Virtual Machines and BackTrack - 21 Jun 2007
Use a VM to quickly and easily try out a Linux distribution with a set of security tools
June 20, 2007
Executive Summary:
Virtual machine software lets you run Windows and Linux from the same machine. |
Learn how to download and install VM software to use a Linux distribution on a bootable CD-ROM. |
VMware Server is ideal for running the Linux distribution BackTrack, which offers over 300 security tools. |
Virtual machines (VMs) have surged in popularity as computers are shipped with faster processors and cheaper memory. Earlier versions of VM software ran as executables, but newer, more sophisticated versions run as services and include rich features such as automatic VM startup and shutdown when the host starts or shuts down, Web-based VM guest management software, and a scriptable API. Using a single VM host server, you can deploy a Web server, mail relay with antispam, and even security programs such as an intrusion detection system (IDS) or a vulnerability scanner as separate guests on that single VM host server. This can lower your hardware costs and help you create lab environments that emulate physical production environments. And because guests run separately, you can reboot one guest without affecting the others.
VMs are useful for security administrators whose favorite security tools run only on a certain OS. For example, you might run Windows on your primary desktop to manage Windows servers and use Microsoft Office, but use a VM to run a Linux distribution for security tools such as Sourcefire’s Snort, Nessus Vulnerability Scanner or a VM for UNIX and its powerfully flexible command shell. Figure 1 shows the Linux distribution BackTrack running in a VM on a Windows machine.
Even if you don’t have a lot of experience configuring an OS such as Linux, it’s easy using a distribution on a bootable CD-ROM (aka a Live CD), which contains a fully configured OS complete with applications. Live distributions make it easy to test, evaluate, or simply learn about different security programs because you don’t have to download and install each program separately. Let’s walk through how to download and install VM software and an entire suite of Linux security tools for free.
Installing a Linux Distribution in a VM
Begin by choosing your VM host software. VM veteran VMware has new competition from Microsoft Virtual PC 2007. On the Macintosh side, Parallels Desktop for Mac has taken the Intel-based Mac market by storm because it lets Mac OS X users run Windows, Linux, and other traditional x86 OSs on their Macs. For this example, you'll download and configure VMware Server to run the popular security Linux distribution BackTrack in a VMware guest.
First, download and install the latest version of the free virtualization product VMware Server (http://www.vmware.com/products/free_virtualization.html). The VM host emulates the hardware of an Intel x86 computer, but VM software often includes tweaks for specific OSs, so you’ll need to know what type of OS you'll be running before creating your VM guest. For this example, you’ll install BackTrack, which you can download from http://www.remote-exploit.org/backtrack_download.html. Download the image file (ISO) to a directory on your host computer. You don’t need to burn it to a CD-ROM; instead, you’ll configure the VM to boot directly from the ISO.
After you've installed VMware Server, launch the VMware Server Console and connect to the LocalHost server. Click New Virtual Machine and follow the wizard to create your guest. When prompted for the guest OS, choose Linux, then the specific distribution or kernel. BackTrack uses a version of the Slackware distribution with a 2.6.x kernel, but as Slackware isn't among the distributions listed, choose the next closest match: Other Linux 2.6.x kernel.
By default, VMware guests store their logical hard disks in a single file on the host computer; in other words, the VMware server creates a file that emulates virtual disks used by the guests. I like to name my locations after the VM guest, so in this case I would name the VM BackTrack and specify the location as: C:Virtual MachinesBackTrack. VMware Server lets you adjust guest-specific configurations such as whether the guest should run under the local system or other account or whether you want the guest to power up or down when the host starts up or shuts down. Configure these options to suit your needs. Then, if you apply a security patch to your host computer that requires a reboot, you could simply instruct the host computer to reboot, and it will take care of properly shutting down and then restarting the VM guests running on it. This can be a time saver.
When prompted by the wizard to specify a guest’s virtual hardware configuration, I usually choose 256MB of memory for a low-end Linux computer and 512MB of memory for a low-end Windows guest VM. Ultimately, these decisions depend entirely on your environment and what you'll be running on the guest, and you can easily add or remove memory later by adjusting a slider control in the VMware Server console.
VMware Server supports robust networking configurations. Using VMware Server, you can specify bridged networking to the host or virtual networks, Network Address Translation (NAT), or host-only networking. For this example, choose bridged networking, which closely emulates a physical machine connected to the same LAN as your host VM server. In this configuration, your VMware guest communicates directly with the same LAN that the VMware host is connected to. For example, it will get its own DHCP address if your network is configured that way, and other computers on the network will communicate with the VMware guest in the same way as they would communicate with any other computer on your network. In other words, the VMware host is transparent to communications with the guest.
Next, configure the hard disks. Using VMware Server, I’ve found that accepting the default configuration works for most installations, but if the guest OS fails to recognize a hard disk, try selecting a different adapter or changing the bus between ATAPI and SCSI. VMware lets you specify the size of the guest VM hard disk but doesn’t require you to allocate the space all at once. For example, you can specify a virtual disk of 40GB, but if you install only a 1GB OS, only 1GB of disk space is actually used on the host drives. Allocating space in this manner might make performance a little slower, but I like the flexibility this option affords.
Now that you've created a guest VM, you can configure the virtual CD-ROM drive to attach to and boot from the BackTrack ISO when the guest powers up. In the VMware Server Console, select the newly created BackTrack VM guest and click Edit virtual machine settings. Click CD-ROM, change the connection to Use ISO image, and browse to the BackTrack ISO and select it.
Finally, click OK to save your changes, then click the power button icon in the console to power up the VM guest. If you properly configured the virtual CD-ROM drive, you’ll see the VM guest boot into the security ISO and load the BackTrack security toolset. You should now have a fully functional version of all of the tools running “inside” your host computer but with full access to your LAN.
Now You're Virtualizing
Check out other security tool distributions listed at http://sectools.org/sec-distros.html. Also, remember that your VM is a complete OS and that VMware Server lets you create a switched virtual network within your host. So the next time you want to install Microsoft ISA Server or a UNIX firewall such as pfSense or SmoothWall, consider installing the firewall—and network—within a VM. Although for security reasons you wouldn't want to install your production firewall in a shared VM environment, it’s a great environment to quickly test different firewall or security subnet configurations that normally would require many different pieces of equipment.
About the Author
You May Also Like