10
votes
Does anyone here work in infosec? If so, which laptops are you allowed to use?
I’ve recently gotten to speak with a few folks who work at an enterprise security company. I asked what their security researchers set as company rules for allowed laptops. My one datapoint so far is “Dell or Apple.” So for example, no Thinkpad X1 Carbon, which is arguably the best work laptop.
I am curious what other large security companies (or any of you security minded folks) set as rules for trusted laptops. Can anyone share their lists and theories as to why I heard Dell and Apple? BIOS is more trustworthy?
Perhaps the Superfish debacle drove that decision? The Carbons weren't affected, according to Lenovo, but between that and the Chinese origins, I'd imagine some infosec outfits may not be too enthused by Lenovo products right now.
Yeah, for sure that played a huge part in my mind for anything related to Lenovo. IMHO, selling ThinkPad to Lenovo should have been blocked by regulators in the USA for security reasons.
But at least way back in my day, enterprises would deploy their own trusted OS images to user's computers. So that would have prevented any superfish type of thing right? But I imagine that if the BIOS is not trustworthy then the OS layer security matters much less?
No. The big deal with Superfish is it was able to reinstall itself from the BIOS by way of "Microsoft Windows Platform Binary Table" which was designed to allow drivers to be installed.
OK, thanks for that link. I didn't remember that correctly at all. So then this again brings up BIOS. Would you say that who has control of the BIOS is the main reason a US based security researcher might trust Dell and Apple over other companies?
It makes sense that Apple would be more 'trusted' as they own the hardware and software. Dell is US owned, so maybe that makes them more trust worthy?
I work in cloud security and have a MBP, as does the rest of my team. The other choices were a bunch of different models from Lenovo, Dell, HP, Microsoft Surfaces, etc. This is for a large multi-national corp.
I'm just an infosec student, I don't actually work in the field, so I apologize if this is just fluff, but I've seen a pretty wide variety in laptops in my department, including ThinkPads (I'm one of those ThinkPad users actually). I suspect Dell and Apple are the most common companies because they both offer contracts and bulk sales for companies, and they're also both American companies, which is important in a field based all around trust. HP is probably fine too, but I'd definitely to see if there are any stricter regulations, they might just be saying Dell or Apple because it's easier than having a bunch of different laptops and not because of any security concerns.
We primarily use thinkpads. Our consultants can choose to use something else though. A few have macbooks.
I use a MacBook Pro 2005 as my main workstation. If there are things I need Windows for, I use Parallels 14 for Windows emulation. I also have a Thinkpad X1 Carbon as a "forensics workstation", in special cases.
A little biased because I was infosec at Apple, but we all used MacBook Pros. At Google it's a lot of Pixelbooks now a days, while the desktops are running our custom flavor of Linux.