• Unix is an environment created by programmers for programmers using the
command line.
• Unix was created with simple, single-purpose tools that can be combined for
more complex tasks.
• Kali Linux has several potential GUIs that can be installed and utilized; it’s
important to find one that you’re most comfortable with.
• Each desktop environment has a lot of customization options.
• Kali
is based on
systemd
, so service management uses
systemctl
.
• Processes can be managed using signals, including interrupt and kill.
• Logs will be your friends and help you troubleshoot errors. Logs are typically
stored in
/var/log
.
• Configuration files are typically stored in
/etc
, though
individual configuration
files are stored in the home directory.
Useful Resources
•
Linux in a Nutshell
, 6e
, by Ellen Siever, Stephen Figgins,
Robert Love, and Arnold
Robbins (O’Reilly, 2009)
•
Linux System Administration
, by Tom Adelstein and Bill Lubanovic (O’Reilly,
2009)
• The Kali Linux
website
•
“Linux System Administration Basics”
by Linode
Useful Resources | 35
CHAPTER 2
Network Security Testing Basics
Security testing
is a broad term that means a lot of different things. Some of this test‐
ing will be network-based, and the goal may not necessarily be about system compro‐
mise. Instead, the testing may be more focused on impacting the service in negative
ways, like causing the service to stop or be otherwise unavailable. When a service is
taken offline, it’s considered a security issue. Because of that,
stress testing can be an
important element of security testing.
To perform network-based testing in which you are testing more of the networking
elements than the applications, you need to understand how network protocol stacks
are defined. One way of defining protocols and,
more specifically, their interactions,
is using the Open Systems Interconnection (OSI) model. Using the OSI model, we
can break the communications into different functional elements and see clearly
where different pieces of information are added to the network packets as they are
being created.
Additionally, you can see the interaction from system to system across
the functional elements.
Stress testing not only creates a lot of information for the systems and applications to
handle, but also generates data the application may not expect. You can perform
stress testing, and should, by deliberately breaking the rules
that the application or
operating system expects communications should follow. Many attacks use this rule-
breaking. They can cause application failures, either by getting them to shut down or
by causing application exceptions that may be exploited for application or system
compromise.
