Re: CEH training

From: Pete Herzog (lists@isecom.org)
Date: Thu Jun 23 2005 - 05:49:27 EDT


Have to disagree with you here somewhat Richard. But I think your
conciseness is your error.

It's not better to run a tool on the OS it was designed on. It's best
to run a tool designed on an OS with a platform and infrastructure that
touches or manipulates the original packets the least. You can use
windows to make a windows tool and run it on windows but it still won't
run better than a tool which runs over a non-interfering OS, where the
kernel does not try to translate information for you, no packet
translation, packet inspection, or additional packet noise occurs in
addition to the operating environment of the tool.

Every layer of abstraction or interpretation between the request and the
response, including those made by the tool itself, are layers where
mistakes can be and will be made. The reason why tools under Windows
may function less desirably than some other OSes is the layers
introduced when making the tool, running the tool, making the request,
receiving the response, and the packet noise made inheritently on
networks where the OS resides. Windows is a user's OS for users with
ease-of-use and administration being of primary functions. It is not
the right tool for the job, for any job, that is not specifically
testing the functioning of a windows environment from a Windows
user/administrator perspective.

Otherwise it's like reading one or two ad-soaked magazines about new
security technology to make a decision on what kind of firewall you need
for your network. It gives you info but you can only speculate on the
accuracy and interpretation of that information.

Sincerely,
-pete.

-- 
Pete Herzog - Managing Director - pete@isecom.org 
ISECOM - Institute for Security and Open Methodologies
www.isecom.org - www.osstmm.org
www.hackerhighschool.org - www.isestorm.org
-------------------------------------------------------------------
ISECOM is the OSSTMM Professional Security Tester (OPST),
OSSTMM Professional Security Analyst (OPSA), and Hacker Highschool 
Teacher certification authority. 
Richard Zaluski wrote:
>Regarding "tools" and windows, most of the security tools that run on
>Windows are simply ported over from the *nix world.  They run much better
>and often times allow much more flexibility in their use due to the way
>Windows and *nix operates and interacts with them.  
>
>Its much better, in my opinion to run a tool on its native operating system.
>I have seen nmap for example running on MS 2000 professional completely lag
>behind the *nix version.
>
>  
>


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:28 EDT