October 10, 2008

Building a Security Tool Chest – Part 1 – The Foundation

With the seemingly endless number of security products, utilities and information
sites available today the thought of putting together a set of tools to perform routine
security tasks might seem daunting. It can be, but it doesn’t have to be. Over the
next few entries I am going to walk through how someone would put together a security
tool chest that can be used for almost all day to day security needs.

What is a Live CD?

The first step is ensuring we have a solid foundation to build upon. There is no question
a UNIX based operating system lends itself to being a better choice in the security
space. Luckily over the past decade “Live CD” have been created and evolved. A Live
CD is an entire operating system that can be run directly off the distribution media.
Simply insert the CD or DVD, configure the machines BIOS to boot from the removable
drive before the hard disk and within a few seconds your Live CD distro will be up
and running!

So why use a LiveCD as our base? Well over the past decade they have evolved from
simple bare operating system environments into complete systems filled with numerous
useful tools. From a security perspective there are now two clear choices in choosing
a particular distro: Backtrack 3 and Helix3. However, they both fulfill different
roles and needs.
Backtrack 3 – All-inclusive Pentest Distro


Backtrack 3 is the third iteration of the Backtrack distribution which came out of
the merging of two other security tools focused LiveCD distros. Backtrack 3 is now
the premier penetration testing LiveCD available. It contains over 300 modern security
tools focused on penetration testing and uses Slackware Linux as its base operating
system. One would be hard pressed to find an open source pen-testing utility or penetration testing utility that
is not included in this distro. I will be covering the major tools included in Backtrack
3 in later posts. So stay tuned!
Helix 3 – Uncovering that lost information


Now it may sound like Backtrack 3 is all a security professional would ever need.
Not true! Just as important to pen-testing and information recon is the ability to
respond when an incident has occurred. For this, we turn to Helix 3. Released less
than one month ago, Helix 3 represents the best open source forensics and incident
response toolkit available. Based on the Ubuntu Linux as a base operating system,
Helix 3 has had many of its utilities specially modified to ensure the host computer
is not altered in any way. Thus allowing security professionals and forensic investigators
the ability to preserve the chain of custody of any evidence uncovered.

With these two LiveCDs in hand you are well on your way to having all the tools necessary
for any security problems that us professionals run into in our daily roles.

My next post will be covering information gathering and the sites and tools that allow
security professionals to dig up all forms of interesting information.


Backtrack 3 – http://www.remote-exploit.org/backtrack.html

Helix3 – http://www.e-fense.com/helix/