Hi, and welcome to CloudAcademy.com's video series on Site Security and particularly security for Amazon Web Services instances. In this video, we're going to talk about actively testing for site vulnerabilities or as it's called, "penetration testing." It turns out there's a Linux distribution that purpose built for this function. It's called Kali Linux and it comes pre-installed with software like Nmap which is a port scanner, Wireshark which is a packet analyzer and Aircrack-ng for testing wireless networks. Let's launch an instance of Kali Linux. To do that we click on launch instance. And you're not going to find it in the regular selection of instances. It's not quite that popular. However you can get it from Amazon AWS marketplace by searching. Let's search marketplace products for Kali. And we see that Kali Linux is available. It's free. Well it's free tier eligible I should say. In other words, you can use it if you want to and if you need to on the lowest powered Amazon instances. But it itself is available for free there's no charge from Kali Linux for using this installation beyond any time charges that Amazon charges you. Click on "select," and "Continue." In our case, we're going to go with a micro instance normally not recommended because it is rather under-powered. But for our purposes that's everything we need. The one detail I might point out is that Kali Linux comes with it's own security group configuration. And that basically leaves only SSH open and nothing but SSH. You can edit that, you can choose your own, but we'll stick with Kali Linux's own default configuration. We'll review launch, click "next" and launch. We'll in our case use an existing key pair. I first have to acknowledge that I have access to the selected private key file in fact I do. And Kali Linux appears to be up and running. We log into Kali via SSH using the username Kali, not the username Ubuntu, or username Root, or any other username. But Kali by definition and by default will answer to the username Kali.

Now the AWS version of Kali is actually a very minimal installation, and doesn't include a lot of the basic software we're going to need. So let's install Nmap right now. To do that we will, because Kali is part of the Debian family, run apt-get update to update the information this installation has of all the repository packages available to it. And then sudo apt-get install nmap. Now that everything's installed we can run a trial test using "nmap -a," which will enable operating system and version detection, script scanning, trace route, and -T4 which apparently makes things run faster, and then the name of a domain we'd like to test. In our case, we're going with scanme .nmap.org, which is a site that the Nmap developers themselves have made available to test your installation. Hit "Enter" and wait a bit. This could actually take some time we'll skip the waiting in this video. And we now see that Nmap has reported to us this site is up. It has port 22 TCP which is of course SSH open and listening. It tells us that port 80 is open and listening and using the Apache web server. This is of course as you know port 80 is the port that most browsers will use to access data from a website.

And it tells us that port 9929 is open using TCP. This information can be extremely useful to us especially if we see there's a port open and a service available that we're not familiar with. If we didn't open the port and we didn't create this service and make it consciously available to outside users then it could be that it's been left open inadvertently or it's been opened by someone out to get into our system illegally. Being aware of what's available and what's open is a very, very important step in securing our website. I should point out that penetration testing looks and feels to the object of the test like an attack. The same tools that we can use to test the vulnerability of our system are also used by malicious hackers to break into our system. So as far as Amazon is concerned what's coming, the port tests coming at our instance could be just our own tests or it could also be a malicious attack. Therefore, in order that there shouldn't be any confusion Amazon requires that you actively request permission before beginning penetration testing. Within a day or two, Amazon says they will provide you with a limited time, a window within which you can do your penetration testing and it won't trigger any alarms. Once that window's closed, you shouldn't be doing it and if anybody is launching tests against your instance that will again be interpreted as an attack.