Sunday, April 22, 2012

Fedora 16 - Security Spin

I was poking around the Fedora website the other day and went to the spins page (http://spins.fedoraproject.org/) and noticed one on security. I'd not seen this before and downloaded it to give it a test drive (I'm working off of it right now, as a matter of fact).  Spins are simply live images that use a particular window manager (like KDE or Gnome) or that have groups of packages installed for a particular purpose.
Besides the security spin, there are also spins for games, electronics, robotics, scientific computing, and multimedia and publishing. I won't list all the apps on the security spin here; you can go to https://fedorahosted.org/security-spin/wiki/availableApps and find the list yourself.
The collection is a nice attempt to provide a little of everything. It's not going to replace BackTrack as your pen testing platform, and there other bootable images for forensics with greater breadth of tools, but it's a nice start, especially if you've not used a live boot security toolkit before.
The one area I would add a bit more to if I were doing this myself would be in the intrusion detection area. What's there is mostly in the arena of host based detection (chkrootkit, rkhunter, aide) though they do include pads, which I'm not familiar with.
I'd like to see more network based intrusion detection along the lines of the excellent Security Onion distribution, from Doug Banks, or the (evidently) no longer active HeX toolkit (http://geek00l.blogspot.com/2008/08/hex-20-rc1-is-now.html).
Dougs Security Onion, (http://securityonion.blogspot.com/), provides you with snort, Suricata, Squil, Snorby, Bro and a host of others. Adding just a few of these to the Fedora spin would make it a little more rounded, I think, since the intent seems to be to provide a wide range of tools in different areas of NetSec.
But, all in all, I think it's a good distro, and if you're just getting started and want to try out tools in a lot of different areas, it's worth a look.
By the way, there's a nice list of security live boots at: http://www.securitydistro.com/security-distros/
Have fun!

Saturday, April 14, 2012

Site Checking

There are a number of sites that will check an URL for you to try and determine if it's hosting malicious code. Some of the ones I've found and use include:
1. Wepawet: http://wepawet.iseclab.org/ Wepawet will check a site for either malicious Java or Flash.
2. VirusTotal: https://www.virustotal.com/#url Though VirusTotal is most well known for it's file scanning service (running samples through multiple vendors AV engines to determine malicious executables), they also offer a URL scanning service as well.
3. Zulu: http://zulu.zscaler.com/ Zulu checks for phishing pages, obfuscated Javascript, suspicious domain names, SURBL blocks, parked domains as well as other checks.
4. Robtex: http://www.robtex.com/ Though Robtex is not a URL site checker per se, when you search on a URL or domain, Robtex reports rbls.org blacklistings and the WOT reputation, and pages for the site with Google Safe Browsing, McAfee Site Advisor, and Norton Safe Web.

Blog Archive