part0007

Minimum of 20 gigabytes of free hard disk drive space for Kali Linux’s installation
Minimum of 1 gigabyte of random access memory (RAM) for i386 and amd64 – based architecture (The more RAM the system has, the better the performance)
Native CD – DVD drive support, or USB boot support

Once everything is ready, i.e all the requirements are met, and the Kali Linux software has been prepared and is ready to be installed, the first step would be to insert the installation media and boot it / run it (through the USB boot or the CD – DVD drive). Booting the medium should result in a window appearing with multiple options, such as “Live (amd64)”, “Graphical Install”, or simply “Install”. The “graphical install” enables a GUI install, and the “install” initiates a text – mode installation process.

Once the installation method is selected, the window will then request the user to select their preferred system / software language, as well as place their country’s location. In addition, a prompt may come out to request the user to configure their keyboard for the appropriate key – mapping. Once the language – country combination has been selected, and the keyboard properly mapped, the next step will be to input the geographical location of the user. Pressing “continue” after this step will instruct the installer to begin the process of installing the image by copying it to the hard disk drive, as well as probing the network interfaces of the device.

Once these steps are complete, the installer will request the user to input the host name of the system. The purpose of the host name is to identify the system to the network that it is connected to. The host name can be selected by the user and can be changed in the future. The next step is to choose a domain name, which forms part of the computer’s address, found on the right side of the host name. This domain name is usually seen as the “.com”, “.edu”, “.net” suffixes. Note that this step is entirely optional, but if used, it would be prudent to ensure all the computers on the network share the same domain name to avoid errors or confusion.

Once the host and domain name have been selected, the system will then prompt the user to provide a name for the user account. Note that this account will NOT have root access and is meant to enable the system to have an account that can carry out non-administrative activities without admin – access for safety purposes. Upon providing a name, a user – ID will be created based on the given account name, but this ID can be edited to match the user’s preference.

Once all the naming conventions have been set up, the system will check and configure the clock, by requesting for the time zone wherein the user is located. Note that this step still occurs even after having chosen the geographical location, and in fact it notes that in case the time zone the user is in is not listed, they can simply go back and choose the country they are currently located in.

After choosing the partition, the system installer will prompt the user one more time to check whether or not their chosen configuration is what they really want, allowing the user to double – check their configuration options, as installing the Kali Linux software makes numerous disk changes, and making an error in installation may cost a lot of time and effort to reverse and / or remedy. Once the configuration is confirmed, the installer will begin installation on the partitioned drive, and the result will be a near – complete installation. After this, the network mirrors can be configured by the user, and as Kali makes use of a central repository for the distribution of applications, it is necessary to set the network mirrors. Note that it may be possible that the installer will require the user to enter proxy information in case their network makes use of a proxy.

As earlier mentioned, the conventional method of installing Kali Linux requires either a USB boot capability or a CD – DVD drive that can be used for the installation media to be loaded on the system. A lot of the time, this method is used for business or enterprise Kali Linux deployments, where multiple devices need to have the Kali Linux distribution pre – loaded onto them in order for use. This pre – seeding can be done over the network, which is something useful especially when the devices have their USB and CD – DVD ports and drives disabled, as is common practice for business laptops and computers.

The first step in getting the Kali Linux distribution installed over a network, through a PXE (pre – boot execution environment), is to install the “dnsmasq” , which provides the DCHP / TFTP server. Once the dnsmasq is installed, the next step would then be to edit the “dnsmasq.conf” file.

The previous code installs the dnsmasq . The following snippet of code will then allow the user to enable the boot – up of the DHCP, TFTP, and PXE, as well as allow the user to set the dhcp – range to match the environment. In addition, the gateway as well as the DNS servers can be re – defined using the dhcp – option directive as needed.

After all the necessary changes have been made, the dnsmasq must be restarted in order for these changes to properly take effect.

Once the dnsmasq has been restarted and the changes have taken effect, the next step is to make sure that the directory that will be holding the image of the Kali Linux netboot has been created, and that the proper image has been downloaded from the proper Kali Linux repositories.

