Frequently asked questions on Kali Linux and security

a.In your opinion, what are the minimal skills required to prepare this Live CD/USB of Kali Linux distribution? Can someone without any programming skills do it easily?


To create the live CD version we can follow below methods :
  1. Downloading from the web: We can download live CD/DVD images from Kali Linux download page and burn them to the disk in order to achieve live linux distribution.
  2. Bootable  Live USB:  we can use linux system utility to create and burn the kali linux to USB after making it bootable.


I do not think there are any programming skills are required to make simple live distribution of kali linux.


b. How would you rate the risk, in qualitative terms, associated with a Live CD/USB of Kali Linux? Please provide your response in terms of the likelihood that this distribution could be used in an attack and the impact of such an attack.


It is high risk situation where a live distribution of Kali linux can be run in any system without having to install it. There could be situations where an attacker could use live kali linux to penetrate an intranet system. The main issue is that in case of ill configured system, the above attacker do not even need to install kali linux to carry out the attack as running a live program requires less privileges compared to installing it.

Risk
Likelihood
Impact
Unauthorized system access from BIOS.Most of the BIOS are configured to use pen-drive and CD as bootable device so in case the attacker plugs-in the live CD/USB and restarts the system, the system will boot from the live CD/USB and attacker will have full control on all the system components.
Very likely
High Impact

There could be several negative impact if a person gains unauthorized access due to live kali linux CD/USB:
  1. Impact on business operation: The person can use kali linux tools to connect to client hard drive and database systems and can steal confidential data. One can also destroy or corrupt important data using tools like drive-format etc.This could impact the business reputation as well as operations.
  2. Theft of User data: If the machine which is being accessed by live kali linux distro hold sensitive user information, then it is possible for any person to steal user data such as credit-card information or bank details.
  3. Spamming : The person can hold the resources of the machine using the live kali linux CD . He can then use this machine as a proxy to carry out spamming or hacking attempts on other systems. In this case the identity of attacker could be confused by the compromised system and can lead to delay in preventive measures.

c. What are the benefits of distributions such as Kali Linux?


Few benefits that I can think of :
  1. Useful for mass distribution : In case of a security company , if it needs to install multiple copies of exact same features to different machines , it can simply create a live CD and distribute it to required parties. People would not need to download or install anything and can simply run the CD to perform required task.
  2. Portability : If any ethical hacker wants to be able to analyse the system on the go, it is only possible through live CD of kali linux. Otherwise the person might have to install kali linux on every single machine he intends to work on which is time consuming and wasteful.
  3. Recovery : In case where systems are affected by virus attacks or hardware failure and a normal install in impossible, a live kali linux could be used to fix those malware and recover the system.
  4. Testing : In case of testing whether the new version of kali linux is significantly different from previous version. This will enable any organization using kali linux to determine whether it is worthwhile to upgrade all the existing installations or not.


References :

https://www.kali.org/downloads/

Leave a Reply

Your email address will not be published / Required fields are marked *