As the SecurityDistro team adds live security distributions to our list, we like to take things one step further and get to know the developers behind the distribution. This gives us insight into what they see coming in the months ahead and a little information on themselves.
Who should use your distribution?
Packet monkey, network security analyst, network engineer, network administrator, networking student, or whoever feels like it. If you are involved in network security operation, you will definitely find it useful.
What is one thing you would like your distribution to have or do that no other distribution does?
We have new and unique wallpapers and fluxbox styles for each release, thanks to our decent graphic designer(Vickson) and tenner for it. No kidding, you have almost all libpcap based tools in single liveCD and a well designed environment to work with network traffic analysis.
Why did you decide to make your own live security distribution?
I started it with Kevin during the time I worked as network security analyst. My day to day operation involves packet examination and network traffic analysis. I use Network Security Monitoring(NSM) concept to achieve my objective(Thanks to Richard Bejtlich), the problem I have encountered is I always need different tools for different kind of analysis and I have to install them if it is not available in my system and this is really troublesome. At last I raised the idea to Kevin to create this "Network Security Monitoring & Network Based Forensics LiveCD". Or to put it more simply, I can't find any other distros that can fulfill my need.
How many man hours go into each release?
I can't tell, the first release takes us about 6 months(not really 6 months as we are using our free hours to do it) and we have only two people working on it. Then the minor version release becomes rather easy once we have first version done, and luckily we have more developers joining us(guti, jj, hinman, mel and etc).
What is your favorite *nix distribution and why?
I don't have very specific *nix distribution that I like. To me there's no point to develop a well rounded or general distro because people have already done it very well(Ubuntu, opensuse, fedora). I would say that I like the distros that serve very specific purposes instead. For example, backtrack for hacking/pentesting, owasp liveCD for application hacking, helix liveCD for digital forensics and so forth.
How do you see live security distributions evolving over the next few years?
With the maturity of operating system and file system development itself, it becomes more and more easy to create security distribution yourself, so there are more and more security distributions that pop up. At the same time, continuity is a big question you need to answer. There are many security distros that come and go, I think lack of finance (money) and interest (community) support will definitely bring security distros down. On the other hand, the evolution is pretty straightforward, it helps security professional to perform their task efficiently.
What is the biggest upgrade/addition that is planned for your distribution?
We are heading into the development of HeX 2.0 now. I call it HeX System as it is not only running as liveCD but also can be installed to the hard disk. The idea behind the HeX System is to become de facto workstation for network security analyst. We plan to include more network packet analysis utilities, more analysis scripts that written by our members and also security rss feeds into liferea so network security analyst can keep up with the threat landscape. NSM Console that written by Lee Hinman is worth mentioning here because it is the main framework for the HeX system which can assist analyst in completing their tasks. Before I forget, we will be using FreeBSD 7 for this release and unionfs(it's only stable now in FreeBSD).