It security has always been a hot topic. But how do you guarantee the security of your network, servers, or even individual workstations? You try to break in.
Kali Linux is my tool of choice. Before it was rebuilt, Kali Linux used to go by the name BackTrack. As its successor Kali Linux continues to offer a distribution with a plethora of security related packages.
Although many of the penetration tools included in Kali will require some background in security, Kali is for the most part easily accessible. Many of the tools are self-explanatory, scripts are included to automate some processes.
For example, if you want to break into a wireless network you simply find the tool of choice in Kali and run it. If an older form of encryption is enabled, it will only be a matter of minutes until you have a hold of the access point’s key. This key may also happen to be used even on websites a user on the network visits. No real knowledge of how the attack works is necessary.
If you are lucky, this attacker is only looking for free internet access to check his e-mail. This is not a chance you should take. Depending on how you have your internal network configured, this user may now have access to your entire network.
As an example, I had once found a business transferring client data (including credit card numbers) over their WEP protected Wi-Fi connection. For all practical purposes, WEP provides no security. Once in the network, database files were openly shared. It’s a miracle that no one had wreaked havoc on the business by this point.
Keep in mind that Kali works on a multitude of platforms. It can be installed on a raspberry pie, or even some android phones. This means that an attacker can place a hidden device near your network and sit at home taking all the time in the world to either sniff your data or plan the next step in an attack.
The key to a possible attack is the ease of use tools like this allow. This is also the key to your own defense. Kali Linux allows you to see what security holes you may have. You can have a look at what data you may be able to sniff, which may lead you to encrypt certain network links, or enforce a policy of encryption over certain files traveling through your network.
As the massive power of modern GPUs is unlocked to allow faster brute force attacks it’s important to have a policy for secure passwords. Dictionary attacks can now break into unsecure passwords in a matter of seconds. Rainbow tables have seen a similar increase password cracking speeds.
Kali can be ran live or on a virtual machine. If you have trouble understanding some of the tools, or want to test certain aspects of your security read through the documentation. YouTube is also filled with step by step guides on how to use many of the packages Kali includes for penetration testing.