Kali linux questions
-
Question 1:
i keep hearing people say: " if you re a beginner, it's better to install Kali on a virtual machine"
is it possible to explain why?! ( i dont like to be told what to do without understanding why).
what can go wrong if i install Kali directly on my computer? why most people do not recommend it?!Question 2:
is there any reason why people talk more about Kali than they do about ParrotOS? are they equally good? and is Kali used in real world pen testing?Question 3:
is it a crazy idea if i decide for example to run CentOS or Ubuntu, and install security tools manually when needed? will that technically work? ..(i know it's more challenging, and i like this idea especially since i believe it might help me improve my linux skills, but im afraid some people would consider it a waste of time), so your feedback is highly appreciated.thanks a lot for your time and feedback!
-
@EA89 said in Kali linux questions:
" if you re a beginner, it's better to install Kali on a virtual machine"
:-D I use VMs because I can destroy my system but a recovery is very easy. One click... wait 1 minute and my system runs again. I love snapshots. If you have t rebuild a linux, you need much more time.
The second reason is, you can install multiple OS and create a local test network with e.g. Windows Server, a Kali, a win 10 and a Win 7 and you can run all tools. If you attack your WinServer and you killed it accidently... no problem, one click and you can have fun again.
The third reason is: VMs are file and and easy to copy. Microsoft and other distributors offer these files and one click and wait a short time you have a new test system. It save a lot of time.
The drawback is: you need a lot of RAM, but RAM is very cheap. 32GB is $100 to $120.
@EA89 said in Kali linux questions:
but im afraid some people would consider it a waste of time
It is not waist of time, because you learn a lot and that is the point.
-
@Stefan-Waldvogel
but i can have Kali on my laptop, and build the lab for testing on my desktop pc. which will allow me to have more resources for the lab, and kali will be faster on the laptop! anything wrong with that? ...
i remember reading something about Kali being dangerous because users are automatically granted root access...but now the new version they give a normal user account, so its like any normal distro, i wonder if that resolves the problem or there is something else as well. -
@EA89 said in Kali linux questions:
anything wrong with that? ...
No, if you have the hardware, why not?
@EA89 said in Kali linux questions:
automatically granted root access..
Everyone know root/toor but now it is kali/kali. It is up to you to change that or you can add more users with different rights.
-
Question 1: Should I run Kali in a VM or directly on hardware:
You should not run Kali on direct hardware even if you are an expert user. They have a pretty good write up on this on the Kali website that you can read. It basically boils down to the fact that Kali is designed as a security testing suite, but is not very secure itself. Many of its services run as root by default, and a lot of security protections found in mainstream distros are excluded in Kali. There are a few rare instances where you may need Kali on bare-metal hardware (like some WiFi sniffing techniques) but they are certainly edge cases. Kali should not be your "daily driver" operating system.Question 2: Is there any reason why people talk more about Kali than they do about ParrotOS?
Name recognition and history, mostly. Kali filled a need when there were no other options. Now there are several different choices. At the end of the day, they both provide access to the same tools. As for the second part of your question, most of the pentesters I have met use Kali Linux in one form or another in their field pentesting.Question 3: Is it a crazy idea if i decide for example to run CentOS or Ubuntu, and install security tools manually when needed?
This was going to be my answer for #2 :) You don't actually need a security distro at all. None of the tools in Kali or ParrotOS are exclusive. You could just as easily spin up a Fedora box and install the tools yourself. You will often get newer versions of the tools on a system far more secure and flexible. The only real advantage of Kali, ParrotOS and others is the convenience of already having the packages installed and ready to go. If you roll your own distro you will have to dig through the install docs and work out the dependencies. It isn't easy, but it does work.Thanks for writing in,
Don Pezet
-
Thank you Don for your detailed explanation.