Boot Matrix: Difference between revisions
Line 95: | Line 95: | ||
|- | |- | ||
|[[# | |[[#Inline_Tap|Inline Tap]] | ||
|<span style="color:red;">n/a</span> | |<span style="color:red;">n/a</span> | ||
|<span style="color:red;">n/a</span> | |<span style="color:red;">n/a</span> | ||
Line 157: | Line 157: | ||
This indicates that the NST system can be run on one system to collect data, then shutdown and booted on another system to use the analysis. | This indicates that the NST system can be run on one system to collect data, then shutdown and booted on another system to use the analysis. | ||
=== Inline === | === Inline Tap === | ||
NST Virtual machines can be run "inline" on the system they are installed on. This means that they can be configured to monitor all of the network traffic of the host operating system as well as other virtual machines running on the system without the addition of any hardware. | NST Virtual machines can be run "inline" on the system they are installed on. This means that they can be configured to monitor all of the network traffic of the host operating system as well as other virtual machines running on the system without the addition of any hardware. |
Revision as of 07:47, 30 September 2009
NST Boot Comparison Table
The NST system is capable of being booted in many different ways. The following comparison table shows what features you can expect depending upon how you boot your NST system ("Yes" is used for positive attributes and "No" for negative attributes).
Feature | Live | Persistent | Movable | Fixed | Virtual Live | Virtual Fixed |
---|---|---|---|---|---|---|
Device | ||||||
Install | Yes | Yes | No | No | Yes | No |
Updates | Limited | Limited | Yes | Yes | Limited | Yes |
Password Retained | No | Yes | Yes | Yes | No | Yes |
Wireless Tools | Yes | Yes | Yes | Yes | No | No |
Persistence | No | Yes | Yes | Yes | No | Yes |
No Overlay | Yes | No | Yes | Yes | Yes | Yes |
Compressed FS | Yes | Yes | No | No | Yes | No |
System Relocate | No | Yes | Yes | No | No | Yes |
Inline Tap | n/a | n/a | n/a | n/a | Yes | Yes |
Header Definitions
- Live
- Booting from ISO image on DVD or USB drive without a persistent overlay.
- Persistence
- Booting the NST ISO image from a USB drive with a persistent overlay which periodically fills up and must be cleared.
- Movable
- Full NST hard disk installation to a external drive which can easily moved from system to system.
- Fixed
- Full NST hard disk installation to permanent internal disk drive.
- Virtual Live
- Booting the NST ISO image within a virtual environment (such as VMware).
- Virtual Install
- Full NST hard disk installation running within a virtual environment (such as VMware).
Feature Definitions
The following explains the meaning of the row headers that appear at the left side of each row in the Boot Matrix comparison table.
Device
The device used to boot the NST distribution from.
Install
Able to perform a full hard disk installation after boot.
Updates
Able to fully use the package manager to perform system updates and add additional software packages to the system (ie yum update and yum install). While all NST boot mechanisms support the use of yum, if you are booting a Live NST system (even if using the USB overlay feature), you have to be very careful when managing packages as you will consume resources quickly.
Password Retained
Indicates if the password is remembered between boots (if "No", then you must run the nstpasswd command after each boot).
Wireless Tools
Able to access wireless cards and run wireless tools like Kismet.
Persistence
Able to persist (save information) directly to the NST file system between boots.
No Overlay
This will be "Yes" if you don't have to manage a overlay area. It will be "No" if the persistence mechanism fills and needs to be periodically cleared (reset to the initial system state) at the boot prompt.
Compressed FS
This indicates that the file system is compressed. While a compressed file system may add a bit of additional CPU load, it reduces the storage space requirements and increases the effective throughput on slower I/O devices (like DVD media and USB disks).
System Relocate
This indicates that the NST system can be run on one system to collect data, then shutdown and booted on another system to use the analysis.
Inline Tap
NST Virtual machines can be run "inline" on the system they are installed on. This means that they can be configured to monitor all of the network traffic of the host operating system as well as other virtual machines running on the system without the addition of any hardware.