Ensure that the device that they want to run Kali Linux on is properly protected, and in those cases, they may wish to create an installation that is encrypted with a secure password. By now, the user should have already ensured that their system hardware is compatible (as a reminder, Kali Linux supports i386 / 32 – bit systems, amd64 / 64 – bit systems, and ARM / armel / armhf systems). The next step is ensuring that the system hardware, in addition to having compatible system architecture, should also meet the minimum hardware requirements, which are as follows:

Minimum of 20 gigabytes of free hard disk drive space for Kali Linux’s installation
Minimum of 1 gigabyte of random access memory (RAM) for i386 and amd64 – based architecture (The more RAM the system has, the better the performance)
Native CD – DVD drive support, or USB boot support

Once everything is ready, i.e all the requirements are met, and the Kali Linux software has been prepared and is ready to be installed, the first step would be to insert the installation media and boot it / run it (through the USB boot or the CD – DVD drive). Booting the medium should result in a window appearing with multiple options, such as “Live (amd64)”, “Graphical Install”, or simply “Install”. The “graphical install” enables a GUI install, and the “install” initiates a text – mode installation process.

Once the installation method is selected, the window will then request the user to select their preferred system / software language, as well as place their country’s location. In addition, a prompt may come out to request the user to configure their keyboard for the appropriate key – mapping. Once the language – country combination has been selected, and the keyboard properly mapped, the next step will be to input the geographical location of the user. Pressing “continue” after this step will instruct the installer to begin the process of installing the image by copying it to the hard disk drive, as well as probing the network interfaces of the device.

Once these steps are complete, the installer will request the user to input the host name of the system. The purpose of the host name is to identify the system to the network that it is connected to. The host name can be selected by the user and can be changed in the future. The next step is to choose a domain name, which forms part of the computer’s address, found on the right side of the host name. This domain name is usually seen as the “.com”, “.edu”, “.net” suffixes. Note that this step is entirely optional, but if used, it would be prudent to ensure all the computers on the network share the same domain name to avoid errors or confusion.

Once the host and domain name have been selected, the system will then prompt the user to provide a name for the user account. Note that this account will NOT have root access and is meant to enable the system to have an account that can carry out non-administrative activities without admin – access for safety purposes. Upon providing a name, a user – ID will be created based on the given account name, but this ID can be edited to match the user’s preference.

Once all the naming conventions have been set up, the system will check and configure the clock, by requesting for the time zone wherein the user is located. Note that this step still occurs even after having chosen the geographical location, and in fact it notes that in case the time zone the user is in is not listed, they can simply go back and choose the country they are currently located in.

After choosing the partition, the system installer will prompt the user one more time to check whether or not their chosen configuration is what they really want, allowing the user to double – check their configuration options, as installing the Kali Linux software makes numerous disk changes, and making an error in installation may cost a lot of time and effort to reverse and / or remedy. After the confirmation, the Kali Linux installer will require the user to set a password, which will be required every time that the Kali Linux instance is booted up. Once the password is verified, the user can simply click “continue”.

Once the configuration is confirmed and the password selected, the installer will begin on the partitioned drive, and the result will be a near – complete installation. After this, the network mirrors can be configured by the user, and as Kali makes use of a central repository for the distribution of applications, it is necessary to set the network mirrors. Note that it may be possible that the installer will require the user to enter proxy information in case their network makes use of a proxy.

Some users may have a need of having two operating systems on one device – for example, budget constraints may mean that they can only really afford to have one device, so they need their laptop to be able to multi – task, or perhaps the user simply prefers to have the option of using Kali Linux on their Windows – loaded device. Whatever the reason, Kali Linux can be dual – booted alongside the Windows operating system.

For the purposes of this particular tutorial, we will be assuming that the Windows operating system will be taking up the full capacity of the hard disk drive’s space, and as such, we will teach the reader how to partition the hard disk drive in order to lessen the dedicated size for Windows, enough that the user will be able to boot Kali Linux.

Much like any other Kali Linux installation, the user has to ensure that the system hardware, in addition to having compatible system architecture, should also meet the minimum hardware requirements, which are as follows:

Minimum of 20 gigabytes of free hard disk drive space for Kali Linux’s installation (after re – partition)
Native CD – DVD drive support, or USB boot support

Note that the creation of a dual – boot is not possible using the PXE system, meaning that native CD – DVD drive support or USB boot support is indispensable when creating the dual – boot setup.

