Boot Matrix: Difference between revisions

From MediaWiki
Jump to navigationJump to search
Line 95: Line 95:
|-
|-


|[[#Inline|Inline]]
|[[#Inline_Tap|Inline Tap]]
|<span style="color:red;">n/a</span>
|<span style="color:red;">n/a</span>
|<span style="color:red;">n/a</span>
|<span style="color:red;">n/a</span>
Line 157: Line 157:
This indicates that the NST system can be run on one system to collect data, then shutdown and booted on another system to use the analysis.
This indicates that the NST system can be run on one system to collect data, then shutdown and booted on another system to use the analysis.


=== Inline ===
=== Inline Tap ===
NST Virtual machines can be run "inline" on the system they are installed on. This means that they can be configured to monitor all of the network traffic of the host operating system as well as other virtual machines running on the system without the addition of any hardware.
NST Virtual machines can be run "inline" on the system they are installed on. This means that they can be configured to monitor all of the network traffic of the host operating system as well as other virtual machines running on the system without the addition of any hardware.

Revision as of 07:47, 30 September 2009

NST Boot Comparison Table

The NST system is capable of being booted in many different ways. The following comparison table shows what features you can expect depending upon how you boot your NST system ("Yes" is used for positive attributes and "No" for negative attributes).


Feature Live Persistent Movable Fixed Virtual Live Virtual Fixed
Device DVD Media
USB Thumb Drive
USB Thumb Drive USB Thumb Drive
Hard disk drive
Hard disk drive NST Virtual Machine (Live Boot) NST Virtual Machine (Full Install)
Install Yes Yes No No Yes No
Updates Limited Limited Yes Yes Limited Yes
Password Retained No Yes Yes Yes No Yes
Wireless Tools Yes Yes Yes Yes No No
Persistence No Yes Yes Yes No Yes
No Overlay Yes No Yes Yes Yes Yes
Compressed FS Yes Yes No No Yes No
System Relocate No Yes Yes No No Yes
Inline Tap n/a n/a n/a n/a Yes Yes

Header Definitions

Live
Booting from ISO image on DVD or USB drive without a persistent overlay.
Persistence
Booting the NST ISO image from a USB drive with a persistent overlay which periodically fills up and must be cleared.
Movable
Full NST hard disk installation to a external drive which can easily moved from system to system.
Fixed
Full NST hard disk installation to permanent internal disk drive.
Virtual Live
Booting the NST ISO image within a virtual environment (such as VMware).
Virtual Install
Full NST hard disk installation running within a virtual environment (such as VMware).

Feature Definitions

The following explains the meaning of the row headers that appear at the left side of each row in the Boot Matrix comparison table.

Device

The device used to boot the NST distribution from.

Install

Able to perform a full hard disk installation after boot.

Updates

Able to fully use the package manager to perform system updates and add additional software packages to the system (ie yum update and yum install). While all NST boot mechanisms support the use of yum, if you are booting a Live NST system (even if using the USB overlay feature), you have to be very careful when managing packages as you will consume resources quickly.

Password Retained

Indicates if the password is remembered between boots (if "No", then you must run the nstpasswd command after each boot).

Wireless Tools

Able to access wireless cards and run wireless tools like Kismet.

Persistence

Able to persist (save information) directly to the NST file system between boots.

No Overlay

This will be "Yes" if you don't have to manage a overlay area. It will be "No" if the persistence mechanism fills and needs to be periodically cleared (reset to the initial system state) at the boot prompt.

Compressed FS

This indicates that the file system is compressed. While a compressed file system may add a bit of additional CPU load, it reduces the storage space requirements and increases the effective throughput on slower I/O devices (like DVD media and USB disks).

System Relocate

This indicates that the NST system can be run on one system to collect data, then shutdown and booted on another system to use the analysis.

Inline Tap

NST Virtual machines can be run "inline" on the system they are installed on. This means that they can be configured to monitor all of the network traffic of the host operating system as well as other virtual machines running on the system without the addition of any hardware.