Use BackTrack to check Linux Security Vulnerabilities

Article Title: Use BackTrack to check Linux security vulnerabilities. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

Whether you have used the Bastille UNIX tool to manually harden your Linux system or want to take a snapshot of the current system status, you need to use BackTrack. This is a Slackware-based Linux version that runs by starting a CD or a virtual machine image (VMI. In the third official version (if you calculate the latest release of the fourth version), BackTrack provides convenient security tools to detect Linux system vulnerabilities. In the spirit of hacker intrusion, BackTrack integrates this common security testing method:

　　

: BackTrack Security Test Method

BackTrack contains niche security tools that are difficult to download, compile, and install. Whether you are a Linux technical expert or novice, it is difficult to download the complete version of Linux and security testing tools. Shows the main BackTrack interfaces:

　　

: BackTrack desktop and security tools directory

Common Security Evaluation scenarios for testing internal Linux systems using BackTrack are as follows:

Use fping to identify active hosts

Use nmap to identify the operating system and detect opened ports

Use amap to identify running applications

Use SAINT to find vulnerabilities in the operating system

Use Metasploit to develop Operating System and Application Vulnerabilities

The possibility of Linux centralization is endless. In addition, BackTrack includes a wide range of database, Web, and seamless tool settings for finding and mining system defects outside of Linux claims. It even contains built-in HTTP, TFTP, SSH, and VNC devices for use during vulnerability Verification and analysis. In addition, if you have such a requirement, BackTrack can also integrate digital forensics tools. In fact, using tools such as Autopsy and Sleuthkit is good for turning back hacker technology to further strengthen your security skills.

I have always been a supporter of good commercial security testing tools, but you may no longer use paid tools. In fact, the BackTrack tool is not only good enough, but she is actually very good. especially careful reporting and managing the vulnerabilities that are being encountered are not your top priority. I will continue to use commercial tools in security assessment.