Re: Looking to set up an infosec lab

[Bill Stout <billbrietstout () yahoo com>]

You're on the right track with VMware for the majority of the tests. You might also investigate Xen for both Windows 
and Linux, I haven't tried Xen. I would consider: XP Home, XP Pro, W2K Pro, W2K Svr, W2K3, W2K3 X64 (exchange 2007), 
Vista (basic, premium, ultimate, business). VMware will let you scale and snapshot, you can create base images which 
support a full test matrix; OS/SPx/App Suite/Defense. In other words, build an XP home image and make multiple copies 
of it, so each image can have it's own patch. Then make copies of each patch image so each can have it's own 
Application Suite. Then make copies of each App Suite image so you can load different defensive software. Also consider 
creating a VMware 'Team' so you can test different Active Directory combinations and Group Policy changes. 

VMware can also host Linux/FreeBSD, so you can test an OS, with a default package set (workstation, developer, server), 
so again, make an image of an OS with a package set, then a patch level, then Applications, then defenses. This helps 
create another test matrix with a minimal number of hardware boxes. 

Notice I mentioned test matrix. You'll end up with a spreadsheet with rows of tests, and columns for the OS/Patch, and 
another dimension of pages for the applications/defenses installed. _IF_ any of the testing will be formal. 

You will either need a server with a TB or so to store the images and GigE to copy those images to workstations running 
VMware Workstation ($200) or Server (free). You'll also need to keep a few network hubs (not switches) on hand for 
sniffing, hardware firewalls, attack source machines, etc. And keep this network separate from other networks. Isolate 
this from all other networks if you'll test any viruses/worms/malware, restrict access, and destroy any media that 
leaves the room. If you don't test malware, consider giving the test network it's own DSL feed since some machines may 
become vectors to attack production machines. 

Bill Stout 


----- Original Message ---- 
From: John M. Martinelli <john () martinelli com> 
To: pen-test () securityfocus com 
Sent: Monday, July 30, 2007 6:40:13 PM 
Subject: Looking to set up an infosec lab 


Hi, list. 

A few of the previous e-mails going out on the mailing list got my 
attention - I'm interested in building a moderate hacklab to conduct 
mock attacks, intrusion detection, detection evasion, etcetera. My 
hardware situation allows me to deploy a VMware or Parallels lab - 
what kind of machines would you set up in my situation? 

I plan on having a few Windows machines - perhaps a '98 box, a 2000 
box, and an XP box. As far as Linux, I'd like to set up a Zoot 
(RedHat 6.2) and BSD box, but beyond that I'm asking for advice. 
Which flavors would you put up for conducting general vulnerability 
testing? 

Thanks, 
John Martinelli 
RedLevel.org Security 

------------------------------------------------------------------------ 
This list is sponsored by: Cenzic 

Need to secure your web apps NOW? 
Cenzic finds more, "real" vulnerabilities fast. 
Click to try it, buy it or download a solution FREE today! 

http://www.cenzic.com/downloads 
------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------