RE: setting up security research lab

[Irvin Temp <znah_irvin () yahoo com>]

VMWARE, Would definitely help in limiting the budget 
for the hardware. Speaking of hardware, Solaris 
machines and some routers/switches, wi-fi routers and 
gadgets would be eating up a lot of money. What other 
devices do you think would be useful in a security
lab?

> Software/Hardware: VMware will be your best friend
> when it comes to saving
> resources on software for OS systems. Applications
> will be a cost center as
> well as they will be expensive to obtain legally. 

Im also thinking of old machines to run some linux
and BSDs. The lab would be some kind of a war room.
Their would be some ATTACK machines, DEFENSE machines,
and some TARGET MAGHCINES. The biggest challenge would
be to simulate a real world setup. 


> Skills: Security centric individuals with security
> research and exploit
> testing background. Typically you will have
> individuals more specialized in
> Windows or Unix platforms and sometimes individuals
> with both. 
TRUE. It would be nice to have the right personnel 
skills on the team. I think they would make the most 
substantial impact in determining the success or 
failure mileage. 

Constant training of personnel would be important to 
increase their comfort level. OSSTMM, OWASP,CEH, and 
what else? How to enhance your teams skills in doing 
security research? what kind of training should they 
take? It would be better to focus on developing the 
right attitude(invetigation/forensic skills,problem 
solving, analytical) than focusing on a particular 
technique. 

How to get the most realistic hacking/auditing
scenario
or environment for them to gain the appropriate 
experience? the more realistic the test environment
the
better.

> Biggest challenge with setting up a lab is getting
> the appropriate resources
> (people) and having adequate os and apps for testing
> all versions that a
> vulnerability could apply to. 

Finding the right projects for research and 
development that would provide them a good feel of 
security and hacking in general. 

Agree. Learn things by doing. 
> It would be more of a
> grow as you go scenario.

__________________________________
Do you Yahoo!?
Yahoo! Search - Find what you’re looking for faster
http://search.yahoo.com

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------