10.1 Hardware

The choice of hardware for performing penetration testing is between desktop and laptop machines. The dynamic nature of a penetration test makes a desktop system awkward to use, and the limitations of a desktop machine make the test stationary. You would not easily be able to take the machine onto the client's site to perform an internal test or test separate network segments. Ease of movement coupled with the ability to interchange parts (including swappable hard drives, NIC cards, batteries, and so on) make a notebook computer a more flexible hardware platform for penetration testing.

It's important to note that you do not want to use a machine that has critical data or applications on it for penetration testing. Occasionally the use of some penetration-testing tools causes a system crash that could result in lost data or the need to reformat or reinstall your system. A penetration tool kit should be at least a separate hard drive from your production or work system.

While most of the tools we use do not require excessive processing power, brute force and password-cracking programs are specifically limited by the CPU. Using a smaller CPU results in more time spent cracking.

Your network card is your primary conduit to the target system. It is important to have a network interface that can support “promiscuous” mode operations. This allows your system to sniff network traffic and obtain user IDs and passwords. Inexpensive network cards often do not have this feature. Using the ifconfig command in Linux, you should be able to determine whether the card has this capability:

# ifconfig eth0 promisc

This command should put the eth0 card in promiscuous mode.

All of the sniffers we use require the network card to support promiscuous mode. If you find a card that is compatible with a network-based intrusion detection system, you most likely have a card that will go into promiscuous mode. Most networks today are using 10 or 100BaseT Ethernet connections. In some instances you may need more than one network card to access different networks or different segments.

As you use new tools, you'll want to test the software before adding it to your tool kit. A secondary hard drive that can serve as a testing platform is useful for finding out what a program does before using it for production systems. We have found that a program like Tripwire (www.tripwire.com) can be used to create a template of your secondary hard drive before installing a new program. After the installation, you will be able to identify which files have been added or changed. Since many of the new programs you will want to use will not come from commercial vendors, this step provides an added safeguard to ensure the product is touching only the files expected and not installing a virus or Trojan horse.