- 论坛徽章:
- 0
|
前提:你有一台配置不错的机器(内存最好512以上 1G以上为佳 硬盘当然越大越好啦^_^)
以我自己的电脑为例说明:
配置:
cpu:移动赛扬1.5G
内存:1.2G
硬盘:40G(有点小)
系统:xp+linux
相关资源:
Assess system security using a Linux LiveCD
http://www-128.ibm.com/developerworks/linux/library/l-livecdsec/
livecd下载:
http://www.frozentech.com/conten ... &sort=&sm=1
工作原因,默认系统xp,装了linux双系统,但总觉得不爽,后来有一次在网上看到了一个文章《Assess system security using a Linux LiveCD》,参见后文介绍或以下网页。http://www-128.ibm.com/developerworks/linux/library/l-livecdsec/
下了几个live-cd( frozentech的livecd list下载地址:http://www.frozentech.com/content/livecd.php?pick=All& showonly=Security&sort=&sm=1)的ISO文件到电脑上,用DAEMON Tools挂到虚拟光驱里边,看了看文档 决定使用试试,刻了几张盘,感觉真是不错的工具。后来为了方便使用linux,其实初衷是为了在自己的电脑上搭建一个ISCSI的实验环境和进行存储的一些模拟,就装了一个VMWARE,在下边装了UBUNTU和SOLARIS,后来又使用LIVECD,又觉得不方便,就 在VMWARE下边建立了一个新的虚拟机,不必分给很多硬盘空间给它(2G足够了,而且是上限,在你硬盘上边实际上一般也就是256M),因为你并不用真 的往上边安装系统,而是利用这个虚拟的机器来运行你的LIVECD。把虚拟机的默认光驱改成你电脑上DAEMON tools 虚拟出来的光驱,然后用DAEMON tools mount上你下载到硬盘上的LIVECD的ISO文件,然后在VMWARE里把你这个新的虚拟机开机,你就可以在WIN下边使用linux了,而且你不 用安装,最大也就占用你的700M硬盘空间了 ,算算吧 你可以在你的电脑上安装多少个系统啊 ^_^
Assess system security using a Linux LiveCD
Four LiveCD offerings specialize in nailing down vulnerabilities
Level: Introductory
Mayank Sharma (geeky_bodhi@yahoo.co.in), Freelance technical writer
27 Jul 2005
Want to assess security vulnerabilities on your Linux™ system without lengthy installation and configuration efforts? We introduce four packages -- Auditor, Whoppix, Knoppix-STD, and PHLAK -- that bring you that ability through the magic of LiveCD.
The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards.
-- Gene Spafford, CS professor at Purdue and consultant on issues of security and cybercrime
Since many of us don't go to that extreme to keep our systems secure, how do we assess our vulnerability? Or the vulnerability of a computer that is connected to the Internet and has literally thousands of points of entry? How do you determine the level of security in your office network, even if you have a network administrator manning it?
Just the thought of this potential insecurity made me jump on the Internet to look for tools that could help me assess the sturdiness of my system's and network's security with the hope of eventually making it more secure. My search returned several results: excellent tools that I could download and use for free. This article talks about about these security-assessment tools and the fastest, easiest way to test your systems using them.
Tools galore!
Apart from making your system more secure, there are lots of tools you can use to determine your system's ability to withstand any kind of attack. For example:
• Using firewall tools like blockall, you can restrict all inbound TCP traffic; with a tool like floppyfw, you can turn a floppy into a firewall.
• Labrea is a honeypot that can tarpit worms and port scanners, thereby nullifying their effect.
• Then there are a number of intrusion detection systems (IDS) like the very popular Snort and logsnorter.
• Packet Sniffers like ethereal, dsniff, driftnet, urlsnarf, and msgsnarf can help sniff-out useless traffic like IM messages that waste bandwidth.
• Wireless Tools like airsnarf, airsnort, kismet can help you asses the strength of your wireless network.
• The success-rate of tools such as chntpw (which can reset passwords on a Windows box) and pwl9x (which can crack Windows 9x password files), along with allwords2 (a 27-MB English dictionary), will drive home the point of having long, alphanumeric, nonstandard passwords.
• And if you think you have everything covered, try vulnerability assessment tools like hydra, nessus, and nmap.
Eeek! Most of these tools only run on Linux!
Now Linux is not a problem -- after all, it's free and I can run it on my home systems. But who wants to spend a weekend installing and configuring to set this up? Not me. And what if I want to test my machine at work? How do I get authorization to install Linux on it? There has to be an easier solution.
