Re: Startup security lab setup

[Aarón Mizrachi <unmanarc () gmail com>]

On Martes 17 Marzo 2009 13:38:40 Abo Sous escribió:
> Hello All,
>
> i've been asked to start a lab setup for my company, with a focus on
> vulnerability assessments. So far, what i have in mind includes: a
> firewall unit, a couple of PCs with different OS flavors, some VA
> applications (Nessus, metasploit...)
> What else should i look for? what applications would you deem
> indispensable in such a lab?

is quite complex.

Today, a real hacker scenario is a mix of: Technique * Statistics * Social 
Engineering...

You can simulate a sysadmin behavior? :

* Common passwords across servers
* Predictable passwords <-
* Public info over internet (Check for maltego) <-
* Weak link in the chain 

How you can test social engineering techniques? 

---------------------------------------------------------------------------

Best scenarios envolves real admin and system public information... 

Ex. If you are a company that sells icecream's, and you are the sysadmin, the 
hacker will go for all possibles words related to your job and to your life 
(chocolate, vanilla, johnsmith, birthday, ...). Then, will permute this 
wordlist with "l33t" chars, and then... will "bruteforce" something. The right 
word are statistically probable to happen in a reasonable time. Then a 
privilege escalation race will start... 

Recommended Tools:

Nessus, metasploit, nmap, amap, xprobe, yersinia, ettercap-ng, cheops-ng 
(quite old...), hping, sendip, wireshark, tcptraceroute, aircrack-ng, milworm 
exploit db,  securityforest exploit db, snort, kismet, john the ripper, 
maltego, some commercial soft like GFI Languard.... ETC.

And...

- Virtual Machines. A LOT... virtual machines... (vmware's, qemu's, etc)
- IDS's!!! (Register what are doing our hackers)
- Lot of firewalls and diverse network topology
- Wifi
- Bad Perimeter Testing (Wifi ap's, VPN's, etc)
- Bad passwords

In my point of view, the common weakness of systems are the perimeter... not 
only network perimeter (that are very important), its also important to know 
that are other perimeters.

Application perimeters, user's privilege perimeter, files perimeter, process 
perimeter, etc, and... the sysadmin best award:

The tendence to locate on the perimeter _test and "non-important" enviroments 
without security and without know anything about pre-established perimeters_. 
That tendence happens when admin says: I dont care about this system, this is 
my test enviroment and its not so important to the company (HAHA...).

That can be extrapolated to all "non-important" information and "non-
important" things shared and running across network... 

> thanks in advance,
> -AS.
>
> ------------------------------------------------------------------------
> This list is sponsored by: InfoSec Institute
>
> Learn all of the latest penetration testing techniques in InfoSec
> Institute's Ethical Hacking class. Totally hands-on course with evening
> Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified
> Penetration Tester exams, taught by an expert with years of real pen
> testing experience.
>
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class.
Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified 
Penetration Tester exams, taught by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------