, BackTrack also incorporates digital forensics tools. Playing around with tools like Autopsy and Sleuthkit, in fact, are great for "backing into" hacking techniques to further sharpen your security skills.

I've always been a proponent of using good commercial security testing tools, but you may no longer have that option these days. The BackTrack tools, in reality, aren't just "good enough" -- they're actually truly good, especially if fancy reporting and ongoing vulnerability management are not a top priority for you. I'm going to continue using commercial tools in my security assessments, but you can bet that my BackTrack virtual machine is going to be loaded and ready to roll for those niche tools we just can't find anywhere else.

ABOUT THE AUTHOR: Kevin Beaver is an information security consultant, keynote speaker, and expert witness with Atlanta-based Principle Logic, LLC. Kevin specializes in performing independent security assessments. Kevin has authored/co-authored seven books on information security including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley). He's also the creator of the Security On Wheels information security audio books and blog providing security learning for IT professionals on the go. Kevin can be reached at kbeaver@principlelogic.com.
 

This was first published in November 2009

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.