Free security testing toolkit review: BackTrack 3

One of my favorite security assessment tools has just been updated and it's better than ever. BackTrack version 3 is the first update to the "live" Linux-based toolkit in almost 18 months. The price is still right (it's free) and all of the new updates can really help you in your enterprise security testing efforts. According to the remote-exploit.org site, BackTrack 3 has already been downloaded more than 500,000 times, so it's obviously well-liked in the security community.

What's new with BackTrack 3

First of all, BackTrack 3 is based on a more recent version of the Linux kernel (2.6.21.5) complete with the latest and greatest patches. They've also created a VMware image for BackTrack 3 that you can download and load up in a snap.

The biggest tool change is the inclusion of the SAINT vulnerability scanner. The bundling has a catch, however. You get a one-year license to use SAINT so it technically doesn't fit the mold of the other freeware/open source tools included in BackTrack 3. It's a smart marketing move by SAINT Corp. They've also included the Maltego forensics application, and, of course, the latest versions of the previous security testing tools along with quite a few others that you've probably never heard of but should check out nonetheless.

The following screenshot (Figure 1) shows the slick GUI interface in BackTrack 3 as well as its various categories of security testing tools.

Figure 1
[IMAGE]
BackTrack 3's security testing tools

What you can do with BackTrack 3

With the BackTrack 3 tools, you can run a whole slew of security tests against Windows (and other) systems. Start by running ping sweeps to find live hosts and then perform system enumeration to see what Windows services are available to prying eyes. You can then perform operating system vulnerability scanning and even exploit certain vulnerabilities for the ultimate in penetration testing. If yo

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Windows desktop security tips Securing sensitive data on Windows-based laptops Gathering and documenting your Windows desktop security policies Windows desktop security standards documentation best practices Desktop security preparation for a new wave of Windows apps Four Internet Explorer 8 group policy security settings The state of enterprise security and emerging threats in 2009 Why should Windows shops use Microsoft Baseline Security Analyzer? A first look at Windows 7 security enhancements Using Sysinternals tools in security management scenarios Sysinternals tools: A must-have for every Windows security toolbox Microsoft Windows security tools Troubleshooting Microsoft WSUS connectivity issues Windows security tools for the busy desktop administrator Four Internet Explorer 8 group policy security settings Microsoft Stirling security console delayed for more integration Why should Windows shops use Microsoft Baseline Security Analyzer? Using Sysinternals tools in security management scenarios Sysinternals tools: A must-have for every Windows security toolbox Windows security tools roundup Top Windows client security tools for end users Tools for virus removal and detection Windows Vista security issues, updates and alerts Ten ways to sell security to management Improve Windows security with our top 10 tips Windows Vista management tutorial Minasi says Vista SP1 solves problems, adds new ones Does Vista's strong security make it better than XP? Are Windows Vista's features silencing critics? Managing single sign-on security burdens in Windows Top 10 ways to improve Windows Vista security A Windows security checklist for IT managers Unauthenticated vs. authenticated security testing

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary drive-by download  (SearchEnterpriseDesktop.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

u're running IIS and SQL Server (who doesn't?), use BackTrack 3 to hone in on Web and database vulnerabilities.

Got wireless? Well, there are a ton of tools for testing the security of both Wi-Fi and Bluetooth. Been hacked? There are plenty of data analysis and forensics tools included as well. It even has several built-in services such as an HTTP server, a VNC server, a TFTP server and even the SNORT IDS -- all of which come in handy when testing for security vulnerabilities on your network.

Again, all of this is in one toolkit! You're not going to get any other set of tools in one place and (mostly) ready to run than you get with BackTrack 3. I rarely call any security tool or product awesome, but BackTrack 3 really is.

A few things to be aware of

With all the positive things I have to say about BackTrack 3, there are some caveats. Contrary to claims by its authors, BackTrack 3 is not the be-all, end-all security testing suite. I've found over the years that many (but not all) of the commercial security testing tools provide more of what you need most of the time. That said, neither are you going to get the granularity and control that BackTrack 3's niche tools give you in any commercial security tool -- at least none that I'm aware of. You'll likely need to use both commercial tools and the BackTrack toolkit to get the broadest look at your systems.

I do have a different stance when it comes to testing for security holes in Web applications and databases, however. I've yet to find any free Web or database security tools that are as comprehensive in finding the right security weaknesses as the commercial offerings do.

In most cases, you're also going to get better reporting capabilities out of commercial tools. That sounds trite, but who doesn't need reporting capabilities these days? Furthermore, timely updates and technical support are likely to be better when you're paying a company for its product. Commercial products are often easier to use as well. If you run into any trouble, there is an active BackTrack forum with lots of good information.

All in all, with the new and improved BackTrack 3, you have access to the powerful Linux-based security tools on a VMware image or bootable medium that can be run from Windows. Besides, you don't really need a Linux experience. BackTrack 3 is a security testing toolkit you can literally download and load up that's ready to go. In fact, it actually takes longer to download the toolkit than it does to load it. Once you have it up, you simply click the tool you want to run, enter specific variables or other data where needed and you're off.

Unless you want to spend all the time and effort required to download and install all of the individual tools included in BackTrack 3, you're just not going to get a more comprehensive, powerful and free toolkit anywhere else.

About the author: Kevin Beaver is an information security consultant, keynote speaker and expert witness with Atlanta-based Principle Logic LLC where he specializes in performing independent security assessments. Kevin has authored/co-authored seven books on information security, including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley). He's also the creator of the Security On Wheels information security audio books and blog providing security learning for IT professionals on the go. Kevin can be reached at kbeaver /at/ principlelogic.com.