Penetration Testing

Patching your systems is a crucial part of keeping your systems secure but it isn't the only task that must be performed on a regular basis. Another task that should be on your schedule is routine penetration testing. How else will you find vulnerabilities in your systems?

There are several ways you can accomplish penetration testing including hiring a third party to audit your system security. You could also perform penetration testing on your own if you have adequate tools. I recently learned of a new penetration testing toolkit, Whoppix, which might be of use in your network environment.

Whoppix is a Linux-based bootable CD based on the popular Knoppix platform. Among its features are exploits harvested from SecurityFocus, Packetstorm, SecurityForest, and milw0rm. The CD also includes common tools such as Nmap, Nessus, Metasploit Framework, Hydra, and more.

The Whoppix site has some demos online that you can watch, such as brute force cracking the login ID and password for a MySQL server and cracking WEP keys. The demos are basically live animated screen captures that show the use of some of the tools included with Whoppix. Watching the demos is essentially like watching a short movie, and they're effective and to the point.

You can download the whopping 714MB Whoppix ISO image at the project Web site. When you go to the Web site check out the logo. Who comes up with these creepy images so common among Linux security afficianados?