Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Training Lab Question

From: "Coral J. Cook" <cjcook () nosc mil>
Date: Mon, 3 Jun 2002 07:19:06 -0700
Much Thanks to all who have replied, both on & off list. Giving the students
root access & imaging their workstation drives is by far the most popular
answer, and is the way we will proceed. Now for one more question, any
suggestions for a good open source disk imaging package? I've identified
several possible choices, but have not had time to evaluate them yet:

CloneIt - http://www.ferzkopp.net/Software/CloneIt/index.html

G4U - http://www.feyrer.de/g4u/

Partition Image - http://www.partimage.org/

WebClone - http://sourceforge.net/projects/webclone/

Again, any comments/recommendations will be greatly appreciated. Please
answer off list, unless others express interest in this matter.

Coral



-----Original Message-----
From: Coral J. Cook [mailto:cjcook () nosc mil]
Sent: Wednesday, May 29, 2002 1:16 PM
To: pen-test () securityfocus com
Subject: Training Lab Question


This may be a bit off-topic, but I'd like some feedback on the following
issue:

I'm in the process of setting up a Pen Testing training lab. The lab
consists of a network of target hosts and a network of attack hosts (student
workstations). The student workstations running Slackware 8.x (current).

Here's my question? What is the best/safest way to allow the students to run
the tools (mostly nmap and various sniffers) that need root privileges for
full functionality? Should I just make those tools suid root or should I use
sudo? Are there any other alternatives? Thanks in advance.

Coral



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: