Penetration Testing mailing list archives
RE: Startup security lab setup
From: "Curt Shaffer" <cshaffer () gmail com>
Date: Tue, 17 Mar 2009 22:25:58 -0400
I would be happy to share my take and what I am building in my lab and possibly make some suggestions. My ultimate plan is to have a Honeywall architecture in place meaning basically a Honeywall in place at the front. I also plan to have a few different segments in place, for multi tiered applications (web farm, app farm, db farm etc). I am thinking windows some Windows 2000 boxes but mostly Windows 2003 and 2008. I also plan to have some CentOS servers doing different tasks. I have kicked around the Idea of setting up firewall, router and switch operations, virtualized of course, but I don't know if I'm going to do that just yet. I also plan to have a client subnet running Windows XP and Vista. The reason I want to have the Honeywall in place is to have complete logging and view into what is going on during the pen testing process. I have also kicked around the idea of using Bait and Switch SNORT rules on some other external facing networks to send traffic from the wild in but I may separate that as I want to maintain a pristine environment for my tests. All that said, depending on your budget, I know everyone would love to have an exact replica of their target environment to work with even if it's virtual. No sensitive data of course but same OSes, same applications etc. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Abo Sous Sent: Tuesday, March 17, 2009 2:09 PM To: pen-test () securityfocus com Subject: Startup security lab setup Hello All, i've been asked to start a lab setup for my company, with a focus on vulnerability assessments. So far, what i have in mind includes: a firewall unit, a couple of PCs with different OS flavors, some VA applications (Nessus, metasploit...) What else should i look for? what applications would you deem indispensable in such a lab? thanks in advance, -AS. ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
Current thread:
- Startup security lab setup Abo Sous (Mar 17)
- RE: Startup security lab setup Curt Shaffer (Mar 18)
- Re: Startup security lab setup Quentin Chung@Programmer (Mar 18)
- Re: Startup security lab setup Aarón Mizrachi (Mar 18)
- Re: Startup security lab setup private private (Mar 18)
- Re: Startup security lab setup HITESH PATEL (Mar 23)
- RE: Startup security lab setup Shenk, Jerry A (Mar 24)
- <Possible follow-ups>
- Re: Startup security lab setup David Schekaiban (Mar 18)
- Message not available
- Startup security lab setup Jeremy Brown (Mar 19)
- Re: Startup security lab setup Adriel T. Desautels (Mar 19)
- Message not available