1 |
7v5w7go9ub0o wrote: |
2 |
> Romain BERGE wrote: |
3 |
>> Hey list, |
4 |
>> |
5 |
>> I am planning buying a laptop. I would like to install a hardened |
6 |
>> (workstation) profile on it. |
7 |
>> |
8 |
>> Which hardware features/components should I take care of ? (to be the |
9 |
>> most compatible with hardened) In the opposite, are there some |
10 |
>> hardware components/brand to avoid ? |
11 |
>> |
12 |
>> Thanks |
13 |
>> |
14 |
>> |
15 |
> |
16 |
> Went through a similar exercise a few years ago; concluded that one: |
17 |
> |
18 |
> - first chooses the laptop that meets his needs (I wanted a 2 pounder |
19 |
> with good screen and graphics to carry about in a back pack, with |
20 |
> frequent stops at hotspots) |
21 |
> |
22 |
> - second googles about for linux success/failure stories about that |
23 |
> laptop. Gentoo has some great documentation and explanations concerning |
24 |
> Linux; Ubuntu has some great user lists regarding specific hardware. My |
25 |
> Sony was 95% Linux good to go, with detailed Ubuntu discussions about |
26 |
> xorg.conf. |
27 |
> |
28 |
> - third if it works on Linux, it'll likely work for hardened. (this was |
29 |
> true for 32bit on my laptop; 64 may be different; I'll know shortly ) |
30 |
> |
31 |
> FWIW, IMHO a hardened profile, along with other precautions, makes a |
32 |
> lot of sense on a laptop as there is all sorts of mischief occurring at |
33 |
> anonymous, college and Saturday-afternoon hotspots - some of it quite |
34 |
> sophisticated due to "pen test" software. It's a wild west that you'll |
35 |
> not experience on your firewalled desktop. |
36 |
> |
37 |
Just a side comment on this... I have scripts that figure out where the |
38 |
heck I am when networking comes up, and based on that decide what, if |
39 |
any, service(s) to bring up. When the current network is on "other", NO |
40 |
services are started at all - even X is started with "-tcp nolisten" so |
41 |
there are no open ports. Scratch that - dnsmasq is listening on |
42 |
loopback, but that's it. |
43 |
|
44 |
Maybe it's not all that's necessary, but it's a good first line of defense. |
45 |
|
46 |
Dale Pontius |