Documentation< Previous | Contents | Next >
7.2.2. On a Laptop
The laptop of a penetration tester is not subject to the same risks as a public server: for instance, you are less likely to be subject to random scans from script kiddies and even when you are, you probably won’t have any network services enabled.
Real risk often arises when you travel from one customer to the next. For example, your laptop could be stolen while traveling or seized by customs. That is why you most likely want to use full disk encryption (see section 4.2.2, “Installation on a Fully Encrypted File System” [page 85]) and possibly also setup the “nuke” feature (see “Adding a Nuke Password for Extra Safety” [page 246]): the data that you have collected during your engagements are confidential and require the utmost protection.
You may also need firewall rules (see section 7.4, “Firewall or Packet Filtering” [page 153]) but not for the same purpose as on the server. You might want to forbid all outbound traffic except the traffic generated by your VPN access. This is meant as a safety net, so that when the VPN is down, you immediately notice it (instead of falling back to the local network access). That way, you do not divulge the IP addresses of your customers when you browse the web or do other online activities. In addition, if you are performing a local internal engagement, it is best to remain in control of all of your activity to reduce the noise you create on the network, which can alert the customer and their defense systems.