Penetration Testing mailing list archives
Re: Lab OS Choices
From: M.B.Jr. <marcio.barbado () gmail com>
Date: Fri, 17 Aug 2007 18:44:59 -0300
See Peter, since your mais concern (which, by the way, triggered this thread) are operating systems, I strongly recommend you to adopt and test SELinux-empowered Linux distros; those OSs provide you with tons of security options for you to perform sophisticated tests. Moreover, talking about hardware, I recommend the Guidance EnCase appliance as well, which is a fantastic piece of hardware focused on forensics. Best, On 8/15/07, Peter Manis <manis () digital39 com> wrote:
As I have mentioned, I am buying some 2950s and I have gotten a few recommendations from people for a CCNA lab, but as far as the PIX and additional routers what should I work towards getting to have a good lab? Nothing immediate, but the end result. - PM On 8/15/07, Pete Herzog <lists () isecom org> wrote:Hi, Over the last 6 years we have studied the differences of tests against various platforms of virtual and real systems. This has led us to making the best possible test network we can for the OPST and OPSA certification exams. What we have found is that there is a large difference between them on the network packet level but almost none on the application level (although various application tests do rely on the encapsulating protocol so YMMV). What's most important is the the tester's machine is NOT virtual. Because the low-level problems at packet level do multiply during testing multiple systems. However for a complete lab set up, make sure your virtual systems are as close to the OS as possible- kernel level preferably, or else use the real thing directly on metal. If you will only be doing application tests, then it probably matters very little and go with your higher level virtual machines. One final note, as Jerry mentions, make sure your network devices are real! Don't try to virtualize networking because it is very complicated and will look very fake. We tested virtual networks and virtual networking but such systems could not handle team traffic (low-to-medium traffic) without producing errors. If you want to virtualize port forwards and simple hops, you can et away with that between low-level virtualized machines but don't try to duplicate anything else or else your error rate will compound and make your analysis practically worthless. Sincerely, -pete. Shenk, Jerry A wrote:I've found a few tests that worked against virtual machines but did not work against real machines. I agree, in most cases, there really is no difference. I also have some routers in my lab. That way, I can set up egress filtering between the servers and the attackers in the lab. That will help you get some realism about some things, particularly local exploits of machines inside the network (like an Exchange client attack). I think that also increases your credibility when talking with clients...for example, "In the lab, we set up egress filtering...blah, blah, blah...and with the filtering enabled, the remote exploit of the Exchange client worked in that it crashed the client but it made it much more difficult to get to a command-prompt on that box." That's not really part of the pen-test itself but the real goal of the pen-test is to make the network more secure and it definitely goes toward explaining to the client how to make their network more secure.------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
-- Marcio Barbado, Jr. ============== ============== "In fact, companies that innovate on top of open standards are advantaged because resources are freed up for higher-value work and because market opportunities expand as the standards proliferate." Scott Handy Vice President Worldwide Linux and Open Source, IBM ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Re: Lab OS Choices, (continued)
- Re: Lab OS Choices Peter Manis (Aug 12)
- Re: Lab OS Choices Peter Manis (Aug 12)
- RE: Lab OS Choices Shenk, Jerry A (Aug 13)
- Re: Lab OS Choices Pete Herzog (Aug 15)
- Re: Lab OS Choices Peter Manis (Aug 15)
- Re: Lab OS Choices Pete Herzog (Aug 16)
- Re: Lab OS Choices Peter Manis (Aug 15)
- Re: Lab OS Choices Pete Herzog (Aug 16)
- Re: Lab OS Choices Peter Manis (Aug 16)
- Re: Lab OS Choices Pete Herzog (Aug 17)
- Re: Lab OS Choices Peter Manis (Aug 12)
- Re: Lab OS Choices M . B . Jr . (Aug 17)
- Re: Lab OS Choices Peter Manis (Aug 12)
- Re: Lab OS Choices M . B . Jr . (Aug 15)
- Re: Lab OS Choices Benjamin Anderson (Aug 15)
- Re: Lab OS Choices Peter Manis (Aug 13)
- Re: Lab OS Choices Jan Heisterkamp (Aug 17)