Great article  Even though, I know that it's not anyone who can afford a lab of 600$, and in some cases perhaps not even 300$ if their budget doesn't allow it. Some newbies, that wants to learn infosec might be young, and I think it's more attractive to play with system attacks that are free, compared to buying real hardware equipment.

Of course, with young people getting iphones and other expensive gear, perhaps they should put cisco routers and switches on their wishlist instead 

I do agree that many, including me doesn't get that much exposure to network attacks, even though I have tested arp spoofing, isr evilgrade (it's a tool), and setting up a rogue dhcp server, on quite a few occasions, where it was multiple computers on a network, even used the default password on a real hardware switch once to get info about another network, but that was because I was lucky to have the opportunity to play with these things in real life, as not every newbie is.

Hacking a switch, with community strings, and perhaps tftp is quite fun, and I'm glad I have the opportunity to play with these things at the hacking dojo too. 

Good read I am in the process of updating my lab as it was just all live cd before. I want add some more hardware and try get a lab that is as similar to a corporate network as possible without breaking the bank.

So far I have
Cisco 2610 Ethernet  Serial Routers 32Mb Dram / 8mb flash IOS 12.3
Cisco 2610 Ethernet  Serial Routers 32mb Dram / 8mb flash IOS 12.3
Cisco 2501  Router with 2 serial Ports Interfaces + Ethernet AUI Port
Cisco WS-c2912-XL-EN Switch upgraded latest Cisco IOS
2 x WIC-1T for the 2600 routers (100% Genuine Cisco)

But I am  not sure where to start never really hand any hands on experience with setting up corporate so hope it be steep learning curve. I hope I can mix the hardware with Vm images of xp and some servers etc

If anyone can recommended any good books or any advice where to start would love some help

Very interesting, thank you!

Me too, I will add soon some network equipment to my lab. A
nd, I am interested in learning this type of hacking.

Quite true. I have lab equipment I have bought over the years, cisco routers and switches, and even an ASA. The problem is not having the knowledge or experience to properly build this network, or to intergrate it into your existing real network (It would be nice but I cant put 2 network connections in my room. And I quickly realized I need the internet to download software, update my host machine, view tutorials, ect. and while there are short term solutions, like using a usb stick. not very good idea to mix media between trusted and untrusted computers once you introduce new tools, or malware into the mix...) And a big issue for me has been the physical setup. Network hardware is not designed to connect to home internet connections.

So I think that we need to have some training on network connections, ect.

Tom does this with Hacking Dojo. eLearn has their Coliseum labs, and The Hacker Academy may have something as well.

I think the article is well-written, and I agree with most of the points made, but I'm not sure why virtualization is so heavily discouraged. On a single ESXi box (QX9550/16GB RAM/6x160GB HDs), I have two AD sites (SQL Server, Exchange, DCs, client systems, etc.), a DMZ, IDS (Snort), and a few other random/non-MS systems. Check out Vyatta or XORP if you have an interest in more advanced routing, and PF and/or iptables can do your firewalling.

I think it's a very close to a real-world configuration, and you only really lose out on anything that is vendor-specific. It's obviously good to get your hands on some Cisco gear and other prevalent hardware that you'll come across in real-world situations, but I think you can construct a very accurate real-world lab in a virtual environment. Also, ARP poisoning attacks do work in a virtual environment (I just verified this in Workstation 7, but I'm pretty sure I've done this in ESX/ESXi as well -- virtual switches have to be configured to allow these types of activities though).

I think the best route is a blend of virtual and physical equipment. I actually have several NICs in that ESXi box that connect to a 3550 and ASA5505, which does indeed allow more opportunities for fun. I just like to contain things as much as possible because of power, space, and aesthetics.

Full Disclosure: I only learned about XORP when I made that post I was trying to figure out why it appears that you can only get a 30-day trial of Vyatta now (they used to have a free virtual appliance). I guess they used XORP up to v3, but then they went to something proprietary starting in v4.

The more you know ===★

So I think Dynamik is volunteering to setup a VPN to his lab for all of us to use

As for the article, I certainly agree that you cannot adequately simulate a full pen test by just having your two VMs running a victim OS and an Attacker OS.  But for those new to the field it is enough to give them a taste. 

I think we do a good job though letting folks know there is more a pen test than simply popping the single victim system.  eLearning and OSCP cover the in's and out's of the pen test from the recon, enumeration and finally to the report.  The report I think is probably the most valuable piece to learn.  Like Tom had mentioned, you need to be able to explain to the client about the findings and that is where the report comes in. 

With regards to the experience portion, I think we here at EH-Net do a decent job at letting the newbies know that Ethical Hacking and Pen Testing are not entry level areas.  Many of us have backgrounds in System/Network Administration and/or programming.  It is important to be able to explain "here is why your box got popped, here is why we were able to get that data.  This is how you fix it..."  And being able to explain in non-robot speak is key.  If you can show the dollars flying out the cable modem that is even better.

Overall the article is great and I think we can all agree that the simple victim/attacker setup is really not enough.  But I think for a little taste to see if its something you want to do, it will suffice.  Then like all hobbies that become careers, you can invest more into it.  Throw in more layers to better challenge yourself.  This made me want to fire up the Cisco kit I have (two 2600 router and an 1850 catalyst) configure it and use it!  Two bad they are loud, guess I need to build a case