Discover system vulnerabilities and exploits
Anti-Theft Device
If you pay attention to security from the outset, you can avoid trouble farther down the road. No company can afford to ignore security, because successful attacks can trigger legal aftershocks in the form of lawsuits (e.g., for gross negligence) and fines, as well as lost revenue.
Attacks can also destroy a company's reputation. What customer would want to hand over their data to a company if the server doors are left open? Clearly, security is important, and you are well advised to consider security an implicit factor in your business plans from the outset.
Kali Linux, one of the oldest tools for systematic penetration testing (pentesting), examines systems and applications for common and known errors. The distribution comes with various pentesting tools, which, unfortunately, also bestows the rather dubious reputation of being a bona fide hacker tool. (See the "Under the Hood" box.)
Under the Hood
Kali Linux hasn't been around that long: The first official version was released in 2013. However, it had a predecessor and a role model: BackTrack Linux served a similar purpose, although maintaining a complete system became too much for developers Mati Aharoni and Devon Kearns. The question arose as to whether this structure was necessary at all, because the most important factor of BackTrack was not the operating system – it was – as is the case with Kali Linux today – the tools that came with and were perfectly integrated into the system.
Without further ado, the makers decided to retire BackTrack, and Raphael Hertzog, a long-time Debian developer and expert, was brought into the team. From then on, a new distribution based on the Debian testing branch was developed and dubbed Kali Linux. Most of the Kali Linux on-board packages still come from the testing branch of the distribution (Figure 1).
Operational Model
In the context of compliance, a setup is not necessarily secure just because its provider has a certificate hanging on the wall. Certificates merely confirm that companies have implemented processes that reduce the likelihood of serious problems.
Tools that describe the ideal state of systems and let you check that the state is maintained are helpful, although they do not detect vulnerabilities in applications, such as coding errors. Precisely these errors can offer a vector for attackers through targeted exploitation. For decades, developers of basic tools such as the GCC compiler have been working to detect serious errors in source code and then prevent the compilation process.
Such protection is not perfect, and you might only discover problems when it is too late (e.g., when a zero-day exploit is already circulating in the wild). Oftentimes you don't know about dangers because government agencies, for example, do not pass on such information, so they can exploit the vulnerabilities themselves.
In the following pages, I talk about how Kali Linux works and which tools are available for testing your own systems. Of course, I assume you will only target your infrastructure and not that of others.
Many Options
With an image size of about 3.5GB, Kali Linux is not a lightweight, but you can get a lightweight version that lacks a graphical interface and weighs in at 900MB, which can be quite useful in everyday Kali life. Accordingly, the developers give their users a choice of Kali images with LXDE, KDE, or other desktops [1] (Figure 2).
How you install Kali Linux is essentially up to your own imagination. Strictly speaking, an installation is not even necessary, because the images come with a Live option that boots into a Kali Linux version with all the features. However, if you regularly use Kali Linux to hunt down vulnerabilities, installation is highly recommended.
Of course, you also can run Kali on a virtual machine (VM), because many admins likely do not want to use the system for everyday tasks. If the main task of Kali in the local setup is to find problems in WiFi networks, then an old laptop is probably better suited than a VM, because it avoids the virtualization layer between Kali and the network.
Three Applications
Once Kali is running, the tools can be divided roughly into three categories: information acquisition, to help detect or locate vulnerabilities; preparation for and execution of attacks, including all kinds of password crackers and tools that can break WiFi encryption, as well as a variety of tools that exploit individual, specific vulnerabilities in systems; and forensics, which are especially useful when the goal is to analyze a system that has already been compromised.
Each of the three main categories can be broken down into further subcategories. I will not try to describe in detail all the tools that come with Kali; rather, I will discuss a few highlights in the following sections.
Buy this article as PDF
(incl. VAT)