Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: [lists] Looking to set up an infosec lab

From: "Curt Purdy" <purdy () tecman com>
Date: Thu, 2 Aug 2007 08:56:40 -0400
Our lab is a dual dual-core Opteron (4 procs) w/16 gb RAM running SuSE Linux
10.2 w/VMWare ESX Server (have not run Windoze on bare metal for 4 years -
thus have not had to re-install in 4 years :)

I then run about a dozen OS's including every version of Windoze, a few
*NIX's and Novell.  I have images of every guest for quick re-install (10-30
minutes per, depending on size).  I then turn malware loose on a Windoze box
and watch it infect the other boxes, depending on the propogation mode.  Of
course the *NIX and Novell boxes never skip a beat.

Curt Purdy CISSP, GSNA, GSEC, CNE, MCSE+I, CCDA 
202.302.6032
infosysec () gmail com
purdy () tecman com

-------------

If you spend more on coffee than on IT security, you will be hacked. 
What's more, you deserve to be hacked. 
-- former White House cybersecurity czar Richard Clarke 
 


-----Original Message-----
From: listbounce () securityfocus com 
[mailto:listbounce () securityfocus com] On Behalf Of John M. Martinelli
Sent: Monday, July 30, 2007 9:40 PM
To: pen-test () securityfocus com
Subject: [lists] Looking to set up an infosec lab

Hi, list.

A few of the previous e-mails going out on the mailing list got my  
attention - I'm interested in building a moderate hacklab to conduct  
mock attacks, intrusion detection, detection evasion, etcetera. My  
hardware situation allows me to deploy a VMware or Parallels lab -  
what kind of machines would you set up in my situation?

I plan on having a few Windows machines - perhaps a '98 box, a 2000  
box, and an XP box. As far as Linux, I'd like to set up a Zoot  
(RedHat 6.2) and BSD box, but beyond that I'm asking for advice.  
Which flavors would you put up for conducting general vulnerability  
testing?

Thanks,
John Martinelli
RedLevel.org Security

--------------------------------------------------------------
----------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
--------------------------------------------------------------
----------





------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: