For anyone interested in carrying out penetration testing, security audits or other forms of network security self assessment, Backtrack has long been the operating system of choice.
Backtrack is a Linux distribution which has been slightly modified to fine tune how it runs various tools used for penetration testing. Booting into Backtrack gives you an environment that is fine tuned for each application and there are examples of pretty much every penetration testing / vulnerability assessment / security audit tool you can think of. These range from the popular and very generally useful ones (nmap, wireshark, metasploit) to some more specialist tools (such as hydra for attacking network logons and the Browser Exploitation Framework).
Backtrack is now at version 5 and you can download it for free, allowing you to (with some practice) run a whole host of scans against your own network. This can be invaluable when it comes to determining what risks you face and, more importantly, for assuring the quality of the security controls.
If you have more than a few systems on your network, then porting Backtrack onto a USB stick gives you superb flexibility for testing and, with Backtrack 5, this is fairly easy to do. There is a detailed “how-to” available and all you really need is a 16Gb USB drive & a bootable copy of Backtrack.
However, there are a couple of warning points you must consider before you rush headlong into auditing your own networks:
- Only ever carry out tests against systems you own, or which the owner has given you written permission. Anything else is illegal and unethical. If you get caught testing someone else’s system in this manner you face prison sentences and are unlikely to ever be given a job in security. No matter what you think your relationship with your employer (or friend or whoever) is like, you must get written permission.
- Testing can take out your system. If you are using this to practice your skills, make sure you test against something where it doesnt matter if you permanently break everything. Slight mistakes with some of the payloads available can bring down your network. For learning purposes it is much, much, better to set up a VLAN or collection of virtual machines and practice against them. Then if it goes wrong, you can just reboot and carry on.
- An audit is only as good as the auditors. If you are confident enough with Backtrack that you want to self-audit then great. But keep in mind that while any findings you may have are good indicators they do not compare with the detailed report and quality of testing that a professional company can give you. If you really want to check your system then you really need to bring in a penetration testing team.
Other than that have fun!