Home > Privacy, Security > Assess System Security Using a Linux LiveCD Assess System Security Using a Linux LiveCD Submitted by anonymous 2005-08-01 Privacy, Security 8 Comments Want to assess security vulnerabilities on your Linux system without lengthy installation and configuration efforts? We introduce four packages — Auditor, Whoppix, Knoppix-STD, and PHLAK — that bring you that ability through the magic of LiveCD. About The Author Thom Holwerda Follow me on Twitter @thomholwerda 8 Comments 2005-08-01 3:55 pm Lets make all these tools easily accessible for crackers and script-kiddies, good idea. 2005-08-01 4:00 pm Robert Escue A similar article was wriiten by Scott Granneman of SecurityFocus on the same topic: http://www.securityfocus.com/columnists/323 I have used Whoppix and Auditor, and Auditor rules! Detected Proxim wireless card and in seconds I was using Wellenreiter to scan for unsecured wireless networks. 2005-08-01 5:44 pm So you think ignorance on the part of everyone is the best way? or are you going to be the one to decide who is allowed to “read and write”, so to speak. Oh and btw if had even RTFA you would know that there are live cds. Not exactly the usual way crackers break into systems. And if you were actually so concerned about roving bands of crackers in your org, you would probably have switched to afs/kerberos by now. 2005-08-01 8:28 pm http://www.inside-security.de/insert_en.html I have found INSERT to be the best one for my needs. AV, NTFS r/w, + more. This is just one of the many great live security distros. -iGZo 2005-08-01 9:28 pm http://www.e-fense.com/helix/ Another useful tool for the kit. 2005-08-01 10:45 pm sigh – bottom up scurity analysis is wrong. you need to take a top downa pproach. so what if you can run port scans and vulnerability tests if there is no context then the results are not meaninglful. you nee to: * determine what your/the organisation does and which processes/paths are critical * do an audit of assets and then * consider the risk of each critical process in terms of how the assetd involved are secure (secure = availability, accountability, not just privacy and integrity). * after a risk assessment, part of which is a scan/probe/etc … you then * prioritise and allocate effort and funds to treating the risks… its like people who spend large sums of money to buy a fantastic triple-lock door and leave the window open. security is not, if it is not holistic. http://coras.sourceforge.net is a more appropriate tools to consider before you think about scanners and probers … http://www.phisecurityconsulting.com appears to be taking the correct approach. 2005-08-01 11:46 pm don’t forget Pentoo which is one of the BEST! 2005-08-02 12:25 pm THIS TOPIC HAS NOTHING TO DO WITH LINUX… What abouth “other” – non linux – live cd’s. This is not new, my first live cd was a window 98 thingie with all sorts of script kiddie software on there!!!