Security Basics mailing list archives
Re: Lab setup for security learning
From: "Morgan Reed" <morgan.s.reed () gmail com>
Date: Tue, 16 Jan 2007 13:28:49 +1100
On 1/13/07, Ankur Jindal <divinepresence () gmail com> wrote:
Wouldn't iptables on linux and ICF on windows suffice for the firewall. Or should one test against something like zone alarm since it would be harder than a native firewall? A hardware firewall is not an option we have? Could you give me a little more detail on point d?
Frankly Zone Alarm isn't what I'd consider a "REAL" firewall, it would
probably be reasonable if you were attempting to simulate a
penetration on J Random User's PC but it is not realistic in a
structured network environment (corporate systems for instance).
[disclaimer] My primary background is in VMWare I assume that most
other VM solutions have similar capabilities to VMWare [/disclaimer]
If you are clever about the way you set up the Virtual Network in a
Virtual host you will be able to utilise an embedded type firewall
e.g. m0n0wall, smoothwall/ipcop for instance the basic setup is as
follows (excuse the ASCII art, if it's mangled copy it out to a text
editor and set a fixed-width font)
+----------+ +---------------------------------------------+
| | |+----------+ +--------------+ |
| Attacker |=====+======>|| Physical |Bridged| M0n0wall/ | |
| | | || NIC |======>| Smoothwall/ | |
+----------+ | |+----------+ | IPCop VM | |
| | +--------------+ |
| | | Host |
+------------+ | | V Only |
| | | |+-------------------------------------------+|
| IDS Host |<--+ || VMWare Virtual Network (Host Only) ||
| (Optional) | |+-------------------------------------------+|
| | | | Host | Host | Host |
+------------+ | V Only V Only V Only |
|+------------+ +------------+ +-------------+|
|| Web Server | | DNS Server | | Mail Server ||
|| VM | | VM | | VM ||
|+------------+ +------------+ +-------------+|
|=============================================|
| Host Machine |
+---------------------------------------------+
Of course the selection of Virtual Servers on the Host machine will
change depending on the architecture you are attempting to simulate.
For an additional layer of difficulty you could also have iptables (or
similar) setup on each Virtual Server to reduce attack surface area.
And further to this (assuming your machine has sufficent grunt and RAM
(RAM is arguably the biggest consideration when it comes to running
VM's)) you can add multiple host-only networks to a VMWare system
which will allow you to model things like WAN->DMZ->LAN setups and
layered defense.
Morgan
Current thread:
- Lab setup for security learning Ankur Jindal (Jan 12)
- Re: Lab setup for security learning Matt Coffman (Jan 15)
- Re: Lab setup for security learning gjgowey (Jan 15)
- Re: Lab setup for security learning Francois Yang (Jan 15)
- Re: Lab setup for security learning Ankur Jindal (Jan 15)
- Re: Lab setup for security learning Francois Yang (Jan 15)
- Re: Lab setup for security learning Morgan Reed (Jan 16)
- Re: Lab setup for security learning Ankur Jindal (Jan 15)
- Re: Lab setup for security learning Johnny Wong (Jan 15)
- Re: Lab setup for security learning Kamchybek Jusupov (Jan 15)
- Re: Lab setup for security learning Robert Larsen (Jan 15)
- <Possible follow-ups>
- Re: Lab setup for security learning kenneth . buckler (Jan 15)
- Re: Lab setup for security learning davestout (Jan 15)
- Re: Lab setup for security learning bardotherevolting (Jan 16)
- Re: Lab setup for security learning Ankur Jindal (Jan 17)
- Re: Lab setup for security learning Matt Coffman (Jan 15)