Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Do I need to really evaluate all these applications or some of them can do the job that others can do? For example, if I use the Metasploit Framework, do I need to use OpenVAS?
In an ideal world, you would start from capabilities and then select applications until you have one, or more, that covers each capability that you need
You seem to have some of your list mis-filed (eg tripwire)
You might want to look at some distros explicitly targeted at this area to see what the established players use:
Also be aware that wireshark, while useful/vital/handy is quite a different thing from some of the others on the list. Some of the others are 'aim and fire' while wireshark won't do anything for you unless there is a sentient lifeform to look through the results. this may or may not be a concern to you.
And, be very careful what you ask for: it would be easy to get mistaken for someone who wants to hack in and do bad things rather than someone who is intent on improving and checking security by probing for vulnerabilities.
I will be doing a network assessment and the network has Linux machines. I selected those applications because those are the among the most popular ones.
Going back to my question. Do I need to really evaluate all these applications or some of them can do the job that others can do? For example, if I use the Metasploit Framework, do I need to use OpenVAS?
Unless there has been a pretty serious change of direction, I don't think Tripwire is a rootkit detector. Instead, Tripwire detects changes to files, regardless of how those changes are made. Aide and Samhain do a similar sort of thing. Examples of rootkit detectors would be rkhunter or chkrootkit.
Do I need to really evaluate all these applications or some of them can do the job that others can do? For example, if I use the Metasploit Framework, do I need to use OpenVAS?
It depends on what "doing a network assessment" comprises of here. Is it "just" reconnaissance, interpreting results and reporting, or would you be required to actively exploit specific vulns? Do you have a plan or an outline?
It depends on what "doing a network assessment" comprises of here. Is it "just" reconnaissance, interpreting results and reporting, or would you be required to actively exploit specific vulns? Do you have a plan or an outline?
This is the workflow I'm planning to target:
Identity IP networks and hosts
Perform network scanning
Investigate vulnerabilities
Exploitation of vulnerabilities
So far I have found that I can use OpenVAS and Metasploit Framework for doing the tasks mentioned above.
Sorry, forgot to ask some more: what is the purpose of the assessment? Is it in any way linked to probing for or achieving a level of security as in SANS Top-10, HIPAA, CIS, NIST, OWASP, PCI-DSS or other official standards? What auditing best practices do you try to adhere to and which auditing templates do you use? Who owns the networks you'll be working on (you, your employer, paying customers)? Do these networks contain production servers? Can you assess what risk exploiting vulns on production servers holds and how to mitigate damages? What would be the added value of exploiting vulns when reporting them linking to the appropriate CVE entry for fixing should be enough? Sorry if you only see questions and no answers, I'm just interested to see how amateuristic or professional your approach is.
Is it in any way linked to probing for or achieving a level of security as in SANS Top-10, HIPAA, CIS, NIST, OWASP, PCI-DSS or other official standards?
No.
Quote:
What auditing best practices do you try to adhere to and which auditing templates do you use?
I dont have any templates yet. Where can I get more information about auditing templates?
Quote:
Who owns the networks you'll be working on (you, your employer, paying customers)?
I will be using VMWare Server to create a small environment.
Quote:
Can you assess what risk exploiting vulns on production servers holds and how to mitigate damages?
I will be using VMWare Server to create a small environment.
Quote:
What would be the added value of exploiting vulns when reporting them linking to the appropriate CVE entry for fixing should be enough?
To get familiarized with the available tools. (..) I want to get exposure to Metasploit Framework.
Clear. I think you best just go read and experiment with those toolkits then. Exploiting vulns may seem thrilling but having the knowledge to interprete results, being able to explain the report to the client and making recommendations (adding value) is what rakes in the money. To get an idea of what the field contains have a look at the the reading material at say the CIS, NIST and OWASP sites and securityfocus.com and insecure.org mailing lists for starters?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.