Build a Portable Security Tool with the ASUS Eee PC and Ubuntu

By Paul Rubens | Nov 29, 2007 | Print this Page
http://www.enterprisenetworkingplanet.com/netsysm/article.php/3713806/Build-a-Portable-Security-Tool-with-the-ASUS-Eee-PC-and-Ubuntu.htm

The Eee PC from ASUS has a secret.

In case you haven't heard of it, the Eee PC is a dinky mini-laptop, about the size of a large paperback book, which comes in six colors including pink and pastel green. Aimed at the casual computer user, it's got a friendly interface and is just fab for visiting Facebook or sending a couple of emails. At just $399 it's an absolute steal and a great gift for a non computer-savvy friend.

Its secret is that it's also an ideal machine to turn into a multi-purpose portable security device. Strip off the easy-to-use software it comes with and put on a suitable Linux distribution, and you're ready to load it up with password crackers, port mappers and pen testing tools and stash it in your jacket pocket. At under 2 pounds, you'll hardly notice you're carrying it, yet whip it out, crack it open and fire it up and you're ready to audit your network wherever you are. Add a VNC, rdp or ssh client and you can also use it as a terminal to keep an eye on your servers and user desktops when you're out and about.

The Eee PC on the other hand, is a perfect compromise of convenience and portability. Its keyboard is less than full-sized but perfectly usable to all but the largest of hands, and it features both wired and wireless Ethernet, 3USB ports, a 4 gig hard drive and 512MB memory, and an MMC/SD expansion slot as well. To load an alternative OS you can plug in a USB CD player if you have one lying around, or run a Live linux distribution from a USB stick.True, you could do this with a laptop, but the Eee PC is far lighter and more convenient to carry around, and with a solid state hard disk it's also arguably more rugged. (If you're really after small then you could also use a Linux tablet like the Nokia N800 or the new 810, but the N800 is fiddly to use as it lacks a keyboard, and the screen is too small on both devices for prolonged use.)

So how do you turn the Eee PC into a security auditing device? The obvious distribution to use is BackTrack 2, arguable the finest set of security tools out there. The problem with BackTrack on the Eee PC is that it doesn't detect either the wired or wireless Ethernet adapters "out of the box". It's probably possible to get the wired adapter working with some coaxing, but the wireless chip is an Atheros AR5BXB63, for which there is as yet no Madwifi Linux driver. Again there are workarounds, but there are better paths to go down.

Just Add Ubuntu

An easier distribution to put on an Eee PC is Ubuntu – especially if you don't have a USB CD drive. That's because you can easily make an installer USB stick for Ubuntu, and install the OS onto the Eee PC's hard drive from that. The wired adapter works straight away with the installer, making installation and adding packages simple, and the wireless adapter can easily be coaxed in to life using the Windows XP driver supplied by ASUS.

To install Ubuntu onto the Eee PC if you don't have access to a USB CD drive, insert a USB stick (at least 1Gb) in another Linux machine and figure out where it is mounted using fdisk –l

Let's assume it's at /dev/sda1

As root, format the stick with mkfs.vfat –F 32 –n ubuntu /dev/sda1

Then download an Ubuntu boot image to your desktop and extract it to your USB stick with zcat boot.img.gz > /dev/sda1

Finally, make it bootable using syslinux /dev/sda1.

That's pretty much all you need to do. Now plug the stick into your Eee PC and follow the instructions – it'll take an hour or so, but eventually you'll have a fully working Ubuntu installation. One word of advice – opting for the manual installation option allows you choose to make the entire Eee PC hard drive an ext2 partition with no swap partition. This is sensible because a flash-based hard drive can only be written to a limited number of times, and a journaled ext3file system, or a swap partition, could cause the flash memory to be worn out very rapidly indeed.

Fire It Up, Make Wireless Work

Once you're booted into Ubuntu, you'll notice that the wireless card doesn't work, but you can bring it up using the Linux ndiswrapper utility.

First you'll need to copy the Windows XP .inf and .sys driver files for the wireless card from the ASUS CD supplied with the machine (or from ASUS's support site) into your home directory. Once you've done that you need to blacklist the non-functioning Madwifi drivers on the machine to prevent them from loading and interfering. Open the blacklist file for editing using gedit /etc/modprobe.d/blacklist then add the lines:

blacklist ath_pci
blacklist ath_hal

Then save and close the file and reboot the machine.

Next, as root, navigate to your home folder and install the driver into ndiswrapper with ndiswrapper –i ./net5211.inf

And finally add the ndiswrapper module to the kernel with modprobe ndiswrapper

Now you'll have a working wireless card, but the bad news is that with the ndiswrapper driver it is not capable of being put in to monitor mode or carrying out packet injection. For this you'll have to wait for a native Linux driver fromMadwifi that supports the AR5BXB63. According to Madwifi forums, such a driver is under development and could be released at any time. If you need this functionality straight away then you'll have to fork out for a USB wireless adapter, such as the Alfa AWUS036S or the D-Link DWL-G122 version C1, which has suitable Linux drivers that can be patched to enable injection. Alternatively, if you are feeling brave, you could open up the Eee PC to access the PCI Express slot inside, and replace the existing AR5BXB63 wireless card with one which uses a wireless chip for which suitable Linux drivers do exist.

Assemble Your Tools

The last step in building your portable security device is installing your open source security tools, which you can get from a variety of places. Most are available as pre-compiled packages from Ubuntu's repositories, which you can access with the Synaptic Package Manager apt front end, accessed from Ubuntu's desktop through the System»Administration sub-menu. The Eee PC's 7" screen can make it hard to see which buttons need clicking for installation, but this is just about the only fault with the device.

What you choose to download is up to you, but a suggested minimum security toolbox might include:

  • Nmap for scanning
  • Ettercap for packet sniffing/intercepting
  • Wireshark for packet sniffing
  • Aircrack-ng suite for wireless auditing, access point detection and password analysis/cracking
  • Metasploit 3 for framework for penetration testing
  • John for offline password testing
  • Hydra for online password testing
  • Kismet for network access point detection

With the exception of Metasploit 3 and Hydra, all these packages are available from Ubuntu repositories through Synaptic.

In the coming weeks we'll be taking a look at some of the tools mentioned above, and how you can use them to help maintain the security of your network.