In order to create a partition, the installation media should be booted – this means loading the downloaded Kali Linux ISO or booting the Kali Linux Live, whichever is applicable. Booting the medium should result in a window appearing with multiple options, such as “Live (amd64)”, “Graphical Install”, or simply “Install”. The “graphical install” enables a GUI install, and the “install” initiates a text – mode installation process. Once this is loaded and the menu has opened, the “Live” option should be selected. This “Live” option will boot up the Kali Linux desktop and allow the user to access some of the applications and tools.

The tool that we are looking for here is the gparted program. The user should look for and launch the gparted program. Gparted will be the application that we will use in order to re – size and shrink the Windows partition in order to let us install the Kali Linux distribution.

Once the gparted program has launched, there will be options available to the user. There will be a list of partitions, and the user has to select the partition that has Windows loaded on it. Where it is situated on the list will depend on the user’s configuration, but most configurations have it as the second and larger – sized hard disk drive partition. Once the partition containing the Windows boot is selected, simply right – click the partition and select “resize / move” in order to resize the partition in question. Resize it in such a way that there will be at least twenty gigabytes (20 GB) in the “unallocated” portion, as this will be used for the Kali Linux installation further on.

Upon resizing, there should be a button on the application dashboard shaped like a green check – mark, which is an “Apply All Operations” button. Simply click this in order to finalize the partition. Once the partition has been finalized, simply exit the gparted application and reboot the system. This should re – size the hard disk drive and free up enough space for the user to install a fresh version of Kali Linux.

Once the hard disk has already been properly partitioned, simply run / boot the installation media once again and select the install option. Follow the same steps as provided in the section of “Installing Kali Linux on your hard drive” with one key difference, notably the selection of the partition option, which will be shown in the next paragraph.

Before a hacker can hack into a system, he or she must complete certain processes. Some of these are:

1. RECONNAISSANCE

To avoid being hacked, you should keep your private information very secure. The word “reconnaissance” in this context is a means by which the hacker tries to gather all information regarding you (the target) and any weak spots in your system. The hacker uses this step to find as much information as possible about the target.

2. SCANNING AND ENUMERATION

3. GAINING ACCESS

If the hacker was able to complete the two phases above, his/her next stage is to gain access to your system. This stage is where all of the hacker’s fun will begin. He or she will use the weaknesses discovered during the reconnaissance and scanning of your system to break into your connection. The hacker could exploit your local area network, your internet (both online or offline) or your local access to a PC. In the real sense, the moment a hacker breaks into your system or network, the hacker is considered to be the owner of that system. The security breach refers to the stage in which the hacker can use evil techniques to damage your system.

4. MAINTAINING ACCESS

In the previous phase, we said that once a black hat hacker hacks your system, it is no longer yours. In this phase, after the hacker has breached your security access and hacked your system completely, he or she can gain future access to your computer by creating a backdoor. So even if you get access to that computer system or network again, you still can’t be sure you are in total control. The hacker could install some scripts that would allow access to your system even when you think the threat is gone.

5. CLEARING TRACKS

The hacker gained access to your system and at the same time maintained access to that system. What do you think the hacker will do next? The hacker will then clear all of his or her tracks to avoid detection by security personnel or agencies so that he or she can continue using the system. In other cases, the hacker may do this just to prevent legal action against him or her. Today, many security breaches go undetected. There have been cases in which firewalls were circumvented even when vigilant log checking was in place.

By now, you should have some insight into what hacking is all about. Now we will outline the fundamental security guidelines that will protect you, your system and your information from external threats. All of the information we will provide is based on practical methodologies that have been used successfully. These methodologies will help prevent a computer system from being attacked and ravaged by malicious users.

Update Your OS (Operating System)

Operating systems are open to different types of attacks. On a daily basis, new viruses are released; this alone should make you cautious because your operating system might be vulnerable to a new set of threats. This is why the vendors of these operating systems release new updates on a regular basis, so that they can stay ahead of new threats. his will help you improve your security and reduce the risk of your system becoming a host to viruses.

