Kali Linux: System Security Assessment
→ Part 1. Kali Linux: security policy, protecting computers and network services
→ Part 2. Kali Linux: filtering traffic using netfilter
→ Part 3. Kali Linux: monitoring and logging
→ Part 4. Kali Linux: system protection and monitoring exercises
Today we continue to publish translations of selected chapters of the book “ Kali Linux Revealed ”. Before you - the first section of Chapter 11: "The use of Kali Linux to assess the security of information systems."
At this point, we have looked at quite a few of Kali Linux’s capabilities, so you should already have a good understanding of the system’s features and how to solve many complex problems with it.
')
However, before embarking on the practical use of Kali, it is worthwhile to deal with some concepts related to the assessment of the security of information systems. In this chapter we will talk about these concepts, thanks to which you will gain basic knowledge on this issue. Here we will give links to additional materials that will be useful if you need to use Kali to perform system security assessments.
For a start, it is worthwhile to devote time to the very concept of “security” as applied to information systems. Trying to protect the information system, pay attention to its three main attributes:
Together, these concepts form the so-called CIA model (Confidentiality, Integrity, Availability), and, in many respects, these are the main aspects that are paid attention to when protecting systems during standard deployment, support, or security assessment processes.
In addition, it is useful to note that in some cases certain aspects of the CIA will worry you more than others.
For example, you have a personal diary that contains your most cherished thoughts. The confidentiality of this information may be much more important than its integrity or availability. In other words, the main thing is that no one can read what is written in the diary. If someone writes something to it without reading it, it is not so scary. Likewise, you do not need a diary to be absolutely always at hand.
On the other hand, if you are protecting a system that stores medical prescription information, data integrity comes to the fore. It is important not to let strangers read these records, that is, to get information about who uses which drugs. It is important that the lists of recipes can be easily accessed. However, the most important thing is that no one can change the contents of the system (that is, affect its integrity), since this can lead to life-threatening consequences.
When you do a system security and discover a problem, you need to understand which parts of the CIA are relevant to the problem. It can be one of the “confidentiality, integrity, availability” list, or it can be a combination of parts of a model. This approach helps to more fully understand the problem, allows you to break down incidents into categories and take appropriate measures. Understanding the essence of the CIA model, it is easy to classify with its help vulnerabilities of different scales. Here, for example, how you can see through a CIA prism a web application hacked using the SQL code injection method:
The concepts of the CIA model are quite simple, and if you really look at things, you, even without knowing about this model, use it intuitively. However, it is important to intelligently apply the CIA model, as it can help you understand which way you should direct your efforts in each particular case. This conceptual framework will help you in identifying critical system components. It will allow you to determine the amount of effort and resources that should be invested in fixing the problems found.
Another concept that we pay attention to is risk. The concept of "risk" consists of the concepts of "threat" and "vulnerability." These concepts are not too complex, but applying them is easy to make a mistake. We will discuss them in more detail later, but if we say this in a few words, it can be noted that it is best to perceive risk as what you are trying to prevent, a threat — as one who may be undesirable, commit, and vulnerability — as something able to do what you want to prevent. Relevant efforts can be made to reduce the level of threat or eliminate vulnerability. The purpose of these actions is risk reduction.
For example, by visiting some countries, you may be at significant risk of contracting malaria. This is so for two reasons. Firstly - in some localities there is a high risk of being bitten by the anopheles mosquito. Secondly - you almost certainly have no immunity to malaria. Risk is infection. The threat is mosquitoes. Vulnerability is the lack of immunity to the disease. In order to reduce the likelihood of a threat, you can control vulnerability with medications. In addition, you can try to control the threat using repellents and mosquito nets.
If you are preparing to use Kali Linux in a combat environment, you first need to make sure that you have a clean OS installed that works fine. A common mistake made by many novice pentesters, is that they use the same Kali instance during the security analysis of different systems. This approach can lead to problems for two main reasons:
That is why it is strongly recommended to start working with a clean installation of Kali, and that is why efforts to prepare a pre-configured version of Kali Linux, which is ready for an automatic installation, quickly pay for themselves.
In order to acquire such a version of the system, refer to sections 9.3. " Build your own Live-ISO images " and 4.3. " Automatic installation ". The more seriously you approach the automation of your work today, the less time you spend tomorrow.
Each pentester has different requirements for the Kali work configuration, but there are some universal recommendations that everyone should pay attention to.
First, consider the possibility of an encrypted installation, as shown in section 4.2.2. " Installing on a fully encrypted file system ." This will protect your data stored on your computer, usually on a laptop. If it is ever stolen, you will appreciate this precaution.
For additional security while traveling, it makes sense to consider setting up the self-destruct function (see the section “ Setting a self-destruct password to increase system security ” for details) after sending (encrypted) a copy of the key to a co-worker in the office. This way, your data will be protected until you return to the office, where you can recover your computer using the decryption key.
