X hits on this document

126 views

0 shares

0 downloads

0 comments

42 / 47

Orion Incident Response Live CD 4

14. Tested Configurations

So far Orion has

been tested using the following hardware and installation configurations.

Hardware

Installation Type

Recom- mended?

Notes

Dell D630

Dell D630

Dell D630

Dell E6400

Dell E6400

Macbook Pro 13” Macbook Pro 13”

Live CD on bare hardware Live CD in VMware from .iso Installed on hard drive Live CD boot direct on bare metal Installed on hard drive Live CD in VMWare

direct from DVD Live CD from .iso in VMWare

No

Yes

Yes

No

Yes

No

Yes

Slow due to DVD access. Good graphics support. Live CD using ISO is much faster

Fast. Good graphics support.

Slow. Poor graphics support.

Fast, but poor graphics support.

Heavy access of DVD

15.

Future Work

Orion contains a significant number of scripts, tools, and incident response capabilities, it really only scratches the surface of the author’s vision for it. There are many ideas that have not been implemented in the current version of Orion (Alpha). Examples of features being researched for future versions of Orion include:

  • More sophisticated tunneling techniques such as Miredo (IPv6)

  • More sophisticated awareness and containment capabilities, such as:

    • o

      Deployment of honey tokens for detection

      • o

        BotHunter or similar botnet detection tools

      • o

        OSSEC to supplement local defenses

  • Significantly more analysis and visualization tools

  • Virtualization platform that can be redistributed

  • Videos, tutorials, and other Quick Start documentation

John Jarocki, john.jarocki@gmail.com

Document info
Document views126
Page views127
Page last viewedSun Dec 04 06:35:55 UTC 2016
Pages47
Paragraphs864
Words8806

Comments