[Novalug] Security Distros
Matt Ahrens
matt.ahrens at gmail.com
Wed Oct 10 11:21:49 EDT 2007
Backtrack2 is the most recent live security distro i know of. There
may be newer ones, and i'm sure someone will correct me on this one ;)
I do like Helix for handling forensic responses. It's does a good job
in identifying hardware, is flexible, and has most of the opensource
forensic tools/a strong raid driverset. This helps when acquiring
information from some pesky server with a strange raid implementation.
I would also say there is a slight difference between a
backtrack/generic security related, and helix/forensic related live
distro. It really comes down to selecting the best tool for the job,
as such, I personally would use Helix for forensic/incident response
related work, and backtrack2 for vulnerability testing or more generic
security work.
Both will most likely have the appropriate tools to do the job based
on Stevens presentation, Helix would probably do it better though.
On 10/10/07, Ken Kauffman <kkauffman at headfog.com> wrote:
> Any experience using it?
>
> I used KSTD mostly for dd, diskwiping and network detection activities
> (which means I could have used any distro, I know). I do see that it
> includes sleuthkit which was touched on between questions at the meeting.
> For those with wireless it's got airsnort and kismet (among other utils).
>
> What is nice about LiveCD distros like this is that you can boot from the
> actual machine, which might be valuable for striped arrays.
>
> http://en.wikipedia.org/wiki/Knoppix_STD
>
> Ken
>
> <quote who="Matt Ahrens">
> > I'll take a shot, Backtrack2 is only like a year old now ;)
> >
> > http://www.remote-exploit.org/backtrack.html
> >
> > Thanks,
> > Matt
> >
> > On 10/10/07, Ken Kauffman <kkauffman at headfog.com> wrote:
> >> In the spirit of the last meeting, I'd like to ask people on list if
> >> they
> >> have worked with any particular security focused Linux distros. I know
> >> of
> >> KnoppixSTD and Helix but have only worked with KSTD a LONG time ago.
> >>
> >> So -- who has or continues to use security distros and tools and words
> >> of
> >> advice.
> >>
> >> Let the blather begin! :)
> >>
> >> _______________________________________________
> >> Novalug mailing list
> >> Novalug at calypso.tux.org
> >> http://calypso.tux.org/cgi-bin/mailman/listinfo/novalug
> >>
> >
>
>
>
More information about the Novalug
mailing list