For my Project, I was interested in exploring a new LiveCD. Since my interest lies in monitoring, incident detection and response, I decided to focus on the audit/detect/access controls under the Technical Security Control. The Auditor Security Collection caught my attention because of all the tools it had to offer and its user-friendly interface.
The Auditor security collection is a GPL-licensed live CD based on Knoppix, with more than 300 security software tools. Auditor gives you easy access to a broad range of tools for security audits and penetration testing in almost no time. The Auditor Security Collection�s primary focus is on computer security and forensics, and incident response.
Auditor's menu is divided into several "tool groups" for easy recognition:
- Footprinting -- Applications to gain initial knowledge about a server, such as Whois and Dig.
- Analysis -- Tools to analyze a network, such as Ethereal, Etherape.
- Scanning -- Tools to scan the network, such as Nmap.
- Wireless -- Applications to test the wireless network.
- Brute-forcing -- The brute-force password cracking word list holds more than 64 million word entries, according to the Auditor Web site.
- Cracking -- Cracking tools to be used with the brute-force word lists.
Many security engineers arrive on a client's site and find that the network documentation required for solving the task properly is incorrect or even obsolete. In Auditor's Scanning submenu you'll find the Nmap network scanner. You can choose the traditional shell version or Nmap FE, which provides a graphical front-end for Nmap.
After you have gained a basic overview of the network you can use NBTScan, a NetBIOS name scanner, and Nessus, a vulnerability scanner. If the audit includes Web applications, try the Nikto and Amap application scanners. Ethereal and Etherape are also network analyzing tools.
Etherape is used to monitor network traffic. Featuring link layer, IP and TCP modes, it displays network activity graphically. Hosts and links change in size with traffic. Color coded protocols display. It supports Ethernet, FDDI, Token Ring, ISDN, PPP and SLIP devices. It can filter traffic to be shown, and can read traffic from a file as well as live from the network.
Ethereal can be run to analyze the traffic. Basically Ethereal is a network protocol analyzer, or "sniffer" for Unix and Windows, that lets you capture and interactively browse the contents of network frames.
In addition to all the security tools Auditor includes several common useful applications, such as the Firefox and Konqueror Web browser and some text editors. You can write full reports directly from the Auditor CD and either burn the result on a CD with the Cdrecord program or place it on a remote server with either SSH or remote desktop tools.
The Auditor Security Collection is a Live CD that offers a complete toolkit for computer security. You have a choice of tools and can be sure to find one that suits your needs. Some of the tools such as Etherape have a graphical interface making it even easier and more pleasant to use.
References:
Auditor Security Collection Notes
Auditor: The security tool collection
Auditor: A look at the Auditor Security Collection
Etherape - A graphical network monitor
Ethereal - A Network Protocol Analyzer