2.1 The Operating Systems

Selecting the operating platforms to use during a network security assessment depends on the type of network you are going to test (e.g., completely Microsoft Windows), and the depth to which you will perform your assessment. Often it is the case that to successfully launch exploit scripts against Linux or Unix systems, access to a Unix-like platform (usually Linux or BSD-derived) is required to correctly compile and run specialist exploit tools. What follows is a discussion of the operating systems that are commonly used.

2.1.1 Windows NT Family Platforms

As Windows NT systems (NT 4.0, 2000, XP, 2003 Server, etc.) start to mature and become more flexible, many more network assessment and hacking tools are available that run cleanly on the platform. Previous Windows releases didn't give raw access to network sockets, so many tools used by consultants had to be run from Unix-based platforms. This is no longer the case; increasing amounts of useful security utilities have been ported across to Windows, including nmap and powerful tools within the dsniff package, such as arpspoof.

2.1.2 Linux

Linux is the choice of most hackers and security consultants alike. The Linux platform is versatile, and the system kernel provides low-level support for leading-edge technologies and protocols (Bluetooth being a good example at the time of writing). All mainstream IP-based attack and penetration tools can be built and run under Linux with no problems, due to the inclusion of extensive networking libraries such as libpcap.

I use Red Hat (http://www.redhat.com) and Debian (http://www.debian.org) Linux distributions on laptops and servers within the office. Debian is useful because of its apt-get package search and installation tool that can be used to install and update system packages. Red Hat packages are easily installed using the rpm command along with various wrappers that hook into sites such as RPMfind (http://www.rpmfind.net) to automatically update and install packages.

2.1.3 MacOS X

MacOS X is a BSD-derived operating system. The underlying system looks and feels very much like any Unix environment, with standard command shells (such as sh, csh, and bash) and useful network utilities that can be used during an IP-based network security assessment (including telnet, ftp, rpcinfo, snmpwalk, host, and dig).

MacOS X is supplied with a compiler, and many header and library files that allow for specific assessment tools to be built. Three useful tools easily built under MacOS X include nmap, Nessus, and nikto.

2.1.4 VMware

VMware is an extremely useful program that allows you to run multiple instances of operating systems easily on a single laptop or workstation. VMware Workstation (Version 4 at the time of writing) is a fully supported commercial package, available from http://www.vmware.com for both Windows and Linux. To register and purchase the full VMware workstation product costs a single user in the region of $300.

I run VMware from my Windows 2000 workstation to run and access Linux in parallel, as needed during a network security assessment. From a networking perspective, VMware can be used in many configurations. I use a virtual NAT configuration that gives my Linux virtual machine direct access to the network card of my Windows 2000 workstation.