Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Startup security lab setup

From: "Curt Shaffer" <cshaffer () gmail com>
Date: Tue, 17 Mar 2009 22:25:58 -0400
I would be happy to share my take and what I am building in my lab and
possibly make some suggestions.

My ultimate plan is to have a Honeywall architecture in place meaning
basically a Honeywall in place at the front. I also plan to have a few
different segments in place, for multi tiered applications (web farm, app
farm, db farm etc). I am thinking windows some Windows 2000 boxes but mostly
Windows 2003 and 2008. I also plan to have some CentOS servers doing
different tasks. I have kicked around the Idea of setting up firewall,
router and switch operations, virtualized of course, but I don't know if I'm
going to do that just yet. I also plan to have a client subnet running
Windows XP and Vista. 

The reason I want to have the Honeywall in place is to have complete logging
and view into what is going on during the pen testing process. I have also
kicked around the idea of using Bait and Switch SNORT rules on some other
external facing networks to send traffic from the wild in but I may separate
that as I want to maintain a pristine environment for my tests. 

All that said, depending on your budget, I know everyone would love to have
an exact replica of their target environment to work with even if it's
virtual. No sensitive data of course but same OSes, same applications etc. 

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Abo Sous
Sent: Tuesday, March 17, 2009 2:09 PM
To: pen-test () securityfocus com
Subject: Startup security lab setup

Hello All,

i've been asked to start a lab setup for my company, with a focus on
vulnerability assessments. So far, what i have in mind includes: a
firewall unit, a couple of PCs with different OS flavors, some VA
applications (Nessus, metasploit...)
What else should i look for? what applications would you deem
indispensable in such a lab?

thanks in advance,
-AS.

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec
Institute's Ethical Hacking class. 
Totally hands-on course with evening Capture The Flag (CTF) exercises,
Certified Ethical Hacker and Certified Penetration Tester exams, taught by
an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. 
Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified 
Penetration Tester exams, taught by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: