S OFTWARE
S ECURITY
P RESENTATION
CSCE
548
2 1 J U LY 2 0 1 6
JA M E S
SAGER
T ECHNICAL O VERVIEW
 Kali Linux is marketed as an penetration
testing tool for security professionals

It’s better known for its many black hat
capabilities
 Of the hundreds of tools that are
combined to make the distribution, this
presentation will introduce you to:

Armitage
21 July 2016
KALI LINUX – CSCE 548 – SAGER
2
T ECHNICAL O VERVIEW
 Kali Linux is a double-edged sword for
security professionals
 It helps them and hurts them in the same
ways:

Easy to access

Anyone can download these tools free
of charge

21 July 2016
Easy to use
KALI LINUX – CSCE 548 – SAGER
3
T ECHNICAL O VERVIEW
 Overlooking operational security risks
can be detrimental

Network admins often put off updating
systems due to fear of instability

It’s easy to overlook trivial machines, like
print servers

21 July 2016
These machines are potential gateways to
KALI LINUX
larger attacks
– CSCE 548 – SAGER
4
T ECHNICAL O VERVIEW
 Overlooking these risks is equivalent to
overlooking trustworthy computing

Compromising Network:

Availability

Confidentiality

Integrity
21 July 2016
KALI LINUX – CSCE 548 – SAGER
5
E XAMPLES
21 July 2016
KALI LINUX – CSCE 548 – SAGER
6
G UARANTEES
OF
S ECURITY
 Examples like these should reveal a few
truths to future security professionals:

The challenges of their chosen carrier

Why penetration testing is important


Reactive measures should never be excluded
Why the SDLC is a continuous processes
21 July 2016
KALI LINUX – CSCE 548 – SAGER
7
A VOIDANCE
 Practice proactive security measures
 Keep data encrypted
 Keep all network resources reasonably
up to date
 XP Machines are completely
vulnerable

21 July 2016
When updating is not an option, change
the OS
KALI LINUX – CSCE 548 – SAGER
8
S TAY I NFORMED
 Have a continuous willingness to learn

Which tools are the most reliable

Which tools are the most unreliable
 Would a product like pfSence alter the
results of my experiment?

Is it expensive?

Is it pheasable?
21 July 2016
KALI LINUX – CSCE 548 – SAGER
9
C ONCLUSION
 A timeless, 100% guaranteed security
solution does not exist
 Working for trustworthy computing is a
constant battle to protect:

Availability

Confidentiality

Integrity
21 July 2016
KALI LINUX – CSCE 548 – SAGER
10
R EFERENCES
"Reg." Reg. Microsoft, 2016. Web. 20 July 2016.
https://technet.microsoft.com/enus/library/bb490984.aspx
"Our Most Advanced Penetration Testing Distribution,
Ever." Kali Linux. Kali Linux,
2016. Web. 20 July 2016.
https://www.kali.org/
21 July 2016
KALI LINUX – CSCE 548 – SAGER
11