Assesment Toolkit for Linux
Hello,
I'm traying to select a good set of applications to start building a toolkit to do security assesments on Linux machines. So far I have selected the following applications Vulnerability Scanner - OpenVAS Packet Sniffer - Wireshark Intrusion Detection System - Snort Web Vulnerability Scanner - Nikto Password Cracker - THC Hydra Rootkit Detector - Tripwire Penetration Testing - Metasploit Framework Do I need to really evaluate all these applications or some of them can do the job that others can do? For example, if I use the Metasploit Framework, do I need to use OpenVAS? Thanks in advanced, |
I am not a security expert, but:
And, be very careful what you ask for: it would be easy to get mistaken for someone who wants to hack in and do bad things rather than someone who is intent on improving and checking security by probing for vulnerabilities. |
I will be doing a network assessment and the network has Linux machines. I selected those applications because those are the among the most popular ones.
Going back to my question. Do I need to really evaluate all these applications or some of them can do the job that others can do? For example, if I use the Metasploit Framework, do I need to use OpenVAS? Thanks in advanced. |
Quote:
|
Quote:
|
Quote:
Identity IP networks and hosts Perform network scanning Investigate vulnerabilities Exploitation of vulnerabilities So far I have found that I can use OpenVAS and Metasploit Framework for doing the tasks mentioned above. |
Sorry, forgot to ask some more: what is the purpose of the assessment? Is it in any way linked to probing for or achieving a level of security as in SANS Top-10, HIPAA, CIS, NIST, OWASP, PCI-DSS or other official standards? What auditing best practices do you try to adhere to and which auditing templates do you use? Who owns the networks you'll be working on (you, your employer, paying customers)? Do these networks contain production servers? Can you assess what risk exploiting vulns on production servers holds and how to mitigate damages? What would be the added value of exploiting vulns when reporting them linking to the appropriate CVE entry for fixing should be enough? Sorry if you only see questions and no answers, I'm just interested to see how amateuristic or professional your approach is.
|
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
|
Quote:
|
All times are GMT -5. The time now is 09:20 PM. |