Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: exposure to bootable Linux distros

From: "Marcos D. Marado Torres" <marado () student dei uc pt>
Date: Thu, 11 Mar 2004 23:47:55 +0000 (WET)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Does it have an hd installation tool as Knoppix?
If so, does it get installed reasonably secured (like old knoppix versions) or
does it do like the new knoppix versions (starting in some version of those
3.3) that logs automaticly, opens shells as root with no password and does not
let people logout and stuff like that?

Or, in other words, is it good to install, or is it like Knoppix, that got
better as a live-cd but now sucks when we're talking about an hd-install?


Keep the good work,
Mind Booster Noori

- --
==================================================
Marcos Daniel Marado Torres AKA Mind Booster Noori
/"\               http://student.dei.uc.pt/~marado
\ /                       marado () student dei uc pt
 X   ASCII Ribbon Campaign
/ \  against HTML e-mail and Micro$oft attachments
==================================================

On Wed, 10 Mar 2004, Greg Tracy wrote:


I've had a lot of experience with a wide variety of these (live CDs), and am
in fact playing around with remastering Knoppix for my young son to use for
educational games. If you like PHLAK, you'll love Knoppix-STD (Security
Tools Distribution).

http://knoppix-std.org

It's a more mature release and has better hardware detection, as well as
better support for wireless tools out of the box. The most recent release
boots into fluxbox by default and offers a web page that opens on boot that
lists and explains all the tools included on the CD. It's a lighter weight
distro and has a pretty large following.

A CD that is popular with a friend who is involved in forensics is F.I.R.E.
(forensic and Incident Response Environment). I haven't used it personally,
but I'm aware that some of it's freatures are bundled in STD and PHLAK. It's
at:

http://fire.dmzs.com/

Greg


From: "Jim Clark" <jclark () cmanet org>
Date: Thu, 4 Mar 2004 17:17:24 -0800
To: "Chris Halverson" <chris.halverson () encana com>,
<security-basics () securityfocus com>
Subject: RE: exposure to bootable Linux distros

Am currently testing PLAK. So far greatly impressed.  It is a little
hard at first but the tools are phenominal.  FWIW.

-----Original Message-----
From: Chris Halverson [mailto:chris.halverson () encana com]
Sent: Thursday, March 04, 2004 9:20 AM
To: security-basics () securityfocus com
Subject: exposure to bootable Linux distros




Has anyone had exposure to Operator (built from Knoppix) or PHLAX?  I
haven't been able to download and try them but it was brought up in one
of my classes that I am taking.



What purposes do you pentest with these?

External perimeter security, DMZ or internal?

How would you block non-authorized users from utilizing these? (with the
exception of BIOS password protection and disabling the floppy, usb and
cdrom boot capabilities)

------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off
any course! All of our class sizes are guaranteed to be 10 students or
less
to facilitate one-on-one interaction with one of our expert instructors.

Attend a course taught by an expert instructor with years of
in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization.

Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------




---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iD8DBQFAUPqumNlq8m+oD34RAi9qAKC5BoZDc2SNp3I9y7f/RtC+UVz+xACcCqpy
klFjiOdz6duETZl/ibfUnd0=
=yrZf
-----END PGP SIGNATURE-----


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: