I often write about all the excellent tools for testing the security of Windows systems. There are excellent freeware, open source and commercial tools that all run on the Windows OS. They are, for the most part, easy to use and can ferret out a lot of security vulnerabilities that would be next to impossible to find otherwise. One tool that I haven't written much about -- and based on my informal research, one that most Windows administrators...
haven't heard of -- is a tool called BackTrack.
BackTrack is actually an entire Slackware Linux-based operating system with a suite of security tools that even the most die-hard Windows-o-files can appreciate and benefit from. The neat thing is that it's bootable directly from a CD-ROM. That translates into getting all the power and flexibility of Linux-based security tools without all the hassles of installing, learning and troubleshooting various Linux nuances based on your particular hardware configuration.
BackTrack has a happy-clicky-GUI interface that should make most Windows administrators feel right at home. The basic BackTrack desktop is shown in Figure 1.
Figure 1. The BackTrack Linux-based desktop.
I've been using BackTrack's predecessor, the Auditor CD, for a while and really like it. BackTrack version 1.0 -- still just a few months old -- is based on solid programming and various tried-and-true open source tools, so don't let its infancy fool you.
It has expansive tests you can run against your Windows-based network including:
- Ping sweeps and port scans using tools such as Nmap and Amap
- System enumeration via SMB using tools such as NBTscan and SMBusers
- Password cracking using tools such as John the Ripper and RainbowCrack
- Web application vulnerability detection using tools such as Nikto and ParosProxy
- Database vulnerability detection using tools such as Absinthe and SQLdict
- Wireless cracking using tools such as Hotspotter and Kismet
- Vulnerability exploitation using Metasploit
Figure 2 shows the BackTrack tool folders that highlight the various types of testing you have at your disposal.
Figure 2. BackTrack's broad range of security testing tools.
To get up and running with BackTrack, simply download the ISO image, burn it to CD and boot it up. You can boot your testing computer directly from the BackTrack CD or load it in a virtual session via VMware or others. Once it's loaded, you'll have to log in using the displayed login credentials (root/toor) and then run the startx command to load the graphical interface. This makes BackTrack a lot more user friendly if you're new to Linux.
Finally, you simply select the tool you want to run via the BackTrack menu, and you're off. You'll find a basic description of each tool at BackTrack_Tools. Some tools load up their own GUI and others are command-line based. The former is self-explanatory -- typically, just fill in the blanks regarding the system(s) you want to test and the latter will show you all the command-line switches and options to enter to run the program.
Keep in mind that there are other popular competitors' tools such as the Fedora-based Network Security Toolkit and the Knoppix-based Security Tools Distribution (a.k.a. STD). Actually, there are quite a few others listed at FrozenTech.com if you're interested.
Compared with certain groups of tools I've recommended in the past, the free "live" CDs, such as BackTrack, are not comprehensive (i.e., you won't get every tool you'll ever need), and reporting is not particularly strong (unless piping results to a text file or taking screenshots is all you need). Having said this and having often said that you usually get what you pay for, this is one instance where price does not equal quality. You will not only save money, but you'll also be able to work with tools and perform tests you otherwise wouldn't have known about. In addition, you'll be running them on the Windows platform and you'll learn some valuable Linux basics to boot. Windows-o-file or not, there's nothing wrong with expanding your horizons and your skill set!
About the author: Kevin Beaver is an independent information security consultant and expert witness with Atlanta-based Principle Logic, LLC. He has more than 18 years of experience in IT and specializes in performing information security assessments revolving around compliance and IT governance. Kevin has written six books including Hacking For Dummies (Wiley), Hacking Wireless Networks For Dummies, and The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He can be reached at firstname.lastname@example.org.