Update Your Software

In the previous section, we talked about the importance of an update. Updated software is equipped with more efficiency and convenience, and even has better built-in security features. Thus, it is imperative that you frequently update your applications, browsers and other programs.

Antivirus

Based on our research, we have seen that some operating systems are open to a lot of attacks, especially Microsoft or Windows platforms. One way you can protect your system from viruses is through an antivirus program. An antivirus program can save you in many ways. There are many antivirus programs (free or paid) that you can install on your system to protect against threats. A malicious hacker can plant a virus on your system through the internet, but with a good antivirus scan, you can see the threat and eliminate it. As with any other software or program, your antivirus software needs frequent updates to be 100 percent effective.

Anti-Spyware

This program is also important, as you don’t want trojan programs on your system. You can get many anti-spyware programs on the internet; just make sure you go for one that has received good ratings.

Go for Macintosh

The Windows operating system is very popular and therefore many hackers and crackers target it. You may have read articles and blogs saying that Macintosh operating systems are less secure; however, Macintosh is immune to many threats that affect Windows. Thus, we urge you to try the Macintosh platform.

Avoid Shady Sites

When you are browsing Facebook, you may come across unknown people who send you messages with links, some in the form of clickbait. Avoid clicking on such links. Also, you must avoid porn sites, or sites that promise you things that are too good to be true. Some of these sites promise you free music when you click on a link, while others offer free money or a movie. These sites are run by malicious hackers who are looking for ways to harm your computer with their malware links. Take note that on some malicious sites, you don’t even have to click on anything to be hacked. A good browser will always inform you of a bad site before it takes you there. Always listen to your browser’s warnings and head back to safety if necessary.

Firewall

If you are a computer specialist working in an organization, you might come across cases in which more than one computer system’s OS is under one network. In situations like these, you must install software that provides a security firewall. The Windows operating system has an inbuilt firewall that you can activate and use directly. This firewall feature comes in different versions of Windows, including Windows XP, Windows Professional, Windows 10 and the other versions.

Spam

You can be hacked from spamming too. Email providers have taken the initiative to classify emails according to a set of parameters. Some emails will be sent directly into the inbox and some will be sent to the spam folder. To be safe, avoid opening emails that look suspicious. Some of them will have attachments that you should not open. Regardless of the security measures taken by email providers, some spam emails will still pass their filters and come straight into your inbox. Avoid opening such emails and do not download the attachments that come with them.

Back-Up Options

Some files will contain confidential information, such as personal files, financial data and work-related documents you cannot afford to lose. You should register with Google Drive, Onedrive and other cloud drive companies so that you can upload your files as a form of backup. You can also purchase an external hard disk and transfer all of your important files to it. Take all these security measures because a single malicious software can scramble your data regardless of the antivirus you have installed. You can’t reverse some actions once they’ve been taken, so always have a backup.

Password

This is the most important aspect of security. The importance of a strong password can never be overstated. Starting from your e-mail, your documents or even a secure server, a good password is the first and last line of defense against external threats. There are two categories of passwords: weak and strong. A weak password is made by using your mobile phone number, your name, a family member’s name or something that can be guessed easily. Avoid using this kind of password, as even an amateur hacker can guess it.

Some people use dates such as their birthday or a special anniversary; however, that is still not safe. When creating a password, take your time and do some basic math because your password must contain both letters and numbers. You can even combine it with special characters. For instance, if your initial password is “jack,” you can make it “J@ck007.” A password like this will be almost impossible to guess even though it’s simple. Furthermore, avoid writing down your passwords. Your password isn’t a file that needs backup; it must be personal to you. Make sure you use a simple password that is very strong. However, keep in mind that a strong password still doesn’t make you completely safe.

At this point, you should have an in-depth idea of what hacking is all about and some guidelines for ensuring the safety of your computer system or network. Following are general tips to follow to avoid becoming a victim of hackers.

· When you log into your email, you should avoid opening emails from unknown sources. Most importantly, do not download any attachments that come with such emails.

· Do not visit unsafe websites. Always visit websites that are secured, such as sites with “https”. Try to only engage in safe browsing.

· Before you install a new program, make sure the program is scanned to ensure it is free of viruses. Then, you want to delete any old installation files because you now have the new installation files. This can save you if a hacker uses those old files as a backdoor.