There is. Welcome to the world of security-assessment-tools-on-a-LiveCD.
About LiveCD
A LiveCD is an operating system (plus other software) stored on a bootable CD-ROM from which the OS can be executed without having to go through time-consuming installation. Most are based on the Linux kernel (but there are LiveCDs for other operating systems). It works by placing the files on a RAM disk (it cuts down RAM for applications, slowing performance, but remember, our goal is to assess the system's security). Once you kick out the LiveCD and reboot, your original system comes back. Some LiveCDs come with an installation utility that lets you install the system on a hard drive or USB keydrive; most can access information on internal/external hard drives, disks, and Flash memories.
syslinux is used to boot Linux-based LiveCDs, as well as Linux floppies. For the PC, the bootable CD generally conforms to the El Torito specification, which treats a special file on the disc (possibly hidden) as a floppy diskette image. Many LiveCDs use a compressed filesystem image that often comes with the cloop compressed loopback driver to effectively double the storage capacity.
There are number of emulators on the market that you can use to try a LiveCD without the need to burn it to a CD or boot it on the computer. The most widely supported i386 emulator is VMware. Others include Qemu, PearPC, and Bochs, which can all also emulate the x86 and/or PowerPC® platforms; but due to their emulation methods, they are slower than the commercial alternatives. Another commercial one is VirtualPC.
Now let's look at some of the LiveCD security collections.
Auditor
The Auditor security collection is based on Knoppix. Since there is no need for an installation, the analysis platform is accessible within minutes of putting the CD into your CD-ROM drive.
The lead-developer of Auditor, Max Moser, notes that the menu structure of the LiveCD environment is its biggest advantage. It leads users to the right tool even if they don't know the name of the tool. In addition to approximately 300 tools, the Auditor security collection contains educational information on standard configuration and passwords, as well as word lists from many different regions and languages with about 64 million entries. The CD also packs productivity tools such as a Web browser, text editors, and graphic tools that you can use to create analysis reports.
You can install Auditor on to your hard disk using the auditor-hdinstall script. You should have 2 GB of hard disk space. The installer doesn't create the partition for you, so make sure you have a pre-formatted partition.
The LiveCD's autoconfiguration scripts make working with various hardware easier. Moser points out that wireless tools like Wellenreiter and Kismet were equipped with automatic hardware identification, thus avoiding the irritating and annoying configuration task that often accompanies wireless cards.
Figure 1. Auditor tools
Whoppix
Like Auditor, WhiteHat Knoppix is a penetration testing (pentest) tool. Whoppix was born when its developer, Muts, was asked to do an internal pentest for a large organization. "The Pentest guidelines did not allow me to bring in my own laptop, or to change the configuration of any client within the organization, like installing software on a local computer," he explains.
Whoppix is a pentester's paradise. It carries tons of useful pentesting tools and a huge repository of exploits (ways for hackers to gain access to your system). While Muts is not quite happy with the amount of documentation on the CD, his style of packing it is unique. Rather than simply explaining the tools, Muts and several active members on the boards have made small demo flash videos of the tools in action so even a newbie can see how easily a poorly configured msql database can be compromised.
Up to version 2.6 SP1, Whoppix used the default knoppix kernel. The new (not yet released) version has a customized 2.6.11.5 kernel with better WiFi support (Orinoco patches).
While you can install Whoppix on your hard drive, Muts doesn't go to great lengths to support it. His idea is to have a portable pentesting platform wherever you go instead of a "lazy hacker" computer setup. "One of my long-term goals is to document the tools and perhaps release a 'Whoppix hacks' book (much like the 'knoppix hacks')," says Muts. "I'm looking for help with Whoppix in general, both technical and otherwise. If anyone would like to help with the documentation, that would be great too."
Figure 2. Whoppix tools
Knoppix-STD
This distribution is again a customized version of Knoppix with an emphasis on information security tools, therefore STD (Security Tools Distribution). Knoppix-STD is currently maintained by Mark Cumming, an active contributor to the project since its inception. Cumming explains the objective of Knoppix-STD and how it differs from other similar projects: "As with all things open source, there are many tools to do the same job; security CDs are no different. From the ground up, STD is not designed to be user-friendly; that is, we don't cater to the lowest common denominator. The official line is that we use Linux as a means to an end; STD is about security tools and not Linux, although we are all avid Linux fans. STD tries to stay away from bells and whistles as far as possible. Not to the point where we don't have xwindows, but if there is an easy console method to do something, that's where we use it; we don't develop a GUI just for the sake of it. We have no concerns over making sure there is only one tool to do a job included; in fact, we plan to include everything we can get our hands on."
