Penetration Testing mailing list archives
RE: Training Lab Question
From: "Coral J. Cook" <cjcook () nosc mil>
Date: Mon, 3 Jun 2002 07:19:06 -0700
Much Thanks to all who have replied, both on & off list. Giving the students root access & imaging their workstation drives is by far the most popular answer, and is the way we will proceed. Now for one more question, any suggestions for a good open source disk imaging package? I've identified several possible choices, but have not had time to evaluate them yet: CloneIt - http://www.ferzkopp.net/Software/CloneIt/index.html G4U - http://www.feyrer.de/g4u/ Partition Image - http://www.partimage.org/ WebClone - http://sourceforge.net/projects/webclone/ Again, any comments/recommendations will be greatly appreciated. Please answer off list, unless others express interest in this matter. Coral -----Original Message----- From: Coral J. Cook [mailto:cjcook () nosc mil] Sent: Wednesday, May 29, 2002 1:16 PM To: pen-test () securityfocus com Subject: Training Lab Question This may be a bit off-topic, but I'd like some feedback on the following issue: I'm in the process of setting up a Pen Testing training lab. The lab consists of a network of target hosts and a network of attack hosts (student workstations). The student workstations running Slackware 8.x (current). Here's my question? What is the best/safest way to allow the students to run the tools (mostly nmap and various sniffers) that need root privileges for full functionality? Should I just make those tools suid root or should I use sudo? Are there any other alternatives? Thanks in advance. Coral ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- RE: Training Lab Question Coral J. Cook (Jun 03)
- Re: Training Lab Question Forrest Rae (Jun 03)