You want without lengthy installation and configuration process can be achieved on a Linux system security assessment? in this article we will introduce the four packages: Auditor, Whoppix, Knoppix-STD and PHLAK, using these packages, you can use the LiveCD.
Real security system can only be shut off, in a concrete pouring of buildings in a closed room, and police forces to guard. Many of us have no security to their system, then the mining extremely to how we should proceed to assess the system's flaws? or is connected to the Internet computer has such defects ¿and there will be many vulnerabilities?, how should we judge the level of security for your office network? taking into account these potentially unsafe, I find on the Internet some tools to help evaluate system and network security, final wishes to enhance the security of the system. My search for a number of results: there are some excellent tools that are freely available for download and use. This article describes these security assessment tool, and use the tools on the system quickly and easily test. Rich tool to make the system more secure, there are some tools can be used to determine the system's ability to resist various attacks, for example: using a firewall such as such as blockall tool, you can restrict all TCP traffic reached; use a tool such as such as floppyfw, you can on a floppy for the firewall. Labrea is a "sticky honeypot", you can limit the worm and port scan attack, eliminating them. There are many intrusion detection systems (IDS), such as the very popular Snort and logsnorter. Packet sniffer, such as ethereal, dsniff, driftnet, msgsnarf, urlsnarf, and help filter is not used for communication, for example would be a waste of bandwidth IM message. Wireless tools, for example, airsnarf, airsnort and kismet can help assess the situation of your wireless network. Some successful tools, such as chntpw (you can reset the password on a Windows system) and pwl9x (can attack Windows9x password files), as well as allwords2 (a 27MB English Dictionary) can bring you use longer contain figures of non standard password. If you think this has involved all of the terms, then please try defect evaluation tools such as nessus and nmap hydra,. Hey, most of the tools can only run on Linux! now Linux is no problem, after all it's free, I can in my own family by running on your system. But who are willing to spend a weekend to install and configure system?, at least I don't want to. If I want to test the working of the machine? I need to obtain authorization to install Linux? here's a very simple solution. It is here. Welcome to the LiveCD security assessment tool in the world. About LiveCD LiveCD is a saved in bootable operating system on CD-ROM (and other software), you can start from the above OS without a lengthy installation process. Most are based on the Linux kernel (but there are also some LiveCD is prepared for a different operating system). It's working when these files on a RAM disk (this reduces the application can use the amount of RAM, which degrade system performance, but don't forget, our goal is to assess the security of the system). Once you remove LinveCD and restart the system after the original system is restored. Some LiveCD also provides an installation tool, you can use it to your hard drive or system install USB disk; most of this LiveCD can access internal/external hard drive, disk and Flash memory. Syslinux is used to boot the LiveCD based on Linux, as well as the Linux floppy disk. For PC, bootable CD usually comply with the specification, this will ElTorito will a file on disk (possibly hidden) as a floppy disk image to use. Many LiveCD uses a compressed filesystem image, which usually provides the cloop compressed loopback driver to effectively double the use of storage capacity. There are some emulators on the market, can be used to test LiveCD instead of burn it to CD and boot the computer. Supports the widest range of i386 emulator is VMware; there are other emulator Qemu, Bochs, PearPC and they can be used to simulate the x 86 and PowerPC platforms or both; but according to their use of simulation methods, their faster than some commercial version. In addition a commercial version of the Simulator is VirtualPC. Now let's take a look at some LiveCD security tools. Auditor Auditor security tool is based on Knoppix. As a result of having to install, we only need to insert the CD into the CD-ROM in a few minutes to start using analysis platform. Auditor's main developer MaxMoser pointed out that the LiveCD environment menu structure is its biggest advantage. Even if the user does not know the name of the tool, you can also use the right tools. In addition to the approximately 300 tools, the Auditor security package also contains some relevant standard configuration and training information, password, and a variety of different regions and languages the word list, about 6400 million. The CD also contains some accessibility tools, such as a Web browser, text editor, and some can beTo create a graphic tool of the analysis report. You can use auditor-hdinstall script will install the Auditor to the hard disk. You should have 2 GB of hard drive space. Setup will not create a partition for you, so be sure to partition and format in advance. LiveCD automatic configuration script to simplify the use of various hardware. Moser said wireless tools (such as the Wellenreiter and Kismet) can use the automatic hardware detection tool can be configured so that it avoids the use of wireless network card required for those pesky configuration tasks. Figure 1.Auditor tools
No comments:
Post a Comment