Moving To a New Site

I have just decided that it's time to move on and have my own domain. All the posts in this blog will be moved to:

www.pinoygeek.org

Personal posts will be transferred to: raldz.pinoygeek.org

Tuesday, October 04, 2005

Knoppix: A Linux or Windows User Power Tool

Ever since the BSA.org began its campaign against the use of pirated software, me and my friends began using Linux. My first Linux Distro is Mandrake 9.0 way back almost 2 years ago. Now I’m using Mandriva and has also tried Ubuntu and Kubuntu. But I really fell in love with Mandriva LE 2005 because of its ease of use and of course its Linux kernel which is known for its stability and security (definitely better than Microsoft Windows). At first I used to dual boot Windows XP and Mandriva LE 2005, but since everything I need is in Mandriva, I decided to get rid of Windows permanently, and haven’t think of going back to Windows again. Imagine using Linux for almost 2 years and I have no problem with virus, worms, or Trojans… not a single encounter! It’s true that there are some occasional program crashes, but I could live with those rather than frequent OS crashing known in Windows. Then I came to encounter Knoppix, a Linux Live CD distribution. A Linux distro you could run directly from your CD ROM. After I got my copy of Knoppix 4.0.2, I have discovered a lot of useful tools for administering your system and yes, also hacking you Windows System. Below is an excerpt from an article from www.informit.com by Cyrus Peikari and Seth Fogie about useful tools in Knoppix.

KNOPPIX (The Security Tool Distribution)
In almost every line of professional work, the practitioner has a group of tools they use to perform their daily tasks. Typically, the most used tools are kept close at hand on a utility belt, in a pocket, or a toolbox/bag. This same principle applies to the security professional who is typically is able to use the standard tools available on almost any operating system to perform basic trouble shooting. However, once the job gets a bit complicated, the security professional often requires a specific program that is not locally available. This means precious time must be spent downloading the programs to a local computer, or making a trip back to the lab for the necessary equipment. For times like this, we recommend KNOPPIX.
KNOPPIX is "a bootable CD with a collection of GNU/Linux software, automatic hardware detection, and support for many graphics cards, sound cards, SCSI and USB devices and other peripherals. KNOPPIX can be used as a Linux demo, educational CD, rescue system, or adapted and used as a platform for commercial software product demos." Or in short, it is a full OS with a wide range of programs that are run straight from the CD to allow a user to turn any PC based system into an instant Linux based security Swiss Army knife, with a full kitchen sink thrown in to boot.
Download and Installation
KNOPPIX is a freely available software package available at http://www.knoppix.net, or one of its mirrors (http://www.knoppix.net/get.php). Until recently, it was possible to order a CD copy of this distribution, but thanks to greedy patent scrounging individuals and companies trying to claim ownership over "mouseclicks on online order forms", KNOPPIX is currently not available on a CD ROM. Regardless, you can still download this 700 MB file from numerous online mirrors.
Once you have obtained a copy, you simply need to burn it to a CD. Ironically, this is the most complex part of running KNOPPIX. First you need a 700MB CD, preferably a CD-RW so you can reuse the same CD when you download a KNOPPIX update. Second, you will need a CD burner with software that can create a bootable CD ROM from an ISO image. For Windows users, this includes Nero and EZCD Creator. In the case of Nero, you simply:

