Hi everyone,

I am here to pose a high level question, on the usage of Kali Linux. So no heavy technical jargon here, but just a hypothical question on security.

Given that Kali is designed to be offensive security distro, would the presence of such host in a network infrastructure be a security issue to the whole infra?

I have some knowledge of network security, so I'm coming from the point of view where if you have a nuclear arsenal within your base, how easy could a hacker use that against your own infrastructure?

In short, should it be advised, not to have Kali VMs lying around?

I guess the answer would be to ensure no security vulnerabilities and compliance is violated with the inclusion of such VMs, but wouldn't blacklisting ports and applications on Kali render its purpose useless?

Just want to hear a bit of opinions and perhaps some technical advices on this.

Let me know your thoughts (non fiery emotional ones please).

Black hat hackers
Grey hat hackers
White hat hackers
All use the same tools to acomplish their deeds to a network. So yes.

Thanks for the reply.

So you given that you are in charge of a network infrastructure, you wouldn't allow such VMs to reside?

Hope everyone can see that I'm not trying to be against Kali, I'm trying to see any reasoning or mitigations one can put, if Kali is in place.

Thanks for the reply.

So you given that you are in charge of a network infrastructure, you wouldn't allow such VMs to reside?

Hope everyone can see that I'm not trying to be against Kali, I'm trying to see any reasoning or mitigations one can put, if Kali is in place.

Not as a normal os atleast.

how easy could a hacker use that against your own infrastructure?

As easy as he could use Ubuntu, Debian etc.? Be careful with admin rights and use strong passwords.

If your infrastructure isn't secure it's not because of kali, I guess. But I'm not skilled at all.

Edit: I guess I misunderstood the question. If 'lying around' means for anybody's use than it's not recommended ;-)

If you are using Kali (or any offensive security tools, for that matter), my view is that they should be vetted and ok-ed by your management. For example, before I do any security work, I always notify the appropriate people.

As easy as he could use Ubuntu, Debian etc.? Be careful with admin rights and use strong passwords.

If your infrastructure isn't secure it's not because of kali, I guess. But I'm not skilled at all.

Or windows or macOS , also agrree with grid about permission. Kali has some strong tools in its toolbox.

Hi Jjacec,

So, sincerely have Kali in or network does not make any difference, all the tools running in Kali can be installed in other distros, also most of the tools have an equivalent in Windows. In others words, if you allow the person to install any other O.S your network is in risk already, as I told you including Windows.

If the attacker is an experienced guy does not matter which one O.S he will run, the tools still available. Of course, it will be one more step, but for sure not a roadblock to perform the attack.

Indeed, this is a security risk.

Therefore, you need to put mitigation measures (controls) in place. The most obvious control that comes to mind is network segregation : place your offensive tools in a specific network segment and control who can access this segment (your pen-testers) and what it can target (your customers, after they have signed the rules of engagement). Strong passwords for your kali box is another control.

Your mileage may vary : depending on your environment, you can find other controls to put in place. Or you can accept the risk without mitigations ... in risk management, that's always an option (even if it's often a suicidal one).

TLC