Penetration Testing mailing list archives
RE: Training Lab Question
From: "Ballowe, Charles" <CBallowe () usg com>
Date: Thu, 30 May 2002 11:19:09 -0500
Since it is a training lab, let the students have root. Expect to re-image the disks on the student machines after every class passes through. Consider that somebody doing a pen-test will likely be doing it from their own machine, they will most likely have root. It may not be the safest, but is the most realistic way to train them. Give them the tools that they will have in the field. I assume that you're already simulating a vulnerable network, you could also do some host based pen-test training. Leave a vulnerable binary on the student systems and have them exploit it before continuing on to network pen-testing.
-----Original Message----- From: Coral J. Cook [mailto:cjcook () nosc mil] Sent: Wednesday, May 29, 2002 3:16 PM To: pen-test () securityfocus com Subject: Training Lab Question This may be a bit off-topic, but I'd like some feedback on the following issue: I'm in the process of setting up a Pen Testing training lab. The lab consists of a network of target hosts and a network of attack hosts (student workstations). The student workstations running Slackware 8.x (current). Here's my question? What is the best/safest way to allow the students to run the tools (mostly nmap and various sniffers) that need root privileges for full functionality? Should I just make those tools suid root or should I use sudo? Are there any other alternatives? Thanks in advance. Coral -------------------------------------------------------------- -------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Training Lab Question Coral J. Cook (May 30)
- RE: Training Lab Question Greg (May 30)
- Re: Training Lab Question Jacques Thomas (May 31)
- <Possible follow-ups>
- RE: Training Lab Question Oliver Petruzel (May 30)
- RE: Training Lab Question Ballowe, Charles (May 30)
- Re: Training Lab Question Joe.McGean (May 30)
- RE: Training Lab Question Greg (May 30)