RE: Ideas for studentes

[<Donovan.Naidoo () absa co za>]

Greetings fellow SECURITY mates from places far and wide :)


GOOD idea to use VMware in setting up your labs, as MUCH testing and an
even greater product understanding can be reached within this virtual
environment!

I work as a Security Specialist for one of the largest Banks in the
Southern Hemisphere and must admit that when testing new products and
deploying better security tools, nothing truthfully compares or helps
mitigate further testing, like a Virtual environment!

AS an example, I would like to make mention that I recently went to a
major Anti Virus product evaluation regarding a new product release and
was given the daunting task of thoroughly testing and later deploying
this product within the HUGE infrastructure we manage. i.e. 55 000 user
infrastructure.

I set up a 2003 VM, coupled to a Linux VM (LAN Enforcer), re-instating a
complete system state restore of our Active Directory structure (WIN
2003 VM), ROOT (WIN 2003) and PDC (WIN 2003), client or user VM (XP Pro)
and another user VM (Vista).

So, I effectively have 7 VM's running in a team that is set up as a
VLAN.

I am then able to deploy GPO's from AD, Policies from the AV and have
them associate and replicate through this virtual domain quite
seamlessly! :) EVEN when coupled with the AD.

IT does get tricky as you progress further into penetration testing,
more intrinsic policy deployment AND security threat management BUT it
is a replica of what truly exists on the real network and that's where
it helps the most!

I have used SNORT through these VM's, Metasploit and a host of other
tools to further mitigate Security Management from a virtual
perspective!

IF it exists in the VIRTUAL world, it exists in the REAL WORLD...lol


HOPE this info helps :)


Kind regards,

DON



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Iwekani Mukoma
Sent: Tuesday, October 02, 2007 1:01 AM
To: Brian Laing
Cc: Nick Vaernhoej; security-basics () securityfocus com
Subject: Re: Ideas for studentes

Any idea on how virtual labs could be set up using VMware or others 
virtualization applications? This could be another approach to learning

Brian Laing wrote:
> I second the recommendation of groups setting up solutions such as 
> described below.  Depending on what your lab looks like you also want 
> to look at configuration analysis.  This can cover simply getting 
> firewalls and routers setup, but also go deeply into secure setup, 
> auditing policy, common pitfalls, etc.  I have done this in the past 
> with great success.
>
> These types of setups do not typically get finished in under 30 
> hours.  So what I do is chain the labs together.  So day 1 they setup 
> and audit the firewall.  For day two your lab setup is getting all 
> previous components up and running.  This works very well specially 
> when trying to illustrate how an end to end network needs to be setup.
> --------------------------------------------------------------------
> Brian Laing
> Chief Security Officer
> Cellphone:  +1 650.280.2389
> Office:     +1 (888) 845-8169 Ext. 805
> Email: brian () redseal net
>
> Redseal Systems - http://www.redseal.net
>
> Instant Visibility.  Threats Averted.
> -------------------------------------------------------------------
>
>
>
>
> On Oct 1, 2007, at 9:21 AM, Nick Vaernhoej wrote:
>
> > Good morning,
> >
> > How about setting the students up in groups of three and give them
each
> > a task. One installs Nessus, one installs Snort and one installs
> > smoothwall on a box with httpd enabled and maybe sshd and similar
easily
> > enabled services.
> >
> > Then hook them up to a switch allowing for port mirroring or an old
hub.
> > Initiate a Nessus scan against the firewalled box running the
accessible
> > services and see what Snort spews out.
> >
> > That could be set up with a lot of defaults and plenty of challenges
for
> > any level of student.
> >
> > However if it has to be completed in three hours and can't span
multiple
> > days this may take too long :)
> >
> > Nick Vaernhoej
> > "Quidquid latine dictum sit, altum sonatur."
> >
> >
> > -----Original Message-----
> > From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com]
> > On Behalf Of Juan B
> > Sent: Monday, October 01, 2007 7:38 AM
> > To: security-basics () securityfocus com
> > Subject: Ideas for studentes
> >
> > Hi,
> >
> > I am instructor of a class of students which are
> > learning info security. each week the students have 3
> > hours of lab to install a security product. im looking
> > for ideas of products to install, it could be open
> > source like iptables, snort or windows applications
> > etc, I need simple installation so It wont get to
> > complicated to the studnets. they know linux very
> > basically.
> >
> > can you send me ideas of products to install? it shoud
> > be products related to security.
> >
> > thanks a lot !
> >
> > Juan
________________________________________________________________________
> > ____________
> > Tonight's top picks. What will you watch tonight? Preview the hottest
> > shows on Yahoo! TV.
> > http://tv.yahoo.com/
> >
> >
> > This electronic transmission is intended for the addressee (s) named 
> > above.=
> >  It contains information that is privileged, confidential, or 
> > otherwise prot=
> > ected from use and disclosure. If you are not the intended recipient 
> > you are=
> >  hereby notified that any review, disclosure, copy, or dissemination 
> > of this=
> >  transmission or the taking of any action in reliance on its 
> > contents, or ot=
> > her use is strictly prohibited. If you have received this 
> > transmission in er=
> > ror, please notify the sender that this message was received in error

> > and th=
> > en delete this message.=0A=
> > Thank you.

___________________________________________________________

Important Notice:
Authorised Financial Services Provider

Important restrictions, qualifications and disclaimers
("the Disclaimer") apply to this email. To read this click on the
following address or copy into your Internet browser:

http://www.absa.co.za/disclaimer

The Disclaimer forms part of the content of this email in terms of
section 11 of the Electronic Communications and Transactions
Act, 25 of 2002.

If you are unable to access the Disclaimer, send a blank e-mail
to disclaimer () absa co za and we will send you a copy of the
Disclaimer.