· Scan your files from time to time. Also make sure that all of the applications on your system are updated frequently to the latest version.

· If you work at home, make sure you are in contact with security professionals or firms that can help you check network loopholes and rectify them as soon as possible.

· Always back up your files. You can use safe cloud drives such as Google Drive or Dropbox. You can also purchase an external drive to keep your important files safe and intact.

· Are you on a social network? Avoid clicking on links sent by people you don’t know. Such tempting messages can be invitations to private chat rooms or promises of money if you click on the links. Avoid them and stay safe.

· As technology is improving, so are software developers. Always make sure you are surfing the internet with a good browser. For instance, some browsers have inbuilt virus or danger detection bots, which will alert you if you are trying to access a web page that is not safe. When you want to download a browser, go for one with better inbuilt security features. The following browsers are recommended:

a) Google Chrome

b) Mozilla Firefox

c) Safari

· Use the features that matter to you when you are connected to the internet with your browser. For instance, if you are not using Java or Active X while you are connected, deactivate them in your browser. Having them connected all the time is not safe.

· Research has shown that the most secure operating systems are Linux and Macintosh. If these two systems meet your needs, it is recommended that you switch to them. They are more secure, as they have had fewer incidences of hacking compared to the popular Windows systems.

Given all these features and modifications made to the Linux Debian system in order to make it useable for security testers and “white hats”, the question now is, what makes Kali Linux the proper tool for a “white hat” hacker? One would think that due to its thorough security features and wide range of capabilities, that anyone would want to use Kali Linux. However, its specialized nature means exactly that; Kali Linux is designed specifically for professionals, for security specialists, penetration testers, and other types of “white hats”. As such, Kali Linux offers little to no utility if the user wishes to have a Linux distribution that is for general – purpose use, or a specialized distribution for development, design, gaming, and Kali Linux is especially not recommended for beginner users of Linux.

Note as well that while Kali Linux is a type of open – source software, it’s not entirely widely open – source, mainly for security reasons. Thus, the development team is kept small, with packages and repositories signed by each team member that uploaded it as well as the team as a whole for verification and security purposes, and the amount of upstream repositories used are kept to a minimum, with as few updates and packages drawn from them as possible, again all in the interest of security. This configuration means that adding new repositories or packages that have not been fully vetted by the Kali Linux team is wont to cause problems and may just break the installation of Kali Linux. Though as discussed earlier, Kali Linux was designed and intended to allow for a very high degree of user customization, the user still has to know what packages and repositories are compatible with Kali Linux, as adding unrelated or unvetted packages or software repositories will still most likely lead to bugs. For example, while Kali Linux has a lot of features, it does not support the apt – add – repository command, PPAs, or Launchpad, showing exactly the intent of the developers. Other unrelated programs such as Steam will also most likely not end well, and the Kali Linux distribution will most likely not work out well if that is the user’s intent.

Even the insertion of some mainstream software packages such as NodeJS can take a bit of effort and know – how, but then, what Linux distribution doesn’t? However, due to the advanced nature of Kali Linux, it would require more than just a basic level of sys – ad competence in order to make proper use of and unlock the full potential of the Kali Linux distribution. This is also another reason why Kali Linux is not recommended for beginners, as the specialized nature means that it is difficult to learn from scratch, and as it is highly specialized, the knowledge that one may pick up from learning Kali Linux may not be applicable to other Linux distributions as a whole.

Last but not least is that due to the fact that Kali Linux was developed as a “white hat” tool, and contains numerous security and penetration testing tools, it may be possible that these tools may be used improperly if the user is not quite familiar with what they are doing. Misuse of these tools, especially on a network where the user was not given express authorization, may result in damage, either to the system or the network, and may also result in numerous consequences, be it personal or legal. Take note that while this is the reason for network services being deactivated by default, if something happens, “not knowing what I did” is not a valid excuse, and an inexperienced user may just find themselves landing in hot water.

However, for professional penetration testers or “white hats”, or even for those who are still studying or practicing with the aim of becoming a professional, Kali Linux has one of the best and most expansive toolkits available, especially at its price point – free.