sego banti

[Log in to get rid of this advertisement]

Hi,

I am a newbie to linux but i have managed to set up an apache webserver on ubuntu 9.04, it is also running php, ssh and mysql. Using some of the guides i have found online, I think i have managed to harden it a fair bit. I will like to demonstrate this to a few stake holders in a professional manner.

Is there an easy to use software that i can use to simulate attacks from one computer to the 'secure' computer?

Any help will be very appericiated.

JamesChamberlain

There's a distro written for this kind of work. Please see http://www.remote-exploit.org/backtrack_download.html

Don't be an idiot and try and use this offensively.

Hangdog42

I'm going to argue that there is no way to demonstrate security. What might be secure today could be insecure tomorrow. Security is a mind-set and a process. You are always working on security or your not secure. How about a detection system? Do you have any way to find out if you've been compromised? How is your plan for investigating potential breaches? Do you have backup and restore in place? Just attacking your computer with slop like Backtrack doesn't do much of anything.

JamesChamberlain

Hmpf after reading that I'd agree. I suppose for a short, 'quick fix' attack it with backtrack would be ideal, but who knows who or when is going to attack your server.

I feel i've answered the guys question by:

but he does need to consider the wider picture. Carefully reading the above comment..

Hangdog42

With all due respect, no it wouldn't. This is why I absolutely loathe backtrack. It claims to be a penetration testing tool, but in reality the best it does is give a false sense of security. Personally, I think backtrack is a skiddie toolkit trying to masquerade behind some sort of respectability. Besides, does backtrack issue update with zero day exploits? The bad guys are likely WAY ahead of backtrack, so using it in "testing" is really only pretending to do something useful.

I'll get off my soapbox now.....

jefro

Backtrack's live cd might be a place to start unless someone offers a better solution. Just saying it stinks doesn't help.

For the most part, you can assume any computer connected to the internet is unsafe at any speed. Seems the latest hack fest took down Mac, Win and Linux in a matter of minutes.

Tinkster

Moved: This thread is more suitable in <Security> and has been moved accordingly to help your thread/question get the exposure it deserves.

Hangdog42

I'm going to strongly disagree. First, I did point out some things to start thinking about besides backtrack. Second, offering up backtrack as a solution here is about as useful as pointing to instructions on how to bake a cake. Isn't pointing out complete futility useful?

What the OP should be doing (in my opinion) is understanding existing security threats to the software on the server. Make sure it and the OS are fully patched. Understand how physically secure the system is. Make sure that if an intrusion occurs, there is a way to detect it and understand what happened. And then have the resources available to recover from the intrusion and prevent it in the future. Backtrack is completely and totally useless for any of those activities.

I'll admit I'm a security rookie, but I have done a fair bit of reading here and elsewhere. What I will say is from what I have learned, backtrack really doesn't cut it. The ONLY thing it can do is give a false sense of security.

sego banti

thanks for the feedback so far guys, i guess having an intrusion detection system on the "secure" end will be handy to show it resisting "attacks" as well. If i were to use back track to simulate attacks, what IDS will be appropriate to show it resisting them. (if it holds up that is).
Again any help is greatly appreciated.

Hangdog42

Unspawn has already compiled a ton of suggestions that you can find in the sticky at the top of the forum. Post 3 is the most directly applicable to detecting intrusions.

slimm609

Yes there are backtrack repos that keep everything up to date. From exploits to kernel patches. Most of the time shortly after the exploit is released it is in the repos ready for you to update.

Not to be rude but if you knew more about backtrack then you would know that some of the 0day POC exploits are written by backtrack contributers. So the theory that the bad guys are way ahead is not entirely accurate.

slimm609

I would also have to disagree with this. Backtrack has a lot of useful tools for testing current environments. All the tools that are included are open-source and can get aquired elsewhere but backtrack already has a nice collection of tools in one location. Sniffers, Fuzzers, Debuggers, shell code generators, etc. Backtrack is not just used to test against known vulns. It includes plenty of tools for finding/coding new exploits/vulns.

This is right off the site

"I wish I had BT3 many years ago. It would have saved me a lot of time." - Kevin Mitnick

"BackTrack is the fastest way to go from boot to remote root." - H.D. Moore

"BackTrack is the ninja hacker's weapon of choice." - Johnny Long


here is more reviews of the training based off of backtrack from the backtrack creators.
http://www.offensive-security.com/course-reviews.php