Penetration Testing mailing list archives
RE: setting up a lab
From: "Erin Carroll" <amoeba () amoebazone com>
Date: Mon, 8 Sep 2008 11:15:08 -0700
Michael, I know that several people will suggest virtualization which is definitely one way to go. While I do use some virtualization I tend to try to keep my lab setup as close to "real" as possible; both to minimize any possible network stack oddness with some VM bridging mechanisms as well as allow for kernel-level and related testing which doesn't play well with VM's. This kind of setup can be done fairly cheaply as well if you have several old systems & hard drives laying around and is extremely flexible. Maybe this will provide some ideas for you or other list members. My home lab consists of the following: Workstations: - 2 hardware identical workstations with removable hard drive caddies set as boot device. This allows for swapping out OS as desired. Currently have installs for Solaris x86, various Linux & BSD distros, Win 2k, XP, Vista, 2k3 & 2k8 server... in 32 and 64-bit variants for each. Grub or LILO is your friend here to maximize OS flexibility while reducing # of hard drives (and cost) to juggle. Both systems have NICs and wireless so I can adjust to testing scenario. - LaCie 2TB NAS. Repository for tools, application configs & setups, OS images. 100+ gigs of rainbow tables, brute force dictionaries & related cracking, tftp drop for various Cisco router configs. - Laptop for "attacker" launchpad Network: - Cisco 2610 router - Dual-NIC'd workstation for non-Cisco router emulation, inline active or passive sniffing usage, IDS/IPS/FW emulation, etc. - Dual broadband connections (Comcast, FiOS) - Linksys 4-port hub, several Wireless routers & misc wi-fi USB/dongles/cards Aside from the Cisco router & NAS (and dual broadband providers... I have issues :)), anyone with some spare hardware laying around could easily setup a nice little lab similar to this with minimal investment. In my lab I can quickly emulate 3-tiered web/appserv/db infrastructures or other attack scenarios without bringing boxes to their knees with lots of VM resource overhead or management. Oh, and if you go this route with your own lab invest in a really good power solution. I love my APC AP7931 but they are not cheap (http://www.apc.com/resource/include/techspec_index.cfm?base_sku=AP7931) -- Erin Carroll Moderator, SecurityFocus pen-test mailing list amoeba () amoebazone com "Do Not Taunt Happy-Fun Ball" -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Michael Kitange Sent: Sunday, September 07, 2008 10:07 AM To: pen-test () securityfocus com Subject: setting up a lab hi guys, i am looking for tips on creating my own pen-test lab. i've got two computest. one xp and the other one zenwalk. i've got a router (d-link) and an internet connection on the router. i'd also like to know what tools should i use to test and some good vulnerable servers. i'm currently downloading backtrack3. thanks for help in advance. -- Sent from Gmail for mobile | mobile.google.com ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------ No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.169 / Virus Database: 270.6.18/1658 - Release Date: 9/7/2008 3:30 PM ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- setting up a lab Michael Kitange (Sep 07)
- Re: setting up a lab Claudio Criscione (Sep 08)
- Message not available
- Re: setting up a lab Michael Kitange (Sep 08)
- Re: setting up a lab Razi Shaban (Sep 08)
- Re: setting up a lab Michael Kitange (Sep 08)
- Re: setting up a lab tsaleem (Sep 08)
- Re: setting up a lab p1g (Sep 08)
- Re: setting up a lab Danilo Nascimento (Sep 08)
- RE: setting up a lab Erin Carroll (Sep 08)
- RE: setting up a lab Shenk, Jerry A (Sep 08)
- Re: setting up a lab M.B.Jr. (Sep 09)
- Message not available
- setting up a lab Michael Kitange (Sep 09)
- Re: setting up a lab Glenn Wilkinson (Sep 09)
- Message not available
- <Possible follow-ups>
- Re: setting up a lab securityfocus (Sep 09)