Useful exercise to:
- Take time to define a comprehensive security policy.
- If you are running Kali on a publicly accessible server, change any default passwords for services that might be configured (see Section 7.3, “Securing Network Services”) and restrict their access with a firewall (see Section 7.4, “Firewall or Packet Filtering”) prior to launching them.
- Use fail2ban to detect and block password-guessing attacks and remote brute force password attacks.
- If you run web services, host them over HTTPS to prevent network intermediaries from sniffing your traffic (which might include authentication cookies).
- Real risk often arises when you travel from one customer to the next. For example, your laptop could be stolen while traveling or seized by customs. Prepare for these unfortunate possibilities by using full disk encryption (see Section 4.2.2, “Installation on a Fully Encrypted File System”) and consider the nuke feature (see Adding a Nuke Password for Extra Safety) to protect your clients data.
- Implement firewall rules (see Section 7.4, “Firewall or Packet Filtering”) to forbid all outbound traffic except the traffic generated by your VPN access. This is meant as a safety net, so that when the VPN is down you immediately notice it (instead of falling back to the local network access).
- Disable services that you do not use. Kali makes it easy to do this since all external network services are disabled by default.
- The Linux kernel embeds the netfilter firewall. There is no turn-key solution for configuring any firewall, since network and user requirements differ. However, you can control netfilter from user space with the
logcheckprogram monitors log files every hour by default and sends unusual log messages in emails to the administrator for further analysis.
topis an interactive tool that displays a list of currently running processes.
dpkg -V) displays the system files that have been modified (potentially by an attacker), but relies on checksums, which may be subverted by a clever attacker.
- The Advanced Intrusion Detection Environment (AIDE) tool checks file integrity and detects any changes against a previously-recorded image of the valid system.
- Tripwire is very similar to AIDE but uses a mechanism to sign the configuration file, so that an attacker cannot make it point at a different version of the reference database.
- Consider the use of
chkrootkitto help detect rootkits on your system.