In addition, you should pay attention to which packages are installed in the OS. Preparing for the next task, pay attention to what tools you may need. For example, if you are going to start searching for holes in a wireless network, you might consider installing the
For the same reason, you may need to double-check the network settings (for more details, see section 5.1. " Network Configuration " and section 7.3. " Protection of Network Services "). Double check the DHCP settings and view the services that are listening to your IP address. These settings can have a major impact on the success of a job. You can’t analyze what you don’t see, and unnecessary services may render your system and cause it to disconnect from the network before you start the research.
Particularly important attention to the network settings plays in the event that you are investigating network intrusions. During such investigations, it is necessary to avoid any impact on systems that have been attacked. A specially customized version of Kali with the
In conclusion, we can say that the proper preparation of Kali Linux for work, the use of a clean, thoughtfully tuned system is the key to success.
Today we talked about the CIA model, and how to use it in the classification of vulnerabilities and in planning measures to protect systems. We looked at the concepts of risks, threats and vulnerabilities, talked about how to prepare Kali Linux for the practical tasks of the Pentester. Next time we will talk about various types of events aimed at assessing the security of information systems.
Dear readers! Do you practice the CIA model?
→ Part 2. Kali Linux: filtering traffic using netfilter
→ Part 3. Kali Linux: monitoring and logging
→ Part 4. Kali Linux: system protection and monitoring exercises
Today we continue to publish translations of selected chapters of the book “ Kali Linux Revealed ”. Before you - the first section of Chapter 11: "The use of Kali Linux to assess the security of information systems."
Chapter 11. Using Kali Linux to assess the security of information systems
At this point, we have looked at quite a few of Kali Linux’s capabilities, so you should already have a good understanding of the system’s features and how to solve many complex problems with it.
')
However, before embarking on the practical use of Kali, it is worthwhile to deal with some concepts related to the assessment of the security of information systems. In this chapter we will talk about these concepts, thanks to which you will gain basic knowledge on this issue. Here we will give links to additional materials that will be useful if you need to use Kali to perform system security assessments.
For a start, it is worthwhile to devote time to the very concept of “security” as applied to information systems. Trying to protect the information system, pay attention to its three main attributes:
- Confidentiality: Can individuals who should not have access to the system or information access them?
- Integrity: Can the system or data be unauthorized?
- Availability: Is it possible, using the time and method of access, to use the system or data?
Together, these concepts form the so-called CIA model (Confidentiality, Integrity, Availability), and, in many respects, these are the main aspects that are paid attention to when protecting systems during standard deployment, support, or security assessment processes.
In addition, it is useful to note that in some cases certain aspects of the CIA will worry you more than others.
For example, you have a personal diary that contains your most cherished thoughts. The confidentiality of this information may be much more important than its integrity or availability. In other words, the main thing is that no one can read what is written in the diary. If someone writes something to it without reading it, it is not so scary. Likewise, you do not need a diary to be absolutely always at hand.
On the other hand, if you are protecting a system that stores medical prescription information, data integrity comes to the fore. It is important not to let strangers read these records, that is, to get information about who uses which drugs. It is important that the lists of recipes can be easily accessed. However, the most important thing is that no one can change the contents of the system (that is, affect its integrity), since this can lead to life-threatening consequences.
When you do a system security and discover a problem, you need to understand which parts of the CIA are relevant to the problem. It can be one of the “confidentiality, integrity, availability” list, or it can be a combination of parts of a model. This approach helps to more fully understand the problem, allows you to break down incidents into categories and take appropriate measures. Understanding the essence of the CIA model, it is easy to classify with its help vulnerabilities of different scales. Here, for example, how you can see through a CIA prism a web application hacked using the SQL code injection method:
- Confidentiality: the application is hacked using a form of SQL injection, which allows an attacker to retrieve the contents of a web application, gives full access to read all the data, but does not give the ability to change information or disrupt the database.
- Integrity: the application was hacked using a SQL injection, which allows an attacker to change the information that already exists in the database. An attacker cannot read data or block access to the database.
- Accessibility: The application was attacked using a SQL injection, which allows you to initiate a heavy query that consumes a large amount of server resources. Several such requests lead to service failure (by implementing a DoS attack). An attacker does not have the ability to read or change data, but it can prevent ordinary users from working with the web application.
- Multiple threats: SQL injection gives full access to the operating system of the server on which the web application is running. Possessing such access, an attacker can violate the confidentiality of the system, gain access to any data he needs, compromise the integrity of the system, alter the data, and, if he wants, can disrupt the functionality of the web application, which will make the system inaccessible to ordinary users.
