Dieterle - Basic security testing with Kali Linux test your computer system security by using the same tactics that an attacker would use

Basic Security Testing with Kali Linux

Cover design and photo provided by Moriah Dieterle.

Copyright 2013 by Daniel W. Dieterle. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means without the prior written permission of the publisher.

All trademarks, registered trademarks and logos are the property of their respective owners.

ISBN-13: 978-1494861278

Thanks to my family for their unending support and prayer, you are truly a gift from God!

Thanks to my friends in the infosec & cybersecurity community for sharing your knowledge and time with me. And thanks to my friends in our local book writers club (especially you Bill!), without your input, companionship and advice, this would have never happened.

Daniel Dieterle

It is said that if you know your enemies and know yourself, you will not be imperiled in a hundred battles - Sun Tzu

Behold, I send you forth as sheep in the midst of wolves: be ye therefore wise as serpents, and harmless as doves. - Matthew 10:16 (KJV)

About the Author

Daniel W. Dieterle has worked in the IT field for over 20 years. During this time he worked for a computer support company where he provided computer and network support for hundreds of companies across Upstate New York and throughout Northern Pennsylvania.

He also worked in a Fortune 500 corporate data center, briefly worked at an Ivy League schools computer support department and served as an executive at an electrical engineering company.

For about the last 5 years Daniel has been completely focused on security. He created and authors the CyberArms Computer Security Blog , and his articles have been published in international security magazines, and referenced by both technical entities and the media.

Daniel has assisted with numerous security training classes and technical training books mainly based on Backtrack and Kali Linux.

Daniel W. Dieterle

C yberarms@live.com

Cyberarms.wordpress.com

Table of Contents

Chapter 1 - Introduction

What is Kali?

Kali is the latest and greatest version of the ever popular Backtrack Linux penetration testing distribution. The creators of the Backtrack series kept Kali in a format very similar to Backtrack, so anyone familiar with the older Backtrack platform will feel right at home.

Kali has been re-vamped from the ground up to be the best and most feature rich Ethical Hacking/ Pentesting distribution available. Kali also runs on more hardware devices greatly increasing your options for computer security penetration testing or pentesting systems.

If you are coming to Kali from a Backtrack background, after a short familiarization period you should find that everything is very similar and your comfort level should grow very quickly.

If you are new to Kali, once you get used to it, you will find an easy to use security testing platform that includes hundreds of useful and powerful tools to test and help secure your network systems.

Why Use Kali?

Kali includes over 300 security testing tools. A lot of the redundant tools from Backtrack have been removed and the tool interface streamlined. You can now get to the most used tools quickly as they appear in a top ten security tool menu. You can also find these same tools and a plethora of others all neatly categorized in the menu system.

Kali allows you to use similar tools and techniques that a hacker would use to test the security of your network so you can find and correct these issues before a real hacker finds them.

I would think the biggest drive to use Kali over commercial security solutions is the price. Security testing tools can be extremely costly, Kali is free! Secondly, Kali includes open source versions of numerous commercial security products, so you could conceivably replace costly programs by simply using Kali.

All though Kali does includes several free versions of popular software programs that can be upgraded to the full featured paid versions and used directly through Kali.

There really are no major tool usage differences between Backtrack and Kali. Kali is basically Backtrack version 6, or the latest version of Backtrack. But it has been completely retooled from the ground up, making software updates and additions much easier.

In Backtrack updating some programs seemed to break others, in Kali, you update everything using the Kali update command which keeps system integrity much better.

Simply update Kali and it will pull down the latest versions of the included tools for you. Just a note of caution, updating tools individually could break Kali, so running the Kali update is always the best way to get the latest packages for the OS.

I must admit though, some tools that I liked in the original Backtrack are missing in Kali. It is not too big of a deal as another tool in Kali most likely does the same or similar thing. And then again you can install other programs you like if needed.

In addition to stand alone and virtual machine instances of Kali, I also use Kali on a Raspberry Pi - a mini credit card sized ARM based computer. With Kali, you can do almost everything on a Pi that you could do on a full sized system. In my book I will cover using the PI as a security testing platform including testing Wireless networks.

Testing networks with a computer you could fit in your pocket, how cool is that?

Though Kali cant possibly contain all the possible security tools that every individual would prefer, it contains enough that Kali could be used from beginning to end. Dont forget that Kali is not just a security tool, but a full-fledged Linux Operating System. So if your favorite tool runs under Linux, but is not included, most likely you can install and run it in Kali.

Ethical Hacking Issues

Using Ethical Hacking a security tester basically acts like a hacker. He uses tools and techniques that a hacker would most likely use to test a target networks security. The difference is, the penetration tester is hired by the company to test its security and when done reveals to the leadership team how they got in and what they can do to plug the holes.

The biggest issue I see in using these techniques is ethics and law. Some security testing techniques that you can perform with Kali and its included tools are actually illegal to do in some areas. So it is important that users check their local, State and Federal laws before using Kali.