Penetration Testing mailing list archives
RE: setting up security research lab
From: Irvin Temp <znah_irvin () yahoo com>
Date: Tue, 9 Mar 2004 00:43:21 -0800 (PST)
VMWARE, Would definitely help in limiting the budget for the hardware. Speaking of hardware, Solaris machines and some routers/switches, wi-fi routers and gadgets would be eating up a lot of money. What other devices do you think would be useful in a security lab?
Software/Hardware: VMware will be your best friend when it comes to saving resources on software for OS systems. Applications will be a cost center as well as they will be expensive to obtain legally.
Im also thinking of old machines to run some linux and BSDs. The lab would be some kind of a war room. Their would be some ATTACK machines, DEFENSE machines, and some TARGET MAGHCINES. The biggest challenge would be to simulate a real world setup.
Skills: Security centric individuals with security research and exploit testing background. Typically you will have individuals more specialized in Windows or Unix platforms and sometimes individuals with both.
TRUE. It would be nice to have the right personnel skills on the team. I think they would make the most substantial impact in determining the success or failure mileage. Constant training of personnel would be important to increase their comfort level. OSSTMM, OWASP,CEH, and what else? How to enhance your teams skills in doing security research? what kind of training should they take? It would be better to focus on developing the right attitude(invetigation/forensic skills,problem solving, analytical) than focusing on a particular technique. How to get the most realistic hacking/auditing scenario or environment for them to gain the appropriate experience? the more realistic the test environment the better.
Biggest challenge with setting up a lab is getting the appropriate resources (people) and having adequate os and apps for testing all versions that a vulnerability could apply to.
Finding the right projects for research and development that would provide them a good feel of security and hacking in general. Agree. Learn things by doing.
It would be more of a grow as you go scenario.
__________________________________ Do you Yahoo!? Yahoo! Search - Find what youre looking for faster http://search.yahoo.com --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- setting up security research lab Irvin Temp (Mar 07)
- <Possible follow-ups>
- RE: setting up security research lab Irvin Temp (Mar 09)