STD has been set up as a teaching aid for people interested in security -- this means it has a lot of documentation. Each toolset has a documentation directory. You can access every tool from its related toolset directory under /usr/bin. You'll find honeypots, firewalls, IDS, and several network utilities to help you map your heterogeneous network better.
"Right now we are building the structure of a development team to move STD forward. We are trying to move away from the "one-guy-does-it-all" to a more open development environment structured into divisions with individual team leaders. Developing a LiveCD in this way is tricky due to the very nature of the way you develop and then build a live CD distribution. Also we don't have the hardware or bandwidth infrastructure in place yet to support CVS, etc.," explains Cumming. He promises the upcoming version to be significantly different from the current version and with better WiFi support. "In the future we are looking to develop support for a small set of wireless cards. The level of support needed to help users with their $9.99 cheapest-buy card takes away the time we have to develop," says Cumming.
You can also install STD onto a hard disk using the normal Knoppix hd-install script,which is included by default. STD makes its best effort to help people with problems, but they stopped officially supporting it after many newbies thought it was a direct replacement for a RedHat desktop.
The STD forums are quite active and a nice place to start if you are planning on giving Knoppix-STD a spin.
Figure 3. Vulnerability test in Whoppix
PHLAK
PHLAK, the Professional Hacker's Linux Assault Kit, is a derivative of Morphix. Due to Morphix's modular nature, users can add their own personal tools/settings using mini-modules instead of having to rip the entire CD apart. All of the development features of Morphix are also available in PHLAK.
"We have also added the educational aspect to PHLAK. Users can browse documentation to learn about security and how to use tools," explains Shawn Hawkins, co-developer and Webmaster of PHLAK. The documents under /usr/share/doc take about 118 MB of space. There's information on various security tools, grouped into 13 categories that include analysis, auditing, scanning, and tunneling. There's also information on buffer overflows, firewalls, intrusion detection, and lots more. "Another thing we added back with 0.2-1 was XPde, which we dubbed 'sneaky.' We call it sneaky for the obvious reason (hacked with a disguised Linux distro). Of course we also add our own personal touch, the overall theme, extra tools, etc.," says Hawkins.
The currently-under-development version 0.3 has the new Morphix base and the 2.6 kernel. Hawkins also promises better wireless support, Morphix's new hard drive installer, more documentation, and new security tools.
You can install PHLAK to your hard drive with the newer installer script from Morphix 0.5Pre4. It has been modified to fit PHLAK and would copy about 1.5-2.0 GB of data.
In the long run you can expect a slimmed-down version of PHLAK that will fit on a 128-MB or 256-MB USB key. Hawkins also talks about including a new filesystem in future PHLAK releases, called unionfs, that will allow users who boot from the CD to write to the filesystem. This won't save their information to the CD, but it will allow apt-get upgrade to work, nessus plugins update, and anything else that would require write access to the filesystem.
Figure 4. Documentation in PHLAK
Conclusion
While everyone agrees that making a security assessment of a system or network is of critical concern and that a thorough assessment is a time-consuming effort that should probably be performed in concert with other testing (such as performance, for example), being able to rapidly check a system for vulnerabilities is also a useful tool, one made possible by these four security-assessment packages in LiveCD format.
Resources
Learn
• Try out the LiveCDs discussed in this article:
o Auditor security collection
o WhiteHat Knoppix penetration testing tool
o Knoppix-STD
o Professional Hacker's Linux Assault Kit, a derivative of Morphix
• "Spin up a Linux LiveCD" (developerWorks, July 2004) provides background on how to use LiveCD.
• "Securing Linux " (developerWorks, July 2004), a three-part series, shows how to plan, design, install, configure, and maintain systems running Linux in a secure way.
• Visit the developerWorks Linux zone to find more resources for Linux developers.
Get products and technologies
• Order the SEK for Linux, a two-DVD set containing the latest IBM trial software for Linux from DB2®, Lotus®, Rational®, Tivoli®, and WebSphere®.
• IBM trial software can help you build your next development project on Linux; the trial software is available for download directly from developerWorks.
Discuss
• Get involved in the developerWorks community by participating in developerWorks blogs.
 |
|
免费注册
发表于 2006-11-03 19:43
发表于 2006-11-03 19:54
