Back to article
Bad-Guy Tools for Good Guys
When You Have to Make an Omelette...
January 8, 2007
Script kiddies, Far-Eastern organized crime gangs, disgruntled employees: you name them and the chances are that at some point in the future your network will come under attack from them. In fact it probably already has.
Network security is a tricky problem for administrators because there's nothing you can do to make your network completely secure forever--security is a continuous process, and the aim must be to make it secure enough to make the risk of penetration acceptable, at an acceptable cost.
One of the difficulties is that in order to decide if your network is secure enough, you need to know how secure it really is. You can adopt security best practices and issue security policies and guidelines until you're blue in the face, but unless users stick to them, what you actually have is a network which is far less secure in practice than it is on paper. The employee that installs his own wireless access point or brings his home laptop in to work and connects it to the network can blow any notion of network security out of the water in an instant.
One of the best ways to see how secure your network really is, is to see how easy it is to break in to it and compromise machines connected to it. To do this you can go to a security consultancy and get a good guy to try and hack in to your network, but it depends on you trusting the white-hat hacker, and it can be expensive. How much is it worth paying? This is a tricky question to answer as it's not clear what the ROI will be.
That's why a DIY approach can be attractive, but you have to know what you are doing and--more to the point--you have to know what malicious hackers are likely to do. And that's where the proliferation of so-called "security" Linux live CDs come in to it. These CDs--obtainable as downloadable .iso files--can be used to convert almost any old laptop into a powerful security assessment tool just by popping in the CD and booting the machine up. And since they're live CDs, you can use them on any machine without interfering with its hard drive. Take the CD out and reboot and you're back to whatever environment was previously running on it.
There are many, many security Linux distros out there, and it would be na�ve to assume that they are all really aimed at security professionals wanting to check their networks. The majority are quite clearly aimed at people interested in breaking into networks, perhaps for excitement or to impress their friends, or maybe with more malicious intent. But that can actually work in your favor: a security Linux distro can put into your hands exactly the same toolbox that the bad guys have, so by making use of it you can get a good idea of what the baddies can and can't easily do to your network.