Bootable CD-ROM-Based Tool Kits

Bootable CD-ROM Based Tool Kits

The easy-to-install commercial products for testing network security are feature rich, but many of them are expensive. On the other hand, many of the comparable open source alternatives are freely available for download from the Internet. However, the installation and configuration process (for the open source tools) often demands significant time and resources of the overworked Netadmin. Fortunately, the Linux-based live CD-ROM provides a preinstalled security tool kit that can be deployed in less than five minutes. The live CD-ROM consists of a fully functional Linux operating system with built-in hardware detection for Intel (or similar architecture) computers.

The live CD-ROM (also referred to as a bootable CD-ROM) requires no installation. Deployment is as easy as inserting the CD-ROM into a bootable CD-ROM drive and rebooting the computer. The tools are ready to use because they are precompiled and, in most cases, preconfigured. The live CD-ROM does not write to the existing hard drives and uses only system memory. Thus, after removing the CD-ROM, the original operating system is left untouched. Moreover, despite issues with a preinstalled OS or with hard drive malfunctions, you can still boot your computer using a live CD-ROM. In addition, you can connect to the network resource through SSH, Telnet, a browser, or a mail client and administer your network. This is a major advantage offered by live CD-ROM as a backup option for Netadmins. Another advantage is the availability of a fully installed Linux system with preloaded security tools that can be used on any laptop/computer without installation on the hard drive.

Table 7-1 provides a list of the feature-rich Linux live CD-ROMs that are relevant to Cisco Netadmins. Most of the tools discussed in this chapter are available on the CD-ROMs listed in Table 7-1.

To use the tools included with the live CD-ROM, you must first create the live CD-ROM. Live CD-ROMs are created by transferring the ISO image file of the CD-ROM to a recordable CD-ROM. (An ISO image file is an image of a CD-ROM that is saved in ISO 9660 format and is commonly used to create bootable CDs.) The ISO images of each CD-ROM listed in previous table are available at the respective websites.

Follow these steps to create a live CD-ROM:

Caution

Do not simply copy the ISO image to a blank CD-ROM because this process does not create a bootable CD-ROM; instead, it renders the CD-ROM useless. This is a common mistake of new users.

The Knoppix CD-ROM provides an easy-to-use graphical user interface (GUI) with basic security-testing tools, including Nmap, Nessus, Ethereal, and Tcpdump. Knoppix also includes the following tools and services:

• SSH server and SSH client Provides SSH connectivity to and from the local machine that is running Knoppix.

• SAMBA server Creates Windows-style network shares on the local machine; allows other Windows machines to access the local drive.

• Lin Neighborhood Similar to the Windows Network Neighborhood; used to connect to Windows machines in the network.

• Mozilla web browser Similar to the Netscape browser.

• RDP client Used to connect to Windows machines through Windows terminal services.

• Mail clients Provide connectivity to a mail server.

• FAT/NTFS support Permits automatic detection and mounting of local hard drives with FAT and NT File System (NTFS) partitions; this enables you to access the local drives and share them with the network through a SAMBA server.

• OpenOffice Used to view and compose word processor, spreadsheet, and presentation documents; supports most of the commonly used formats, including .doc, .xls, .ppt, and .wpd.

These features allow the Netadmin to use the Knoppix CD-ROM and easily export results and reports to external data stores.

Similar to Knoppix, the NST and Knoppix-STD CDs also provide a command-line interface (CLI) and a GUI. These CD-ROMs provide a pre-installed copy of the Firefox browser, VNC server, SSH server and SSH client, PDF viewers, and minicom.

Both Knoppix and Knoppix-STD contain pre-installed Java-enabled web browsers, which can be used by Cisco Netadmins to run Pix Device Manager (PDM) and Cisco Router and Security Device Manager (SDM). Additionally, Cisco is developing similar tools for many other products to enable browser administration for new users. Most of these tools only work with Java-enabled browsers. While Java-enabled web browsers work well in the Windows environment, Linux users often need to manually tweak the Java installation. In such cases, the Knoppix CD-ROM comes in handy for using Java-enabled web browsers from within the Linux OS.