Is a laptop necessary?

mitchmcse

Is it necessary to have a laptop to pass the CEH exam? Or will it work just to run everything from a desktop maching to learn on?

ja5983

not for the exam.. tools will run on any PC..

but if you are actually going to do something with your knowledge eg. pen testing. then a laptop is a good idea...

keatron

Yes a laptop will become a must if you actually start doing some pentesting. Also start learning Linux. And do download the latest version of Nmap, Fyodor has really beefed it up with about features. Nmap is a C|EH favorite, and you will probably have several questions on Nmap command line switches and options.

mitchmcse

Thanks for the replies. I do know Linux. I will probably go ahead and get a Thinkpad T60. My boss is going to send me to the IBM ethical hacker class next year which requires a Thinkpad T series with both xp or 2000 loaded and gentoo.

keatron

Yeah, well though some of the tools will run on windows, they run better on linux. To be honest with you most win32 ports of popular Linux tools (such as Nmap) are done somewhat half heartedly and it shows in the functionality and how well it runs. I've not heard much about IBM's ethical hacker training. Make sure you come back and let us know how it was.

mitchmcse

Yeah, most people do not know of the IBM course since only IBM employees can take it. Basically, most of the IBM employees who are ethical hackers have taken that course and are IBM certified. As soon as I get my corporate charge card renewed I am ordering the CEH courseware since they are paying for it. Also, it has been a long process of deciding which laptop to get. Finally settled on the Thinkpad since they are known to support linux well. Might as well get one of the core duo ones and I will make sure I order one with the atheros chipset so that it will be more linux friendly,.

keatron

I have an M20 running redhat, and have had no problems out of it (i've had it for 2 years now)

nawabrulzz

No need for a laptop.. unless u are filthy rich..

JDMurray

nawabrulzz wrote:

No need for a laptop.. unless u are filthy rich..

I bought a nice, older Dell laptop (C810) with Windows XP Pro pre-installed off eBay for $300US--and I'm not "filthy" at all.

Webmaster

jdmurray wrote:

nawabrulzz wrote:

No need for a laptop.. unless u are filthy rich..

I bought a nice, older Dell laptop (C810) with Windows XP Pro pre-installed off eBay for $300US--and I'm not "filthy" at all.

Got mine from ebay too, $500 for a HP business notebook (nc6000). Great stuff, better, faster, and cheaper than any new PC I bought in the past, and that includes my first 286 PC almost 20 years ago. I've seen suitable 1ghz+ laptops for less than $300 so costs is no loger a valid excuse to deny yourself the luxury of a laptop.

But as Keatron said "Yes a laptop will become a must if you actually start doing some pentesting."

KGhaleon

I've also been hearing about people who use PDAs for their Pentesting work, which would be better due to their size.

KG

Webmaster

I think there are many situation where the 'size' characteristic of a PDA makes it 'less' suitable, considering the size still means it's relatively slower and has less storage than a regular PC. They seem to be popular for site surveys of wireless networks, but cracking a WEP key (for example) would take a lot longer on a PDA than on a P4 pentium for example. Regular Windows and Linux laptops also have a much larger variety of supported tools than handhelds have. If you want a complete toolkit, you probably want both. More expensive, but once you actually work as a pentester you don't want and usually don't have to save money on 'tools'.

keatron

I use a PDA/PPC 6700 mostly for recon. I rarely ever crack anything or try to break into anything with the PDA. I have a few 2gb cards that I keep with me to make sure I don't run out of space when collecting data. Since I've switched to a blackberry for actual communications needs, my PPC is devoted 100% to this activity. I've even been known to leave it hidden in some places for a couple of hours (in some cases days) to quietly collect information about a targets traffic patterns and protocol usage.

The fact of the matter is often times I'll need to install an entire suite of software, or a database engine, which can rarely be done on a PDA. For example, I recently had a Oracle 9i infrastructure as a target. I didn't know much about the security of Oracle at the time, so I had to quickly get it installed on my laptop, contact some people I knew that are experts in Oracle, and try some exploits against it. Eventually I found a few successful exploits. This all happened within a 24 hour time frame. This is one reason you need a laptop, and it's a case where a PDA just wont do.

So I would say one doesn't replace the other. Look at them as two tools where one might be a better choice in a given instance. Also I would class a PDA as a recon tool, since you would rarely actually "hack" anything with it.