BackTrack: The gotta-have, free, network security tool you've never heard of

I often write about all the excellent tools for testing the security of Windows systems. There are excellent freeware, open source and commercial tools that all run on the Windows OS. They are, for the most part, easy to use and can ferret out a lot of security vulnerabilities that would be next to impossible to find otherwise. One tool that I haven't written much about -- and based on my informal research, one that most Windows administrators haven't heard of -- is a tool called BackTrack.

BackTrack is actually an entire Slackware Linux-based operating system with a suite of security tools that even the most die-hard Windows-o-files can appreciate and benefit from. The neat thing is that it's bootable directly from a CD-ROM. That translates into getting all the power and flexibility of Linux-based security tools without all the hassles of installing, learning and troubleshooting various Linux nuances based on your particular hardware configuration.

BackTrack has a happy-clicky-GUI interface that should make most Windows administrators feel right at home. The basic BackTrack desktop is shown in Figure 1.

Figure 1. The BackTrack Linux-based desktop.

I've been using BackTrack's predecessor, the Auditor CD, for a while and really like it. BackTrack version 1.0 -- still just a few months old -- is based on solid programming and various tried-and-true open source tools, so don't let its infancy fool you.

It has expansive tests you can run against your Windows-based network including:

• Ping sweeps and port scans using tools such as Nmap and Amap
• System enumeration via SMB using tools such as NBTscan and SMBusers
• Password cracking using tools such as John the Ripper and RainbowCrack
• Web application vulnerability detection using tools such as Nikto and ParosProxy
• Database vulnerability detection using tools such as Absinthe and SQLdict
• Wireless cracking using tools such as Hotspotter and Kismet
• Vulnerability exploitation using Metasploit

Figure 2 shows the BackTrack tool folders that highlight the various types of testing you have at your disposal.

Figure 2. BackTrack's broad range of security testing tools.

To get up and running with BackTrack, simply download the ISO image, burn it to CD and boot it up. You can boot your testing computer directly from the BackTrack CD or load it in a virtual session via VMware or others. Once it's loaded, you'll have to log in using the displayed login credentials (root/toor) and then run the startx command to load the graphical interface. This makes BackTrack a lot more user friendly if you're new to Linux.

Finally, you simply select the tool you want to run via the BackTrack menu, and you're off. You'll find a basic description of each tool at BackTrack_Tools. Some tools load up their own GUI and others are command-line based. The former is self-explanatory -- typically, just fill in the blanks regarding the system(s) you want to test and the latter will show you all the command-line switches and options to enter to run the program.

Keep in mind that there are other popular competitors' tools such as the Fedora-based Network Security Toolkit and the Knoppix-based Security Tools Distribution (a.k.a. STD). Actually, there are quite a few others listed at FrozenTech.com if you're interested.

Compared with certain groups of tools I've recommended in the past, the free "live" CDs, such as BackTrack, are not comprehensive (i.e., you won't get every tool you'll ever need), and reporting is not particularly strong (unless piping results to a text file or taking screenshots is all you need). Having said this and having often said that you usually get what you pay for, this is one instance where price does not equal quality. You will not only save money, but you'll also be able to work with tools and perform tests you otherwise wouldn't have known about. In addition, you'll be running them on the Windows platform and you'll learn some valuable Linux basics to boot. Windows-o-file or not, there's nothing wrong with expanding your horizons and your skill set!

About the author: Kevin Beaver is an independent information security consultant and expert witness with Atlanta-based Principle Logic, LLC. He has more than 18 years of experience in IT and specializes in performing information security assessments revolving around compliance and IT governance. Kevin has written six books including Hacking For Dummies (Wiley), Hacking Wireless Networks For Dummies, and The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He can be reached at kbeaver@principlelogic.com.

Rate this Tip To rate tips, you must be a member of SearchNetworking.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Network Security Application-specific network intrusion detection systems emerge Anomaly-based intrusion protection configuration and installation Preventing hacker attacks with network behavior analysis IPS Rogue access points: Preventing, detecting and handling best practices The TPM chip: An unexploited resource for network security Shifting defenses and dynamic perimeters challenge network security Compliance in a virtualized world: Server virtualization and NAC security Securing the new network architecture: Security for distributed, dynamic networks How to configure Windows Server 2008 advanced firewall MMC snap-in USB storage devices: Two ways to stop the threat to network security Network Security Monitoring and Analysis Application-specific network intrusion detection systems emerge Anomaly-based intrusion protection configuration and installation How can I calculate perimeter firewall throughput? How do I find the application on my network that's dropping packets? Integrating NAC with network security tools Where can I find a sample security audit report? How can I run my own? The firewall remains the network traffic cop, but its role is changing Troubleshooting VLANs: How to monitor 802.1q tagged traffic Poor data-loss prevention practices almost cost Intel a billion How can I block my competitor's IP address range from my website? Monitoring tools What good network monitoring tools are there to run on Windows servers? Network visibility thwarts crime, identifies unwanted traffic Network security toolbox Reducing false positives in network monitoring Essential security testing tools for SMBs Network monitoring with Nagios, part one RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary deep packet inspection (DPI)  (SearchNetworking.com) FCAPS  (SearchNetworking.com) Nessus  (SearchNetworking.com) netstat  (SearchNetworking.com) port mirroring  (SearchNetworking.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.