.

Using BackTrack4 as your Everyday O/S

<<

MindOverMatter

Jr. Member
Jr. Member

Posts: 62

Joined: Wed Oct 27, 2010 7:57 pm

Post Wed Nov 10, 2010 3:35 am

Using BackTrack4 as your Everyday O/S

I know this topic has been beaten to death all over, from the google searches I did, but here it is again 11/10/10 in EH-Net...

So, I'm really tired of wondering about what every connection is, doing netstat commands in Win7, no matter what firewall or ports I have blocked, services down, pathches,  registry mods etc...

Always something makes me wonder what is that and why.. Then I waste too much darn time researching it to no end.  Maybe my paranoia level has raised now that I post on Ethical Hacking message boards, lol I dunno…

So, I know it's purpose is as a pen-testing tool, but now that it's run on Ubuntu, it really is a solid O/S that detects all my HW with no problem.  It also has a lot of extra goodies already installed for us that are interested in the world of Ethical Hacking, Pen-Testing, Security Auditing, research etc.  So, if I just create a non Root user(s) for everyday use and sudo the essentials, setup some IPTables/Chains, maybe a good dose of SNORT… Would this help make a good every day O/S, tha’ts more ‘hacker-proof’?

Another option is to go with the latest Unbuntu (or your fave flave) and secure it down as best possible and use the tools you most like (although the preconfigured array of BT4 is vast).

So, essentially my question is, what is most secure for I, the end-user who just really browses sites to find information, uses Word here and there, needs to have readily available pentesting tools for my education, research, work etc.
“Out of the box” is BT4 more secure than Windows with it’s firewall or Comodo etc..  ?

Does having all these tool on BT4 make it more of a risk because they are somehow more succeptible to other hackers trying to take over the system (even if I have a separate non-root logon)? 

What about throwing Ubuntu into this vs Win7, given the fact that it doesn’t come with pentesting tools (other than linux CLI tools)..

I know there is no such thing as an remotely unhackable sytem other than just taking out the Wireless NIC and / or NIC, but I’m just not getting piece of mind with Windows 7 anymore and auditing its every log lately is taking its toll.. I don’t even download stuff anymore other than tools..

Please advise…

- Hacker that doesn't want to get Hacked or just MOM ;)
A+, Network+, Security+, CIW Associate, CCNA, C|EH
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Wed Nov 10, 2010 9:33 am

Re: Using BackTrack4 as your Everyday O/S

From an end-user perspective, a client side attack is the most likely cause of any breach. And while your host OS does play a factor in this, the biggest culprits of client-side attacks is individual pieces of software. Client-side attacks, though, are not successful solely because of the software you're running. They are more a product of social engineering and human behavior.

Now, I am a big proponent of Linux for home use and Ubuntu more specifically. But, if you are thinking that changing OS will stop any attacks on your home computer, you're missing a big piece of the puzzle...
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

Grendel

User avatar

Full Member
Full Member

Posts: 246

Joined: Thu Aug 28, 2008 8:48 am

Location: Colorado Springs, CO

Post Wed Nov 10, 2010 9:51 am

Re: Using BackTrack4 as your Everyday O/S

I enjoy the convenience of having all the hacker tools pre-compiled and installed in one location, but always advise to *not* use BT as a production system.

1) It's bloated with apps, which increase risks to the system
2) I'm paranoid and don't trust others to compile my apps

If all you are doing is browsing and email, BT 4 is overkill... And so would be Win7. Buy an iPod touch or iPad. Even if you want to play with hacker tools, the Touch and iPad still fit your requirements.
- Thomas Wilhelm, MSCS MSM
ISSMP CISSP SCSECA SCNA IEM

Web Site:
  • http://HackingDojo.com
Author:
  • Professional Penetration Testing
  • Ninja Hacking
  • Penetration Tester's Open Source Toolkit
  • Metasploit Toolkit for Penetration Testing
  • Netcat Power Tools
<<

Xen

User avatar

Sr. Member
Sr. Member

Posts: 386

Joined: Tue Feb 03, 2009 3:59 am

Post Wed Nov 10, 2010 10:11 am

Re: Using BackTrack4 as your Everyday O/S

I use OpenSUSE for my home computer and am quite satisfied with it. There's just something about compiling the tools on your own which Backtrack can't offer :P
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Wed Nov 10, 2010 1:13 pm

Re: Using BackTrack4 as your Everyday O/S

BT4 would be over kill...

At home, I'm running Debian testing (maybe you've heard of it, Ubuntu is based off it).  I have Virtual Box running on top of it. For when I need to do the fun stuff.

It  works well. There is a little more work than with Ubuntu for some things... but well worth it.
OSWP, Sec+
<<

MindOverMatter

Jr. Member
Jr. Member

Posts: 62

Joined: Wed Oct 27, 2010 7:57 pm

Post Wed Nov 10, 2010 2:47 pm

Re: Using BackTrack4 as your Everyday O/S

Thanks to all for your great responses!  After thinking I do have to agree that BT everyday is definitely overkill.