The concepts of the CIA model are quite simple, and if you really look at things, you, even without knowing about this model, use it intuitively. However, it is important to intelligently apply the CIA model, as it can help you understand which way you should direct your efforts in each particular case. This conceptual framework will help you in identifying critical system components. It will allow you to determine the amount of effort and resources that should be invested in fixing the problems found.
Another concept that we pay attention to is risk. The concept of "risk" consists of the concepts of "threat" and "vulnerability." These concepts are not too complex, but applying them is easy to make a mistake. We will discuss them in more detail later, but if we say this in a few words, it can be noted that it is best to perceive risk as what you are trying to prevent, a threat — as one who may be undesirable, commit, and vulnerability — as something able to do what you want to prevent. Relevant efforts can be made to reduce the level of threat or eliminate vulnerability. The purpose of these actions is risk reduction.
For example, by visiting some countries, you may be at significant risk of contracting malaria. This is so for two reasons. Firstly - in some localities there is a high risk of being bitten by the anopheles mosquito. Secondly - you almost certainly have no immunity to malaria. Risk is infection. The threat is mosquitoes. Vulnerability is the lack of immunity to the disease. In order to reduce the likelihood of a threat, you can control vulnerability with medications. In addition, you can try to control the threat using repellents and mosquito nets.
11.1. The use of Kali Linux to assess the security of information systems
If you are preparing to use Kali Linux in a combat environment, you first need to make sure that you have a clean OS installed that works fine. A common mistake made by many novice pentesters, is that they use the same Kali instance during the security analysis of different systems. This approach can lead to problems for two main reasons:
- In the course of research, manual installation of packages, their configuration, or some other OS modifications are often performed. These single changes can help bring Kali back to working condition or solve a specific problem. However, they are hard to control. They complicate the support of the OS and its future configuration.
- Each task of assessing the security of a system is unique. Therefore, if you, for example, use an OS in which there are notes, code and other changes after analyzing the system of one client, with another client, this can lead to confusion, and to the fact that client data will be mixed up.
That is why it is strongly recommended to start working with a clean installation of Kali, and that is why efforts to prepare a pre-configured version of Kali Linux, which is ready for an automatic installation, quickly pay for themselves.
In order to acquire such a version of the system, refer to sections 9.3. " Build your own Live-ISO images " and 4.3. " Automatic installation ". The more seriously you approach the automation of your work today, the less time you spend tomorrow.
Each pentester has different requirements for the Kali work configuration, but there are some universal recommendations that everyone should pay attention to.
First, consider the possibility of an encrypted installation, as shown in section 4.2.2. " Installing on a fully encrypted file system ." This will protect your data stored on your computer, usually on a laptop. If it is ever stolen, you will appreciate this precaution.
For additional security while traveling, it makes sense to consider setting up the self-destruct function (see the section “ Setting a self-destruct password to increase system security ” for details) after sending (encrypted) a copy of the key to a co-worker in the office. This way, your data will be protected until you return to the office, where you can recover your computer using the decryption key.
In addition, you should pay attention to which packages are installed in the OS. Preparing for the next task, pay attention to what tools you may need. For example, if you are going to start searching for holes in a wireless network, you might consider installing the
kali-linux-wireless metapackage, which contains all the tools available in Kali Linux for researching wireless networks. Preparing for testing a web application, you can prepare all the tools designed for such tasks by installing the kali-linux-web metapackage. When preparing your system for work, it is best to proceed from the assumption that you will not have normal access to the Internet during a test session. Therefore, you need to prepare as best you can in advance.For the same reason, you may need to double-check the network settings (for more details, see section 5.1. " Network Configuration " and section 7.3. " Protection of Network Services "). Double check the DHCP settings and view the services that are listening to your IP address. These settings can have a major impact on the success of a job. You can’t analyze what you don’t see, and unnecessary services may render your system and cause it to disconnect from the network before you start the research.
Particularly important attention to the network settings plays in the event that you are investigating network intrusions. During such investigations, it is necessary to avoid any impact on systems that have been attacked. A specially customized version of Kali with the
kali-linux-forensic loaded in forensic mode. In this mode, the OS does not automatically mount disks and does not use a swap partition. As a result, when using the digital forensics tools available in Kali, you will be able to preserve the integrity of the system being analyzed.In conclusion, we can say that the proper preparation of Kali Linux for work, the use of a clean, thoughtfully tuned system is the key to success.
Results
Today we talked about the CIA model, and how to use it in the classification of vulnerabilities and in planning measures to protect systems. We looked at the concepts of risks, threats and vulnerabilities, talked about how to prepare Kali Linux for the practical tasks of the Pentester. Next time we will talk about various types of events aimed at assessing the security of information systems.
Dear readers! Do you practice the CIA model?
Source: https://habr.com/ru/post/339312/
All Articles