Jump to content

Backtrack 5 Rc1 Security (defense)


Recommended Posts

Here is the scenario:

You get a chance to go to a con, for this example DEFCON. (If you dislike DEFCON that is ok, just put that aside temporarily and work with me here :P)

You want to use backtrack to play around while we are there and we don't want people to access our stuff.

As the saying goes, you might as well consider anything on your computers hdd as shared while there.

You only have your one laptop, you cannot borrow one etc.

You only have your one laptop hdd, you can't buy/borrow another.

You haven't encrypted your laptop hdd and your running Win xp/7

So! You get clever and boot BackTrack via usb on your laptop that way your not in your main os and you can have a little fun. :P

But wait! assuming the attacker can compromise your BT5 then he is in your system and can mount your laptop hdd and access your stuff just as if you were running your unpatched Win box.

Here is what I'm thinking and wondering.

Besides removing the hdd is there really any way to stop BackTrack from being able to mount or enable the drive? I mean is there a way you could cripple its use untill say a reboot or something? (Yes, you could encrypt it, remove it, etc but that isn't the way I want to go with this.)

Secondly, How secure are you running BT5 really? Is it just assumed that you could be compromised at any moment? Has anyone actually tried hacking into a BT 5 box?

Thoughts? Opinions? Extra Questions?

Link to comment
Share on other sites

Well I woulnd call bt5 that secure since its build to penetrate into systems, not to be hacked in. but anyway if you use it remember to add a normal user, don't use it as root, and change root password.I would recommend to turn off any archived you don't need, Apache mySQL etc.

Btw are you going to install gr8 on your USB stick. Well I think that you should. There are a lot of tutorials but its really easy, you can do t he install on your laptop, boot to bt5 but instead of installing it to your hdd install it to your USB stick. And make sure that bootloader is going to be installed on your USB stick too.

Link to comment
Share on other sites

Possibly booting in forensic mode, but that will only stop writes to the disk.

Another option is just installing your own, more secure, distro and install the tools you would like to use.

Don't keep vital info on your laptop.

And here is some advice, if you plan on joining in on hacking people; expect to get hacked yourself... it's part of the "game".

Edited by Mr-Protocol
Link to comment
Share on other sites

I'm with int0x80 on this one, remove the drive and boot off the DVD. Also, once booted, immediately do a passwd and change the default password, or someone can ssh into the damn thing remotely(not 100% sure if SSHd is running by default on the DVD but still a good idea to change the default password!). Also, change the default hostname. Less info you give them the better.

Link to comment
Share on other sites

In addition to the other suggestions I'd like to also add, use macchanger as well after booting.

Might be faster read/write wise to use persistent USB boot.

But someone who could compromise the machine, would also be able to read and write to the thumb drive. Using the live disc with no HDD, means 1, no permanent changes by rouge intruders possibly giving you something you would take home and infect your other machines with, and 2, plausible deniability in the event someone wants to look at his machine for any reason. A reboot removes all traces of everything, except what is stored in ram and they would need a cold boot attack to freeze and dump his memory to gain any traces of what he was doing(other than traced back to mac address or some other identifying info, such as using your name or handle anywhere or as the hostname).

Link to comment
Share on other sites

If it is just a BT5 install to USB just used for playing around then what's the harm? Only thing they will get are the stock image of BT5 w/updates lol.

Kind of the point with why there is no need for full disk encryption in Linux, just need to encrypt the home folder.

Well, I thought the op was talking about going to hacker conventions and trying to maintain control of the machine in the event he was hacked at the conference, hence removing the HDD, using a live disc vs persistent changes, etc.
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...