I was running Ubuntu 10 off usb last night and was very impressed, it is super fast.  I think I'm going to run it as it has everything I need out of the box (comparing it to Windows), such as Office and the ability to get all the my favorite pen-testing apps, instead of having a dozen I may not use on BT.

I have OpenSuse as well, ran it for a while, but since BT4 is Ununtu based now I figure the slight differences at the CLI will be more useful to get used to.

I understand the social engineering and human behavior are a huge part in possible attacks on home systems, just don't see how it would fit in my particular situation.  I know nothing will completely secure you, but it's nice to have as much control of things from your own side as possible.

I have an android phone I like, but would never consider anything a replacement to a large monitor, keyboard and mouse.

I guess my next steps would be to lock down my linux distro as best as possible and just enjoy.
Last edited by MindOverMatter on Wed Nov 10, 2010 3:03 pm, edited 1 time in total.
A+, Network+, Security+, CIW Associate, CCNA, C|EH
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Wed Nov 10, 2010 3:11 pm

Re: Using BackTrack4 as your Everyday O/S

My point about social engineering/human behavior is this:

On most "home" networks you are not actually serving anything (at least in the typical home user). Therefore, you can block any unsolicited traffic coming into your network. That effectively blocks pretty much any attack other than client-side attacks. Most client-side attacks are dependent on you clicking a link, opening a file, etc. etc.

Another option is to go with the latest Unbuntu (or your fave flave) and secure it down as best possible


By this statement, I am assuming that you make it a practice to secure your OS. If you are blocking any unsolicited external traffic and you have hardened your OS, you are not gaining much in the way of security by using a distro of Linux. A hardened version of Windows 7 without any ports open is on a fairly even stance to a hardened version of Linux without any ports open from a security standpoint.

Now...there are many other great reasons to switch to Linux...

For instance, I think hardening a Linux host is much simpler than hardening Windows...
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

MindOverMatter

Jr. Member
Jr. Member

Posts: 62

Joined: Wed Oct 27, 2010 7:57 pm

Post Wed Nov 10, 2010 7:56 pm

Re: Using BackTrack4 as your Everyday O/S

I definitely agree with what you're saying, however posting on boards such as this one, you never know when a comment of opinion could rub someone with much higher skills than yourself the wrong way.  Not that it would warrant an intellegent hacker to waste their time on something like that..

I definitely (well lately at least) am making it a practice to secure and harden my personal workstations, especially given the nature of my current studies and aspirations.  I have to practice what I preach.

You would definitely know more about Linux than I, given your certifications and experience, so I can't make an arguement that you can lock down Ubuntu or any Linux distro better than Windows 7. 

However, I do know that Windows can be a lil.. Well lol.. There are something that no matter how hard you try to shut down or disable, you just can't.  For instance RPC, which is dependent on DCOM etc etc.. I guess what I mean is I figure Linux will give you much more granularity as how deeply you want to secure your system, without it affecting every this or that proccess.

Aside from really messing around with the registry (which is never a guarantee something else won't mess up), I find I can only have so much control over Windows..

All aside though, I know it will definitely be very beneficial to concentrate on Linux as I've devoted enough of my life to Windoze.. Especially in the Information Security world.  After being an IOS CLI junkie the last 6 months, I need some more CLI, so this will be good to help round out my skills too.

I know for Linux there are a million great documents online, I currently have the SuSe and Ubuntu Linux Tool Box books (but will be going through the Ubuntu one).  Other than IP Tables and Snort, what do you recommend as you said hardening a Linux host is much simpler than Windows..

Thanks again for the great feed back!
A+, Network+, Security+, CIW Associate, CCNA, C|EH
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Thu Nov 11, 2010 10:22 am

Re: Using BackTrack4 as your Everyday O/S

O'Reilly has a great cookbook for Linux hardening titled "Linux Security Cookbook." Also check out "Practical Unix and Internet Security." It's a bit older, but its still a great resource.

You and I, I think, are saying the same thing...just in different ways. I'm no Windows expert, but yes I think you have less granularity in your controls. That's one of the advantages to Linux that I almost included in my previous post is that you have much more control over how the OS operates. I think the main advantage, though, is the open source nature. There are tons of people out there willing to help and developing some pretty cool tools. With open source, you can get in the nitty gritty details....

Anyway, if there's anything I can help you with as you get your Linux host up, feel free to send me a PM.
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

MindOverMatter

Jr. Member
Jr. Member

Posts: 62

Joined: Wed Oct 27, 2010 7:57 pm

Post Thu Nov 11, 2010 11:49 am

Re: Using BackTrack4 as your Everyday O/S

Thanks ziggy!  I'll definitely check out those books, I have the NMAP Cookbook coming soon, so I suppose it's a good series.

