building a windows enterprise hacking lab suggestions?

[jinwald12]

Ok, so i have used linux based labs to practice network hacking for a while now. But now i want to build a virtual network that will emulate a windows enterprise network, i currently have set up a DC/DNS server a web server i intend to put vulnerable asp web apps on i also set up a SMB share server all in Windows 2003 R2 and i will add clients varying from XP SP3 to Windows 7 and vista (to simulate the ever changing landscape of a large network) i will add Cisco IOS gns3 vms and i may add a UC/VOIP system running traffic generation scripts. My question is what other services or network appliances should  i add to make this as realistic a lab as possible, keep in mind that while i can run VMs of alot of things i am on a student budget so alot of hardware components are not available to me. Thanks in advance for what ever advice you may give.

[cd1zz]

That is a hell of a start. Add some SQL, mysql, apache, sharepoint... just to name a few more! I think you'll have your hands full.

[jinwald12]

based on the resources available to me and my goal to stick to M$ products i will go with MS SQL server may add fake spoils as entries in the database now that i think about it, i also will add a fedora Snort box because from what i understand that is a common IDS setup, and how could i forget? a Mail server?!!  i may add actual mail accounts and internal emails for lulz and realism sake maybe a sharepoint like you said any one else have any ideas?

[ziggy_567]

You got an extra AS400 lying around?!?! 

[jinwald12]

no

[chrisj]

Last network I oversaw with windows had some of following (forgetting some, leaving others out):

DC
DNS
Time was from DC for windows boxes
Exchange with antagen
Sharepoint
Great Plains
MSSQL
AV Server
Windows 2008 License server
CISCO VOIP Server running on win2k

I'm sure they've changed it put more windows crap in it since I left.

[jinwald12]

thanks i will add a exchange server and i may go the office communicator route for VOIP and have clients with softphones running traffic generation scripts and a MSSQL server i don't have much experience with sharepoint so it would make a good learning experience i may also add a VPN server as that is always a good way into a network.

[3xban]

As a Windows guy, you have quite a bit in that list and should keep you busy for a while.  Not sure if I missed it, but maybe throw in a snort box for an IDS/IPS.  If you REALLY want to give yourself some work, implement PKI and add IPSec policies for "lulz"

[kriscamaro68]

As 3xban said implement PKI and kerberos as well as that is common in enterprise networks. Also there is DHCP, the System Center set of products like config manager forefront endpoint protection, WSUS, WDS, RRAS, Terminal Services, Branche Cache, there is a ton more services and features to add that would be useful but thats just a start.

[jinwald12]

i have DHCP i was thinking of putting a fedora box running snort as that seems to be a common platform for snort i will add a kerberos box later if only there was a way to make virtual telephone networks (i don't mean voip) but that would be extremely difficult oh well but yeah i have a lot to keep me busy.

[3xban]

Check the vmware appliances list at their site, their might be a free snort virtual appliance available.

[jinwald12]

that's a good idea thanks