Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: How I can keep secure my BT4b from hackers ?

  1. #1
    Just burned his ISO
    Join Date
    Apr 2009
    Posts
    7

    Default How I can keep secure my BT4b from hackers ?

    BT4 is very useful for hacking a remote sys.
    What about if a remote sys try to hack bt4?
    Is there a way to keep the system up to date? How ?

    Are there some known vulnerability issue?

    Thanks,
    regards,
    ch4rli3

  2. #2
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    If you are unaware of how to harden your OS or unable to perform a search, gather, and implement the instruction you find to hardening your OS then BT probably isn't an appropriate operating system for you.

    If your goal is a secure system then starting with Beta software is the wrong move.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  3. #3
    Just burned his ISO
    Join Date
    Apr 2009
    Posts
    7

    Default

    Quote Originally Posted by thorin View Post
    ...then BT probably isn't an appropriate operating system for you.
    If your goal is a secure system then starting with Beta software is the wrong move.
    Before BT4b, I've used ubuntu that indulge me with a series of automatic procedure. I was just asking if BT4 has some similar automated procedure.
    I'm a newbie and this is newbie area... isn't it ?

    Thanks

  4. #4
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Ok here's a newbie area qualified answer then:
    "don't try to secure beta software, it's pointless".

    If you don't like that answer try looking over here:
    http://forums.remote-exploit.org/forumdisplay.php?f=45
    http://backtrack.offensive-security.....php/Howto-bt4
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  5. #5
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by thorin View Post
    Ok here's a newbie area qualified answer then:
    "don't try to secure beta software, it's pointless".
    Don't tell Google that.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  6. #6
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by ch4rli3 View Post
    BT4 is very useful for hacking a remote sys.
    What about if a remote sys try to hack bt4?
    Is there a way to keep the system up to date? How ?

    Are there some known vulnerability issue?

    Thanks,
    regards,
    ch4rli3
    Just run it as either a usb or live cd/dvd then you won't have to worry so much about those wiley hax0rs.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  7. #7
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    You could always do this every now and again to get updated software from the Ubuntu repositories:

    Code:
    apt-get update
    apt-get upgrade
    BT4 Beta does have the Ubuntu Security Repository configured for use by apt, and these commands will update you from those repositories, so this should give you access to any Ubuntu packages upgraded because of discovered security flaws.

    Other than that securing the box would be done in the same way as for other Linux installs. Disable unneeded listening services (or bind to 127.0.0.1 where you only need local use), use a firewall and decent authentication (good passwords) for services you do need to use available, be careful with unknown software, collect and monitor logs, consider intrusion detection or other monitoring/checking utilities, set file permissions appropriately, run services with users that have the appropriate rights, etc. There's more information available on the web for this...
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  8. #8
    Good friend of the forums
    Join Date
    Feb 2009
    Posts
    356

    Default

    "hacking back" is a questionable security practice, from the legal point of view. I would suggest you reading the book "Aggressive Network Security" - then you will understand the ways somebody could fight back during your "attack". Generally, if they know what they're doing, there's no point in securing yourself, you will get pwnd for keeping your hands off your pockets. Just be careful who you attack... you never know.

  9. #9
    Member
    Join Date
    Jan 2010
    Posts
    159

    Default

    Quote Originally Posted by ch4rli3 View Post
    BT4 is very useful for hacking a remote sys.
    What about if a remote sys try to hack bt4?
    Is there a way to keep the system up to date? How ?

    Are there some known vulnerability issue?

    Thanks,
    regards,
    ch4rli3
    Too late, we have already pwnz0red j00.

    As the others have mentioned, it is beta, so don't expect it to be hardened. Otherwise keep things updated. Having said that, Backtrack is not really designed to be a primary OS, so (I am guessing here) the developers are working on making it useful for attacking, and not defending.

    If you need a really secure OS, try OpenBSD or stick with something non-beta.


    Quote Originally Posted by xorred View Post
    "hacking back" is a questionable security practice, from the legal point of view. I would suggest you reading the book "Aggressive Network Security" - then you will understand the ways somebody could fight back during your "attack". Generally, if they know what they're doing, there's no point in securing yourself, you will get pwnd for keeping your hands off your pockets. Just be careful who you attack... you never know.
    Well said and quite true on the legal front. Returning fire is a bad idea. It is worse, as well if you piss off the attacker and they are already deeper in your systems than you know, or they bear a grudge and damage your systems more than they already have. The general rule I follow is, if you discoverer a compromised system, and you don't have the need for forensics on it, nuke and pave it. Reinstall and patch it. (Then add some hardening to prevent it from getting pwned again).

  10. #10
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Well if you know how to hack into other systems you should know how to defend against these hacks too since you understand how they work right?

    Oh wait, don't tell me you use all the automated tools like SpoonWep, Metasploit and so on. Well start to learn how these applications are working under the hood and you wouldn't have to ask such a question.
    Tiocfaidh ár lá

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •