Linux is all about options. To be precise, it is all about having options for making choices. Therefore, to cater this philosophy, there are hundreds of Linux distributions released for the use of general public. By nature, these diverse Linux distributions vary by their function and purpose. Some Linux distributions are just for regular use, such as for surfing web, sending emails, word processing, and entertainment. Some other Linux distributions have been introduced for specific purposes such as audio / visual editing, graphics designing, information security, etc.
BackTrack is one such niche Linux distributions that has been developed for the purpose of information security. It is a Linux distributions released under GNU Public License. BackTrack is mostly available as a Live CD, where people can make use of this distribution without actually installing it on a computer. If someone wants to install it permanently, that can be done too.
Let’s have a look at security testing. Information security is one of the most important aspects of IT. Take the cables published by Wikileaks as an example. The cost of such an activity could be counted in billions of dollars. Therefore, the current IT industry has taken many measures for security of its information asset. To facilitate this, information security has been developed as a significant branch of IT. In security testing, the software systems are rigorously tested for vulnerabilities and potential exploits of such vulnerabilities. The teams or professionals engaged in security testing use both tools and manual methods in order to perform security testing.
BackTrack has been developed keeping security testing and forensics in mind. BackTrack offers the security testing professionals a wide range of security testing and forensic tools.
BackTrack is a creation of two competitors who have been working on the segment of information security. WHAX is one of those competitor Linux distributions that have been released by Mati Aharoni, a security consultant from Israel. This Linux distribution was later merged with Auditor Security Collection, a Linux distributions which had more than 300 security testing tools organized in a user-friendly manner.
BackTrack is the ideal companion for security testing professionals. First of all BackTrack works as a Live CD or a Live USB. Therefore, the security consultants do not have to carry anything other than a CD or a USB thumb drive. Since no installations involved, the consultants can immediately start working on the target systems.
BackTrack features some of the well known and well-respected security testing tools in the industry. Metasploit framework is one of the most powerful tools that can be used for both information security attacks as well as security testing. Wireshark is another household name for network traffic analysis. In addition to these tools, BackTrack offers more than 300 tools for security purposes.
BackTrack mainly helps the information security professionals to gather information about software systems, hardware systems, and networks. Using the tools available in BackTrack, a knowledgeable and responsible security professional can perform a vulnerability assessment and identify the vulnerabilities. Once the vulnerabilities are identified, the same set of tools can be used for exploiting the vulnerability and later patching it. BackTrack also features a number of tools for radio network analysis (Wi-Fi, Bluetooth, and RFID) and penetration. The Live CD also includes many tools that can be used for testing privilege escalation vulnerabilities in software applications.
In addition to the vulnerability assessments, BackTrack offers tools for reverse engineering. The reverse engineering tools can usually be used for cracking software serials as well as fighting against malware such as viruses. These are the tools that can be used by well-trained professionals for digital forensics.