Which users have what permissions? Which systems are on what VLAN, and what IP address scheme will be used for which subnet?
The best system administrators maintain some type of organizational scheme for all of these questions - and more. If you're one of these organizational freaks of nature, there's a tool out there you may be missing - a certain Linux distribution where order, intuitiveness and functionality were implemented to make life easier for security professionals. This Linux distribution is called BackTrack, and professionals should get to know it, because it's highly useful, and it can be exploited by hackers. (For background reading on Linux, see Linux: Bastion of Freedom.)
What Is BackTrack?On February 5, 2006, BackTrack 1.0 was released and billed as a merger between two competing Linux distributions known as WHAX and Auditor Security Linux. It featured a KDE desktop that ran on top of the 188.8.131.52 Linux kernel, but its primary claim to fame revolved around the highly detailed compilation of out of the box penetration tools. Over the years, BackTrack released approximately one new distribution every year. At the time of this writing, the most current release is Backtrack 5 Release 1, which was released in August 2011. It has become wildly popular within the security industry. BackTrack 5 is based on Ubuntu, and allows for easier updates due to its access to Ubuntu’s software repositories. It also features both a KDE and a GNOME desktop that the end user may select prior to downloading the ISO image.
Some Useful ToolsThe latest and the greatest BackTrack has a few more bells and whistles. But what sets BackTrack apart from many of its Linux brethren is the compilation of out of the box security tools, coupled with its Ubuntu Long Term Support (LTS) partnership. Not only can security administrators save incalculable amounts of time by having so many tools at their fingertips, but they also may take comfort in the fact that BackTrack’s access to Ubuntu’s repositories allows for easy updates and easy downloading of additional tools. Some of the more popular security tools currently offered by BackTrack 5 are Metasploit, Network Mapper (Nmap) and John the Ripper.
The Metasploit Framework was developed in 2003 as a means to take advantage of known software bugs when assessing a given network. Currently, Metasploit has made considerable gains in popularity, and it has proceeded to make significant advances in the areas of Wi-Fi and protocol exploitation. Perhaps the most common use of Metasploit involves its ability to assess whether a given node has been updated and patched correctly. For example, Microsoft routinely releases updates and/or security patches after certain vulnerabilities have been discovered by Microsoft or a third party. After said patch is released, Metasploit Framework developers create exploits to take advantage of previously patched Microsoft bugs. Consequently, security auditors that choose to use Metasploit often do nothing more than simply ensure that a given node is updated and patched properly. (Read more about patches in Patch the Future: New Challenges in Software Patching.)
Widely considered the gold standard of port scanners, Nmap is one of several scanners available within BackTrack. Originally developed as a host discovery tool, Nmap has achieved a profound level of popularity in the security community, as it also provides port scanning and operating system (OS) detection services. Nmap comes installed in BackTrack and allows the end user to use the tool on the command line or by using the Zenmap GUI.
Much like Nmap, John the Ripper increasingly has become an industry standard in the security community. This Linux password cracking tool works completely offline and receives commands solely via the command line. Although it primarily operates on Linux machines, John the Ripper is capable of cracking passwords across several different platforms. John is an invaluable tool for system administrators that want to assess the complexity of various passwords used across a network. However, system administrators must ensure that they have access to the password file on each node.