  1. Open Nero (not in wizard mode)

  2. Select File _ Burn Image

  3. Locate KNOPPIX _V######.ISO

  4. Click Burn!
After a few minutes waiting for the CD to burn, you are ready to install.
For the numerous GUI based operating systems I have installed, I have never experienced an easier installation than KNOPPIX. Before installing, I checked my computers (Dell 8200 Inspiron) BIOS to verify that the CD ROM was listed as an optional boot device, and then I simply placed the new CD in my computer and turned it on.
After a short pause as the PC performed its POST operations, KNOPPIX began to load. During the following few minutes, the OS will perform some automatic configuration and setup. Everything from the monitor, to the sound card, and even wireless network card are automatically detected and the appropriate drivers installed. I have tested my disc on several systems, ranging from a Gateway PII to my P4 laptop and have had equal success. In other words, KNOPPIX redefines what plug and play was meant to be.
The tools
This is only meant to be a short and non-technical intro to KNOPPIX. While this OS deserves a full 1000-page manual describing and defining the many tools and programs available, we leave the details of each tool and how they work for you to discover. We will cover the basic types of tools provided, with an example or two, and let you discover the rest. This will basically be a simplified version of the KDE program menu provided by KNOPPIX, as illustrated by the figure below. It is important to note that in each of these folders there is a RTFM link that directs you to literature on the tools included in each section. There is also a shell link in each folder that provides the user with numerous command line only tools. While there are many benefits to a GUI based environment, you will find that some of the best tools and programs are not available outside a text based command line.
Xchat for IRC, telnet, Mozilla web browser, Kmail, and even Lynks (a text based web browser) are available for your amusement and/or use.
KNOPPIX
Since KNOPPIX operates solely from the CD/RAM, there are some key components that you might want to setup before any extensive use. For example, printer configurations, SWAP file, network settings (if they are not provided by DHCP), modem settings, wireless card settings, and other pieces of an OS that are typically configured when an OS is installed are available for your management. Note that any update to these settings needs to be stored permanently if you want to save them. By default, all write access to the systems hard drives is disabled.
Utilities
This group of programs contains the typical applications that you will find in a default install of most any version of Linux. Games, system settings, text editors, office tools, etc. are all listed in this folder for your use. While these programs are most likely not the reason you would use KNOPPIX, they are some of the more common programs that would be greatly missed if they were not included.
Authentication
This grouping primarily focuses on FreeRadius, which is simply a Radius server that can be used to authenticate users to a network or service. One use for FreeRadius is to authenticate wireless users and allow them access to network resources.
Cracker
This small group of tools are all command line based programs. Their main purpose is to provide a user with a method to retrieve and then crack system passwords. For example, the infamous john is provided, which is a very common program useful for cracking DES encrypted passwords, which are found on most Unix systems.
Encryption:
If you want to protect data from intrusive elements, you need to encrypt it. This section provides the tools to get this done. From a simple ROT-13 encryption script, to cryptcat, SSL tools, and gpg, KNOPPIX provides its user with a solid set of encryption tools.
Firewall:
KNOPPIX includes two of the most commonly found firewall programs available on Linux. The first is the very well known iptables that uses a list of rules to determine if data is permitted to leave or enter the host computer. The second is Shorewall, which is much more than just a simple rules based firewall. If you are at all interested in either of these programs, then KNOPPIX is a great place to test these programs functionality.
Forensics:
While much of security focuses on detection, prevention, and penetration testing tools, forensics is equally as important. With tools such as The Sleuth Kit, a user can peer deep inside their system to see what data is hiding in unallocated space and memory. Other programs are available that can help prevent others from snooping on you, such as wipe.
Honeypot:
A honeypot is a program or system that is used to catch hackers and log their methods of operation. KNOPPIX provides two such programs. The first, LaBrea is essentially a hacker/worm tar pit. By taking advantage of the technicalities of a communication session, LaBrea will keep a worm or hacker stuck waiting for network replies, which are slowed to a crawl. The second, HoneyD is small program that emulates a whole network of computers, including services and programs. In theory, this type of program will cause an attacker to spend all their time probing the honeynet, thus keeping them away from the real network (which should not be available in the first place!).
IDS:
An Intrusion Detection System should be part of every network. While it offers no proactive protection, it can help an administrator determine if their network is under attack, and how an attacker gained access. KNOPPIX provides Snort as an IDS, with syslogd (log capturing) and Swatch (log monitoring) to help narrow in on any attack attempts. With these three programs, you can detect, log, and monitor everything from porn abuse, to IIS attacks.
Penetration Testing:
The first thing you should note about this group of tools is that they are all command line based. Ironically, there are more of these types of tools available with KNOPPIX then any other type. In the pen-test shell, you will find everything from dsniff, to sendmail attacks, ADM program, and more. Just be careful with these programs, as their use can constitute an illegal attack. The Figure below is a screen shot of the numerous command line tools available.
Servers:
If you need to setup or test a server on your network, KNOPPIX is an excellent choice. You can narrow down the appropriate configuration settings, or server tests without worrying about breaking the OS. Included are samba, VNC, apache, bind, and more.
Sniffers:
The ability to sniff network traffic is essential to any network or security administrator. KNOPPIX includes numerous sniffers, and supporting programs such as ettercap and dsniff. In addition to sniffers, this section of tools also includes packet creation/injection tools, such as IPMagic and nemesis. With these programs you can create your own custom made packets for testing purposes.
Vulnerability Testers:
Vulnerability testing programs are used to test for the existence of potential problems in computers and program. Included in this section are programs like nessus and nmap, both of which have a reputation for being able to detect open services, and problems with those services. Other programs like chrootkit (checks local system for indication of root kits), are also available to detect any existing vulnerabilities on the local system.
Wireless Tools:
This section is the reason I have a copy of KNOPPIX with me at all times. In a matter of three minutes I can turn my laptop into a fully function wireless auditing tool. Using kismet, airsnort, or wardrive, and a network card, I can detect wireless networks, capture the data on the network, and even crack the WEP encryption that is widely used. If you are interested in testing out the power of Linux with regards to WLAN analysis, KNOPPIX is definitely the place to start.
Summary
This short overview of KNOPPIX does not do it justice. However, if any of what you read interests you, please just download and burn off a copy for yourself. This is one packaged collection of software that will not fail to impress you. From the standard office programs (one of which I am using to write this overview), to the more nefarious penetration testing tools, KNOPPIX provides a powerful system in the palm of your hand. Now, if only they would make a version of KNOPPIX for my PDA!

No comments: