Penetration Testing with Kali Linux and the Good Guys

Penetration Testing with Kali Linux and the Good Guys | Chicago IT | Equilibrium IT | EQInc.comOne of the most prevalent white hat (and black hat) security tools available is a Linux distribution called Kali Linux. It includes many security scanning, analysis and penetration tools which come preloaded.

 

 

 

 

History

Made by the creators of Backtrack, they learned from their previous mistakes. This slimmed down Linux image includes only relevant and non-redundant tools. For example, tools such as OpenVAS allow a user to perform a vulnerability assessment of selected nodes in a quick and semi-automated fashion. Due to the ease of use with OpenVAS, it can allow many novice users to perform these vulnerability scans with little to no knowledge. Combined with the metasploit framework, this same user can take the vulnerability results and find relevant exploits for the targeted system.

These tools are just as accessible to the bad guys as the good guys.

Defense in Depth

Protecting an organization from attacks carried out by such tools requires of a multi-layer approach (Defense in Depth - DiD). To begin with, a proper patching process must be in place to address system vulnerabilities as they are announced and known by the vendors. Second, good configuration management processes will ensure that when systems are created or modified, they align with the organization's security policy. Lastly, scheduled scans of the systems on your network should be performed either by an internal group or an external group.

Seperation of Duties

It is best to engage a group that is not directly responsible for those systems (Separation of Duties). For example, if the same group handles the setup and security, they may cover the findings or refuse to patch the vulnerability. They may have a conflict of interest.

Equilibrium's security team are experts in Penetration Testing. We have the same tools as the bad guys in our tool box, among others. We encourage penetration testing as part of a mature security program.

Would you like help reducuing your enviornment's vulnerabilities? Let's Talk.

Author: Chad Akileh

Equilibrium IT Solutions, Inc.
Chicago, IL
Security Practice

Follow EQ:

EQ Linked-In | Security | Chicago IT | Equilibrium IT | EQInc.com  EQ Facebook | Security | Chicago IT | Equilibrium IT | EQInc.com  EQ Google+ | Security | Chicago IT | Equilibrium IT | EQInc.com  EQ Twitter | Security | Chicago IT | Equilibrium IT | EQInc.com

 

Questions?  Call us today in Chicago at 773-205-0200 | Email us at  | Request a FREE Consultation

 

Contact Us

Call today! 773.205.0200 or use the form below.