Penetration Testing mailing list archives
RE: Laptop Considerations
From: Omar Herrera <oherrera () prodigy net mx>
Date: Sun, 12 Dec 2004 22:59:47 -0600
My recommendations below...
-----Original Message----- From: David Bouchard [mailto:lists () tigercomputersolutions com] Sent: Saturday, December 11, 2004 9:47 PM To: pen-test () securityfocus com Subject: Laptop Considerations I am about to be purchasing a laptop and I was wanting the advice of the list. I know this can be a very personal topic for some people, but I have to throw it out there anyway. Here's my situation...I'm about to be attending a degree program in Information Assurance and Forensics. I also have my own business doing a variety of things computer related. At some point I would like to delve more heavily into vulnerability assesment, penetration testing, and possibly forensics. I'm looking for a laptop that will be flexible enough to meet all these needs. This is what my immediate plans for the laptop are: for my business, I need to have some of the basic MS Office suite on it, as well as MS Publisher. I plan on making it into a dual-boot machine with some flavor of linux. I don't care to use a live linux CD because I want to be able to store logs, settings, and other data onto the drive, and I hope to eventually use linux for everything except the MS stuff that I have to use on occasion for my business. ... What I'm looking at right now is the Dell Latitude D600. I've supported and purchased a lot of Dell desktop computers and have been very happy with them and I have run Knoppix-STD on a Dell laptop and everything ran well. The D600 has the ports I'd like. Any thoughts or recommendations? Any capibilities that you think I've missed?
* It is better to have a complete installation of some Linux distribution on your hard disk. I like live distributions for Linux such as Knoppix, I even use them to teach information security, but for vulnerability assessment and forensics it is much better to have a dual boot system with Windows and Linux installed. Virtual machines might work, other people have succeeded to run most tests on them but you have to consider that you won't have native support of hardware so certain functions such as network traffic creation/mangling might not work as expected. * If you buy the MS Windows from your laptop provider, make sure they provide you with a disc set of the original installation. Many vendors ship only a customized distribution of the discs that are actually a hard drive image of base installation. Reinstalling from these discs usually means wiping all partitions (not good if you have another O.S. partition already in place). * If wireless card is already included, make sure your chipset is supported and it has the capabilities you want (in case you will make vulnerability assessments on wireless networks or you think you will need wireless access for information transfer during forensics). For example, Orinoco and Prism chipsets have important differences, and not all applications work with all chipsets. Of course, make sure it has also some sort of network card for cable connections. * Make sure the machine has a good amount of ports (typically you will have one firewire and at leas two USB 2.0). For forensics you will do well to consider an external hard disk (100GB or +, usb2/firewire), even with laptops with 80 or 100GB internal HD you will find out that you need more hard disk space; it is a critical resource for forensics. You will also find the extra ports useful for connecting two machines p2p with usb, an external mouse or a small usb stick hard disk. * Desirable accessories: floppy disk drive and CDR-RW. The reason is that with forensics you usually don't know how you will access the machine to be analyzed. Ideally you would have a turned off machine with the possibility to remove the hard drive, mount it read-only on another machine, make a copy of the disk image, fill chain of custody forms, blah, blah, blah. In real life you will have several cases where you cannot even turn off the machine, because it is a critical production server. Anyway, if it were a case where the police needs to be involved and you have to follow detailed procedures carefully to be able to make your case in court, a laptop will not suffice; you will require specialized hardware and software. Yet most of the time we do forensics just for an internal investigation, so you will need to have several options to access the machine and transfer files or disk images for analysis. Booting from floppy disks, CDR and even usb portable disks (on some computers are options to access computers. You need the proper drives on your laptop to prepare boot disks and toolsets (when doing live forensics, where you would typically include trusted versions of useful O.S. commands). * Processor is not too critical for vuln. Assessment or forensics (unless you do special things such as image processing and statistical analysis), almost any Pentium/AMD processor over 1Ghz will do it. Memory on the other hand is more important since several forensics and vuln. assessment tools use a lot of RAM (you might want to run a sniffer during all network vulnerability assessments, for example). Make sure you have at least 512 MB ram on your laptop. Video is usually not important for these two activities but take into account that several models of video cards (particularly from ATI) make use of the system main memory. The laptop you mention doesn't look like a bad option, I would argue only against depending on Knoppix-std (it is quite limited for vuln. assessment, for example, if you want to run a web proxy for protocol analysis/mangling like Paros, you have to download a full version of the JRE to make it work, which of course requires a lot of memory). I'm also not sure if Dell provides standard installation disks of Windows. Best regards, Omar Herrera
Current thread:
- Article Announcement - Demystifying Penetration Testing Debasis Mohanty (Dec 10)
- Fwd: Article Announcement - Demystifying Penetration Testing Jeffrey Denton (Dec 12)
- Re: Fwd: Article Announcement - Demystifying Penetration Testing Michael Puchol (Dec 13)
- RE: Fwd: Article Announcement - Demystifying Penetration Testing Vic N (Dec 14)
- RE: Article Announcement - Demystifying Penetration Testing Debasis Mohanty (Dec 15)
- Laptop Considerations David Bouchard (Dec 12)
- Re: Laptop Considerations calvin maready (Dec 13)
- Re: Laptop Considerations Michael Puchol (Dec 13)
- RE: Laptop Considerations Omar Herrera (Dec 13)
- RE: [in] Laptop Considerations Curt Purdy (Dec 13)
- Re: Laptop Considerations Volker Kindermann (Dec 14)
- <Possible follow-ups>
- Re: Fwd: Article Announcement - Demystifying Penetration Testing miguel . dilaj (Dec 13)
- RE: Fwd: Article Announcement - Demystifying Penetration Testing Christopher Adickes (Dec 13)
- Fwd: Article Announcement - Demystifying Penetration Testing Jeffrey Denton (Dec 12)