Penetration Testing mailing list archives
RE: Training Lab Question
From: "Greg" <greg () hoobie net>
Date: Thu, 30 May 2002 17:21:25 +0100
My recommendation would be to give each student a VMWare workstation system to play with. That way once the course is over or the student trashes their system (whichever happens sooner) you can simply replace their system with your master VMWare workstation image. This means that you can give the students r00t (because it's easier than trying to setuid lot's of software) and not worry too much about what they do to the systems. Consider using VMWare to host your target systems as well for much the same reasons, this also saves you using lots of physical boxes too. regards Greg BTW Despite the fact that nearly half of my posts to this list seem to pertain to VMWare (I don't know why) : I am not selling/connected to or otherwise related to VMWare. That said, VMWare does rock.
-----Original Message----- From: Coral J. Cook [mailto:cjcook () nosc mil] Sent: 29 May 2002 21:16 To: pen-test () securityfocus com Subject: Training Lab Question This may be a bit off-topic, but I'd like some feedback on the following issue: I'm in the process of setting up a Pen Testing training lab. The lab consists of a network of target hosts and a network of attack hosts (student workstations). The student workstations running Slackware 8.x (current). Here's my question? What is the best/safest way to allow the students to run the tools (mostly nmap and various sniffers) that need root privileges for full functionality? Should I just make those tools suid root or should I use sudo? Are there any other alternatives? Thanks in advance. Coral ------------------------------------------------------------------ ---------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Training Lab Question Coral J. Cook (May 30)
- RE: Training Lab Question Greg (May 30)
- Re: Training Lab Question Jacques Thomas (May 31)
- <Possible follow-ups>
- RE: Training Lab Question Oliver Petruzel (May 30)
- RE: Training Lab Question Ballowe, Charles (May 30)
- Re: Training Lab Question Joe.McGean (May 30)
- RE: Training Lab Question Greg (May 30)