RE: CEH training

From: Richard Zaluski (rzaluski@ivolution.ca)
Date: Tue Jun 21 2005 - 09:47:38 EDT


I do agree with you and I was making a generalized statement. Meaning, it's
much better to run a tool such as nmap in the Unix / Linux realm then on
Windows. The same goes for the Windows with the basic net view commands.

Each has its place and use and as a Penetration tester you have to know your
utilities and tools and how they work.

Richard Zaluski
CISO, Security and Infrastructure Services
iVOLUTION Technologies Incorporated
905.309.1911
866.601.4678
www.ivolution.ca
rzaluski@ivolution.ca
 

Key fingerprint = DB39 7FC3 1F5D AD94 85DD 78B0 774D 5DE5 B011 BD8C
=======================================================================
CONFIDENTIALITY NOTICE: This email message, including any
attachments, is for the sole use of the intended recipient(s) and may
contain confidential and privileged information. If you are not the
intended recipient, please contact the sender. Any unauthorized review,
use, disclosure, or distribution is prohibited.
=======================================================================
-----Original Message-----
From: Pete Herzog [mailto:lists@isecom.org]
Sent: Thursday, June 23, 2005 5:49 AM
To: Richard Zaluski
Cc: glemmon@onealwebster.com; brzurom@tycho.ncsc.mil;
pen-test@securityfocus.com
Subject: Re: CEH training

Have to disagree with you here somewhat Richard. But I think your
conciseness is your error.

It's not better to run a tool on the OS it was designed on. It's best
to run a tool designed on an OS with a platform and infrastructure that
touches or manipulates the original packets the least. You can use
windows to make a windows tool and run it on windows but it still won't
run better than a tool which runs over a non-interfering OS, where the
kernel does not try to translate information for you, no packet
translation, packet inspection, or additional packet noise occurs in
addition to the operating environment of the tool.

Every layer of abstraction or interpretation between the request and the
response, including those made by the tool itself, are layers where
mistakes can be and will be made. The reason why tools under Windows
may function less desirably than some other OSes is the layers
introduced when making the tool, running the tool, making the request,
receiving the response, and the packet noise made inheritently on
networks where the OS resides. Windows is a user's OS for users with
ease-of-use and administration being of primary functions. It is not
the right tool for the job, for any job, that is not specifically
testing the functioning of a windows environment from a Windows
user/administrator perspective.

Otherwise it's like reading one or two ad-soaked magazines about new
security technology to make a decision on what kind of firewall you need
for your network. It gives you info but you can only speculate on the
accuracy and interpretation of that information.

Sincerely,
-pete.

-- 
Pete Herzog - Managing Director - pete@isecom.org 
ISECOM - Institute for Security and Open Methodologies
www.isecom.org - www.osstmm.org
www.hackerhighschool.org - www.isestorm.org
-------------------------------------------------------------------
ISECOM is the OSSTMM Professional Security Tester (OPST),
OSSTMM Professional Security Analyst (OPSA), and Hacker Highschool 
Teacher certification authority. 
Richard Zaluski wrote:
>Regarding "tools" and windows, most of the security tools that run on
>Windows are simply ported over from the *nix world.  They run much better
>and often times allow much more flexibility in their use due to the way
>Windows and *nix operates and interacts with them.  
>
>Its much better, in my opinion to run a tool on its native operating
system.
>I have seen nmap for example running on MS 2000 professional completely lag
>behind the *nix version.
>
>  
>


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:29 EDT