Security Ripcord

BackTrack 2.0 Final has really pushed security toolkits to the next level. I get a couple hundred hits a day about installing BackTrack to a hard drive. I do think it is important, however, to understand Chris Gates‘ point of view on not relying on BackTrack to be your default operating system.

Running BackTrack as your default operating system is not a good idea from several points.

• It is already configured and you are not learning what you could from building your own distro and writing and compiling your own tools. (Chris’ point)
• It contains a bunch of security tools that you do not want on your network unless you are doing assessments or penetration testing.
• You may be breaking your company policies by having a security toolkit on your network without authorization or need. If you do not have a policy like this then you should consider developing one.
• Most people run as root to utilize the scripts and menu configurations set up by the developers. You should be using a normal user account for all activities that do not require administrative priviledges (and you call yourself a security professional).
• BackTrack configuration and updating is at the whim of the BT developers. Modifying the kernel and updating the packages on your own is not recommended for inexperienced users.

Of course I think that BackTrack is an invaluable tool to have in your arsenal. And, there are advantages to having it installed on your hard drive.

• Most of the devices work out of the box or with very little configuration changes.
• Your updates and configuration changes are maintained across boots.
• You can install encryption technologies to help store your results securely. (I usually install GnuPG. If there is another way I have missed it.)
• You do not have to worry about a spinning CD-ROM or USB thumb drive sucking the life out of your battery when your pcmcia wireless card and GPS is doing a great job of it anyway.
• You do not have to worry about damaged media when you pull up to a site (don’t delete that ISO, just in case).
• Running virtual environments will probably be easier. I am only guessing at this one but being able to stay uptodate on your virtualization software seems important to me.

So, let’s try and find some middle ground. I recommend that you build a system that you can personalize and that will house a version of BackTrack 2.0 Final on the same system. Get a system with a large hard drive to hold two versions of linux. You can throw in a third area for your favorite distribution of Windows as well for some of the Windows specific security tools if you would rather not run it virtually in Linux.

Disk Partition Recommendations for 80 GB Hard Drive:

/boot 128MB – Large boot sector for multiple kernel versions to include the BT vmlinuz
/swap 1024MB – Linux swap to share between distibutions
/ 15360MB – Large root partition for Linux distribution
/backtrack 8192MB – Large partition for BackTrack 2.0 Final
/share FREE – The rest of the free space can be shared to leverage storage

You should determine which distro of Linux you prefer and install it first using the disk recommendations. As to my recommendations for which version of Linux to run, I whole heartedly point you to Gentoo Linux. Although getting through an installation of Gentoo is challenging the first couple of times, there is no better way to learn the ins and outs of Linux. You will learn things from kernel building to the necessity for correct software configurations. You will also get a deep appreciation for the value of strong documentation and developer communications.

Once you have your Linux distro installed you can quickly get BackTrack 2.0 Final installed by following the instructions provided on the BackTrack Wiki. Here is a breakdown of what will need to be done. These were lifted from the “Transcript of movie” Backtrack install tutorial.

Boot into BackTrack and log in as root. You do not need to “startx” as this will be all done from the command line. Of course you need to substitute your drive and partition numbers for the ones provided. In this example /dev/hda4 is where the BackTrack root will be located and /dev/sda1 is where the boot partition will be located.

• # mkdir /mnt/backtrack
• # mount /dev/hda4 /mnt/backtrack/
• # mkdir /mnt/backtrack/boot/
• # mount /dev/hda1 /mnt/backtrack/boot/
• # cp –preserve -R /{bin,dev,home,pentest,root,usr,etc,lib,opt,sbin,var} /mnt/backtrack/
• # (Note: this has to copy 600+MB and takes a little while, so perhaps have a coffee)
• # mkdir /mnt/backtrack/{mnt,proc,sys,tmp}

You will not need to follow the LILO instructions that precede these steps in the original tutorial. Just put the BackTrack vmlinuz in the boot partition and configure grub to point to it. The grub.conf.example file shows how to point to a vmlinuz.

Of course there are still a few draw backs to this deployment. You still have a computer system with a security related toolkit installed. One way to mitigate this risk is to not install any security related tools on the linux distribution you will be using for daily operations. You can increase the protections by not mounting the BackTrack partitions when you boot into this distribution. If you do have a separate computer for normal business operations, I recommend that you treat this system as a security and development system. Keep it isolated from other systems and networks unless absolutely necessary.

Go forth and do good things,
Cutaway

BackTrack, Carnal0wnage, Gentoo, linux, Security Ripcord, Chris Gates

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported.

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.