11.1. Kali Linux in an Assessment
When preparing to use Kali Linux in the field, you must first ensure you have a clean, working
installation. A common mistake that many novice security professionals make is using a single
installation across multiple assessments. This is a problem for two primary reasons:
• Over the course of an assessment, you will often manually install, tweak, or otherwise
change your system. These one-off changes may get you up and running quickly or solve
a particular problem, but they are difficult to keep track of; they make your system more
difficult to maintain; and they complicate future configurations.
• Each security assessment is unique. Leaving behind notes, code, and other changes can lead
to confusion, or worse — cross-contamination of client data.
285
Chapter 11 — Introduction to Security Assessments
That is why starting with a clean Kali installation is highly recommended and why having a pre-
customized version of Kali Linux that is ready for automated installation quickly pays off. Be sure
to refer back to section
9.3
, “
Building Custom Kali Live ISO Images
” [page 241] and section
4.3
,
“
Unattended Installations
” [page 95] on how to do this, since the more you automate today, the
less time you waste tomorrow.
Everyone has different requirements when it comes to how they like Kali Linux configured when
they are in the field, but there are some universal recommendations that you really want to follow.
First, consider using an encrypted installation as documented in section
4.2.2
, “
Installation on a
Fully Encrypted File System
” [page 88]. This will protect your data on the physical machine, which
is a life-saver if your laptop is ever stolen.
For extra safety during travel, you might want to nuke the decryption key (see “
Adding a Nuke
Password for Extra Safety
” [page 250]) after having sent an (encrypted) copy of the key to a co-
worker in the office. That way, your data are secure until you get back to the office where you can
restore the laptop with the decryption key.
Another item that you should double-check is the list of packages that you have installed. Consider
what tools you might need for the work you are setting out to accomplish. For example, if you are
embarking on a wireless security assessment, you may consider installing the kali-tools-wireless
metapackage, which contains all of the wireless assessment tools available in Kali Linux, or if a web
application assessment is coming up, you can install all of the available web application testing
tools with the kali-tools-web metapackage. It is best to assume that you will not have easy access
to the Internet while conducting a security assessment, so be sure to prepare as much as possible
in advance.
For the same reason, you might want to review your network settings (see section
5.1
, “
Config-
uring the Network
” [page 108] and section
7.3
, “
Securing Network Services
” [page 159]). Double-
check your DHCP settings and review the services that are listening on your assigned IP address.
These settings might make a critical impact to your success. You can’t assess what you can’t see
and excessive listening services might flag your system and get you shut down before you get
started.
If your role involves investigating network intrusions, paying close attention to your network set-
tings is even more important and you need to avoid altering the impacted systems. A customized
version of Kali with the kali-tools-forensics metapackage booted up in forensics mode will not auto-
matically mount disks or use a swap partition. In this way, you can help maintain the integrity of
the system under analysis while making use of the many forensics tools available in Kali Linux.
It is critical that you properly prepare your Kali Linux installation for the job. You will find that
a clean, efficient, and effective Kali environment will always make everything that follows much
smoother.
286
Kali Linux Revealed
|