I appreciate the offer of help through a PM, I will when I get there :)
A+, Network+, Security+, CIW Associate, CCNA, C|EH
<<

mallaigh

User avatar

Jr. Member
Jr. Member

Posts: 65

Joined: Fri Jul 16, 2010 12:36 am

Post Fri Nov 12, 2010 5:47 pm

Re: Using BackTrack4 as your Everyday O/S

I admin Windows, Mac, and Linux (BSD/Unix too) machines professionally and at home, I agree that Linux is easier to harden in many extents.  There are some decent tools built into Windows to help harden it a bit, but a lot of stuff is buried deep in their labyrinth like menus.  At the same time, you can't really rely on Windows Firewall and many users skip/disable some fairly simple options for helping secure their computers.

I have mixed feelings about Macs.  I've read and seen some things that made me realize that Apple isn't as secure as their marketing hype and hand waving wants you to think.  At the same time, they aren't commonly targeted for attacks.  But, I have seen Safari (on a Mac) get hijacked by drive-by-downloads more than once to make me laugh at their "virus free" marketing.

Linux is great.  Many distros come with iptables installed, but not enabled or with a blank configuration.  Its great practice for EH.net'ers to write our own firewalls, but this is something an average user isn't going to do.  All in all, most distros are great for the end user out of the box, but I wouldn't stick with the default install for a production/internet facing server.  

With that said, to address your original question: I personally wouldn't use BackTrack for a workstation.  If you want to run a Unix/Linux, I would recommend going with *pick your favorite flavor* (Ubuntu, CentOS, Debian, OpenSUSE, PCBSD.....).  Once you do that, learn how to harden that distro and apply what you learn to other distros.  If you don't mind working in Windows as the host OS, why not read up on some of MSCE security stuff.  I'm not saying "study for the MSCE" (unless you want to), but it wouldn't hurt to have some the knowledge on how to harden Windows.  Learning about to harden *pick any operating system* will also help you learn about some commonly overlooked things that would help with privilege escalation (Windows administrator accounts without a password for the win). 
Last edited by mallaigh on Fri Nov 12, 2010 5:55 pm, edited 1 time in total.
<<

MindOverMatter

Jr. Member
Jr. Member

Posts: 62

Joined: Wed Oct 27, 2010 7:57 pm

Post Fri Nov 12, 2010 6:08 pm

Re: Using BackTrack4 as your Everyday O/S

Thanks mallaigh, your post was very helpful and I have to agree.

I am in the process of converting to openSuse (was first thinking Ubuntu), but have the physical media for it from a while ago.  I am going to have to work on locking it down best as possible, but of course this is not only going to help with the machines security, but the learning experience in itself.

I like how you mentioned to use your Windows security knowledge and port it over to whatever distro.  I know you mean in a more general and conceptual way, but it does make perfect sense in the realms applicable.
A+, Network+, Security+, CIW Associate, CCNA, C|EH
<<

mallaigh

User avatar

Jr. Member
Jr. Member

Posts: 65

Joined: Fri Jul 16, 2010 12:36 am

Post Fri Nov 12, 2010 6:37 pm

Re: Using BackTrack4 as your Everyday O/S

MindOverMatter wrote:Thanks mallaigh, your post was very helpful and I have to agree.

I am in the process of converting to openSuse (was first thinking Ubuntu), but have the physical media for it from a while ago.  I am going to have to work on locking it down best as possible, but of course this is not only going to help with the machines security, but the learning experience in itself.

I like how you mentioned to use your Windows security knowledge and port it over to whatever distro.  I know you mean in a more general and conceptual way, but it does make perfect sense in the realms applicable.




Everyone learns in different ways.  I have managed to learn how to work with and admin all the different operating systems hrough comparing and contrasting their differences.  As far as Unix/Linux based operating systems go, I first learned my way around Linux.  Then when I went to learn BSD, I expected it to be very different but really found it to be quite similar in many aspects.  I have taken the same approach to every different version of Windows that has come out over the years.  

If you ask me, an OS is a tool.  You don't use a hammer to drive a screw (it would work, just not well), so how can one OS be a super tool?  The graphic designers at work use Apples, the advertising people use Windows, and a few developers have started to use Linux.  In each case, they are using the better tool for their job.  I recently helped those developers switch to Linux, and they have reported productivity increases.  In each case, I would argue that they are using the superior tool for their job.  All 3 operating systems have been brought up to company security standards, and it was all very similar process.  Set passwords, install and configure firewalls, install antivirus, and install updates.  The steps are different yes, but the general process is the same.  

The point I'm trying to make, learn all the operating systems.  Learn how to harden them, and their strengths and weaknesses. Don't fall into the "fan boy/girl" mentality that there is one operating system to rule them all.

Return to Other

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software