Security in the network with Kali Linux
Watchful Dragon
One of the most demanding tasks for network administrators is securing the LAN against attacks. In this context, admins must remember that infrastructure and data are threatened not only by external attacks but also by internal flaws that can cause significant problems.
Linux offers an almost endless variety of tools for performing tests and simulated attacks to help protect a network. However, the installation and configuration of individual tools is often time-consuming and complicated. The Kali Linux distribution specializes in testing and security solutions to take this work off your hands: It provides preconfigured versions of all the necessary tools out the box.
Getting Started
Kali Linux is available for various architectures as an approximately 3GB image [1]. After burning and booting the Live medium, the GRUB boot manager shows you several startup options for various Live modes or direct installation on disk. Forensic mode is a special feature here; it tells the Debian derivative to mount any external storage medium as read-only, which rules out any manipulation of storage devices that need to be forensically investigated.
Kali Linux boots to an inconspicuous Gnome desktop (Figure 1) that reveals a comprehensive menu structure after clicking on the Applications button in the panel bar at top left. In addition to the usual menu groups, three distribution-specific subgroups can be found: Electronics , Hamradio , and Kali Linux . The Kali Linux subgroup contains various security tools for any conceivable application scenario, Electronics is devoted to the Arduino single-board computer, and Hamradio contains the Chirp tool for programming amateur radios.
The traditional menus appear very tidy and only contain the most important software in terms of applications for end users, such as office, image editing, and multimedia.
Kali Linux Menu
The central Kali Linux menu organizes its software inventory by application scenarios based on your practical approach. For example, programs that are used to obtain information about existing IT installations can be found in the Information Gathering subgroup. Here you will find network scanners, protocol analyzers, and software that provides general information about the DNS system and routing. For most categories, Kali integrates several applications into the submenus, which means some fairly deep menu structures are needed to cover virtually all test scenarios (Figure 2).
The Vulnerability Analysis submenu includes several groups for identifying vulnerabilities on the network. Different tools to test the hardware, especially in larger installations, of network vendor Cisco can be found here. Additionally, you'll find network scanners that analyze open ports and programs that sound out the security of databases.
You will find more important applications for collecting and evaluating data traffic and for special services such as VoIP in the Sniffing/Spoofing submenu, which also includes applications for logging web traffic. The Wireshark and Ettercap programs, as the best-known representatives for data sniffing and analysis, stand out here.
The Web Applications submenu specifically deals with detecting vulnerabilities in web services and servers. These tools are primarily suited for securing your own web server or the applications running on it.
Tests
Kali Linux provides a large number of special applications for testing the security of the LAN and WLAN. The distribution organizes the corresponding programs into four subgroups: Password Attacks , Wireless Attacks , Stress Testing , and Hardware Hacking .
Tools from the Password Attacks group reveal weak passwords, and tools from the Wireless Attacks group deal with a variety of wireless technologies. This includes vulnerabilities in legacy WLAN installations as well as technologies such as Bluetooth and RFID. The latter are often used as access control systems in companies.
The Stress Testing subgroup includes a number of applications that test the load behavior of the LAN or WLAN; VoIP solutions can also be integrated into your tests. They tell you if the attacker can compromise individual systems in the intranet or the DMZ through targeted data flooding.
Kali Linux also explicitly includes network hardware in its corresponding test routines: Several tools thus test different manufacturers' routers for vulnerabilities.
Tools from the Hardware Hacking group carefully examine devices that run the Android operating system, including the Arduino single-board computer (SBC). Although SBCs are still not particularly widespread in the corporate IT environment, omnipresent mobile devices running Android, such as tablets and smartphones, represent a significant security risk if people integrate them into the local IT infrastructure without taking precautions. It is therefore advisable to check the configuration of these devices.
The applications listed in the Exploitation Tools subgroup are all about checking device-specific firmware – and services and operating systems – for known vulnerabilities. Negligence in terms of firmware updates or service configurations is quickly and reliably revealed. The Metasploit framework is the best known representative of this application group; it can perform attacks and tests against distributed infrastructures.
Several tools that can be used to install backdoors can be found in the Maintaining Access subgroup; this practice guarantees longer-term checking of access to external systems. Kali Linux distinguishes between operating system-specific backdoors and those for your web server.
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.