One of my favorite security assessment tools has just been updated and it's better than ever. BackTrack version 3 is the first update to the "live" Linux-based toolkit in almost 18 months. The price is still right (it's free) and all of the new updates can really help you in your enterprise security testing efforts. According to the remote-exploit.org site, BackTrack 3 has already been downloaded more than 500,000 times, so it's obviously well-liked in the security community.
What's new with BackTrack 3
First of all, BackTrack 3 is based on a more recent version of the Linux kernel (126.96.36.199) complete with the latest and greatest patches. They've also created a VMware image for BackTrack 3 that you can download and load up in a snap.
The biggest tool change is the inclusion of the SAINT vulnerability scanner. The bundling has a catch, however. You get a one-year license to use SAINT so it technically doesn't fit the mold of the other freeware/open source tools included in BackTrack 3. It's a smart marketing move by SAINT Corp. They've also included the Maltego forensics application, and, of course, the latest versions of the previous security testing tools along with quite a few others that you've probably never heard of but should check out nonetheless.
The following screenshot (Figure 1) shows the slick GUI interface in BackTrack 3 as well as its various categories of security testing tools.
What you can do with BackTrack 3
With the BackTrack 3 tools, you can run a whole slew of security tests against Windows (and other) systems. Start by running ping sweeps to find live hosts and then perform system enumeration to see what Windows services are available to prying eyes. You can then perform operating system vulnerability scanning and even exploit certain vulnerabilities for the ultimate in penetration testing. If you're running IIS and SQL Server (who doesn't?), use BackTrack 3 to hone in on Web and database vulnerabilities.
Got wireless? Well, there are a ton of tools for testing the security of both Wi-Fi and Bluetooth. Been hacked? There are plenty of data analysis and forensics tools included as well. It even has several built-in services such as an HTTP server, a VNC server, a TFTP server and even the SNORT IDS -- all of which come in handy when testing for security vulnerabilities on your network.
Again, all of this is in one toolkit! You're not going to get any other set of tools in one place and (mostly) ready to run than you get with BackTrack 3. I rarely call any security tool or product awesome, but BackTrack 3 really is.
A few things to be aware of
With all the positive things I have to say about BackTrack 3, there are some caveats. Contrary to claims by its authors, BackTrack 3 is not the be-all, end-all security testing suite. I've found over the years that many (but not all) of the commercial security testing tools provide more of what you need most of the time. That said, neither are you going to get the granularity and control that BackTrack 3's niche tools give you in any commercial security tool -- at least none that I'm aware of. You'll likely need to use both commercial tools and the BackTrack toolkit to get the broadest look at your systems.
I do have a different stance when it comes to testing for security holes in Web applications and databases, however. I've yet to find any free Web or database security tools that are as comprehensive in finding the right security weaknesses as the commercial offerings do.
In most cases, you're also going to get better reporting capabilities out of commercial tools. That sounds trite, but who doesn't need reporting capabilities these days? Furthermore, timely updates and technical support are likely to be better when you're paying a company for its product. Commercial products are often easier to use as well. If you run into any trouble, there is an active BackTrack forum with lots of good information.
All in all, with the new and improved BackTrack 3, you have access to the powerful Linux-based security tools on a VMware image or bootable medium that can be run from Windows. Besides, you don't really need a Linux experience. BackTrack 3 is a security testing toolkit you can literally download and load up that's ready to go. In fact, it actually takes longer to download the toolkit than it does to load it. Once you have it up, you simply click the tool you want to run, enter specific variables or other data where needed and you're off.
Unless you want to spend all the time and effort required to download and install all of the individual tools included in BackTrack 3, you're just not going to get a more comprehensive, powerful and free toolkit anywhere else.
About the author: Kevin Beaver is an information security consultant, keynote speaker and expert witness with Atlanta-based Principle Logic LLC where he specializes in performing independent security assessments. Kevin has authored/co-authored seven books on information security, including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley). He's also the creator of the Security On Wheels information security audio books and blog providing security learning for IT professionals on the go. Kevin can be reached at kbeaver /at/ principlelogic.com.
This was first published in August 2008