How I can keep secure my BT4b from hackers ?
BT4 is very useful for hacking a remote sys.
What about if a remote sys try to hack bt4?
Is there a way to keep the system up to date? How ?
Are there some known vulnerability issue?
Thanks,
regards,
ch4rli3
If you are unaware of how to harden your OS or unable to perform a search, gather, and implement the instruction you find to hardening your OS then BT probably isn't an appropriate operating system for you.
If your goal is a secure system then starting with Beta software is the wrong move.
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
Before BT4b, I've used ubuntu that indulge me with a series of automatic procedure. I was just asking if BT4 has some similar automated procedure.Originally Posted by thorin
I'm a newbie and this is newbie area... isn't it ?
Thanks
Ok here's a newbie area qualified answer then:
"don't try to secure beta software, it's pointless".
If you don't like that answer try looking over here:
http://forums.remote-exploit.org/forumdisplay.php?f=45
http://backtrack.offensive-security.....php/Howto-bt4
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
Don't tell Google that.
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
Just run it as either a usb or live cd/dvd then you won't have to worry so much about those wiley hax0rs.
To be successful here you should read all of the following.
ForumRules
ForumFAQ
If you are new to Back|Track
Back|Track Wiki
Failure to do so will probably get your threads deleted or worse.
You could always do this every now and again to get updated software from the Ubuntu repositories:
BT4 Beta does have the Ubuntu Security Repository configured for use by apt, and these commands will update you from those repositories, so this should give you access to any Ubuntu packages upgraded because of discovered security flaws.Code:apt-get update apt-get upgrade
Other than that securing the box would be done in the same way as for other Linux installs. Disable unneeded listening services (or bind to 127.0.0.1 where you only need local use), use a firewall and decent authentication (good passwords) for services you do need to use available, be careful with unknown software, collect and monitor logs, consider intrusion detection or other monitoring/checking utilities, set file permissions appropriately, run services with users that have the appropriate rights, etc. There's more information available on the web for this...
Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".
The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.
"hacking back" is a questionable security practice, from the legal point of view. I would suggest you reading the book "Aggressive Network Security" - then you will understand the ways somebody could fight back during your "attack". Generally, if they know what they're doing, there's no point in securing yourself, you will get pwnd for keeping your hands off your pockets. Just be careful who you attack... you never know.
Too late, we have already pwnz0red j00.
As the others have mentioned, it is beta, so don't expect it to be hardened. Otherwise keep things updated. Having said that, Backtrack is not really designed to be a primary OS, so (I am guessing here) the developers are working on making it useful for attacking, and not defending.
If you need a really secure OS, try OpenBSD or stick with something non-beta.
Well said and quite true on the legal front. Returning fire is a bad idea. It is worse, as well if you piss off the attacker and they are already deeper in your systems than you know, or they bear a grudge and damage your systems more than they already have. The general rule I follow is, if you discoverer a compromised system, and you don't have the need for forensics on it, nuke and pave it. Reinstall and patch it. (Then add some hardening to prevent it from getting pwned again).
Well if you know how to hack into other systems you should know how to defend against these hacks too since you understand how they work right?
Oh wait, don't tell me you use all the automated tools like SpoonWep, Metasploit and so on. Well start to learn how these applications are working under the hood and you wouldn't have to ask such a question.
Tiocfaidh ár lá
Posting Permissions
