As cybersecurity analysts, you may come into contact with different operating systems. Worse still, you may not have a choice in the matter. As security analysts, we need to be at least comfortable, if not adept, in any OS we find ourselves in.
In general, we can think of three operating systems as a start, to keep things simple:
Each of them has their advantages and disadvantages. Let’s talk about them in turn:
The Linux-based operating system family is maybe the largest and most varied of them all. While Windows and MacOS are developed and maintained by a single company, Linux is generally maintained by the community. If you have a specific use-case, chances are Linux has an OS specified for that use.
Luckily for us, operating systems are often “something-based”. Sure, we could make an OS from scratch, but oftentimes, it is easier to just take one of the well-known distributions (or distros) and tune, add/remove packages or modify the existing distro to fit our needs.
Best part of Linux: You can change anything. If you don’t want to use a certain program, you can delete it. If you want a light distro to run on an old laptop, Linux has your back. If you have a giant powerhouse of a computer, Linux can run on it. Servers, fridges, washing machines, routers, all of these mostly run on some version of Linux.
I may not do justice to certain systems, since I am mostly a Debian user, but feel free to experiment. Once you learn one, you are over halfway there. The systems control similarly, the difference to users is mostly in package management.
This is the one I am personally most acquainted with. Debian is an old, sometimes too old, Linux distribution. The packages are shared using .deb files. One of the best-known distros based on Debian is Ubuntu. Distros created by modifying Debian are known as “Debian-based,” distros based on Ubuntu are known as “Ubuntu-based.”
The package management Debian uses is apt (you install/remove packages using the command “apt install/apt remove”).
Some distros are made with security, incident response, or privacy in mind. Here is a short list:
- Kali Linux: A pentesting-focused distro
- ParrotOS: A different pentesting distro
- Tails: A distro focused on privacy (used to be run as a liveCD, more on that later)
Fedora is a different Linux system from Debian, but still easy enough to get used to. Compared to a Debian-based OS, Fedora and its offshoots rely on RPM for package management.
An OS you may come into contact with is RedHat, which is the enterprise version of Fedora. While the systems are very similar, the support features make it worth it for many companies to purchase RedHat licenses for their work machines.
Some specific security distros:
- QubesOS: This distro is a security distro implementing a “security by isolation.” Basically, it runs different programs in different containers, in which one program has no way to contact a different one.
The ArchLinux OS is another choice you may get into. A lightweight, flexible Linux distro, it puts emphasis on variability and modifications than others. Basic Arch Linux is very light.
Arch Linux uses pacman for package management.
Notable security distro:
- BlackArch: A well-rounded security distribution based on Arch Linux
Gentoo is a system that you cannot just install on a LiveCD. The meme “install gentoo” is quite telling of the complexity of Gentoo as an installation method. You may want to skip this one, since it finds more use in personal setups than server or enterprise use.
Notable security distro:
As mentioned above, there are numerous other distros and distribution families that you can explore, but Debian/Ubuntu are your best bet to learn navigation and maintenance in Linux.
Following this topic, I will do my best to explain how to set up a home lab.
Chances are you came into contact with Windows at least once in your life. From personal computers to ATMs, Windows is the usual OS installed on many systems. Its market share in personal computers and enterprise networks alike is huge, which means learning to use Windows is important for blue team as well as red team.
Apart from GUI, there is Powershell. While it may not seem as useful as Bash or ZSH in Linux, Powershell has come a long way from its infancy. Prepare for long commands, but persevere. If you can navigate and control a Windows system from the command-line, you can be faster and better (not to mention more deadly in pentesting).
Windows can be a chapter in and of itself at some point, but for now, suffice it to say that Powershell navigation will do you a world of good.
Other topics to consider:
- Powershell scripting
Keep in mind, Windows currently supports WSL: Windows Subsystem for Linux. These are basically virtual Linux distros which share resources with the host operating system. However, for testing and security work, you may want to have something as isolated as possible, i.e. a virtual machine with no ties to the host system.
Another popular OS choice, Apple’s OS has not got as much market penetration as Windows or Linux in the enterprise. However, if it exists, we might want to know about it, as users and as defenders.
MacOS is closer to Linux than to Windows, since its terminal uses a UNIX-style terminal. From here, we can set up brew to install packages from the command line. Bash or ZSH is something you will be familiar with once you learn to use Linux, so there is not much of a learning curve.
You can still test any distro you want in a safe and secure manner. One of these is a VM (virtual machine). I will put out a post soon on VM management, don’t you worry!
This is a very short intro into what operating systems there are, and by no means exhaustive. I just want you to keep this in mind when we move to other topics, so that when I mention Linux, you know what we’re talking about. There will be loads more coming in the future on Linux and Windows, MacOS, too!
- Linux distribution
- Windows Powershell
- MacOS terminal
- Bash shell
- Command line navigation + OS OF YOUR CHOICE