.

Setting Up Lab

<<

mambo

Newbie
Newbie

Posts: 14

Joined: Sat Mar 31, 2007 8:11 am

Post Sun Jan 18, 2009 3:56 pm

Setting Up Lab

Hello!

Just wondering if anyone had any input on setting up a lab. I now have 3 computers to play with and was thinking its about tiome i got some hands on experience. I currently have two laptops and a desktop.

Does anyone have any input on what possible configurations I could put on the systems so I can get some hands on network security experience, e.g pen testing. Im still in the stage of having done quite a bit of reading but having no experience, so if anyone knows of any tutorials for such lab testing I would greatly appreciate it.

Kind regards

Mambo
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Sun Jan 18, 2009 5:36 pm

Re: Setting Up Lab

Backtrack would be a good distro to load to access quite a few different tools.

http://www.remote-exploit.org/backtrack.html
<<

mambo

Newbie
Newbie

Posts: 14

Joined: Sat Mar 31, 2007 8:11 am

Post Sun Jan 18, 2009 6:22 pm

Re: Setting Up Lab

i had a play with backtrack when i setup a smoothwall firewall, but didnt really get anywhere with it.

Has anyone had experience with damn vulnerable linux? I would like something easy to exploit so i can see some results =]
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Sun Jan 18, 2009 6:43 pm

Re: Setting Up Lab

mambo wrote:Has anyone had experience with damn vulnerable linux? I would like something easy to exploit so i can see some results =]


No, but I'm definitely going to check it out. Thanks for bringing that up!
The day you stop learning is the day you start becoming obsolete.
<<

COm_BOY

User avatar

Full Member
Full Member

Posts: 129

Joined: Tue Feb 03, 2009 10:40 am

Post Tue Feb 03, 2009 11:24 am

Re: Setting Up Lab

Damn Vulnerable Linux is also offering certifications
hxxp://www.damnvulnerablelinux.org/inde ... tification

One more has been added to BackTrack competitors list .
It has become appallingly obvious that our technology has exceeded our humanity.
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Tue Feb 03, 2009 3:51 pm

Re: Setting Up Lab

Mambo, you may want to look into a book called "Build Your Own Security Lab: A Field Guide for Network Testing". A friend of mine read it and he said it'd be a good start for people wanting to set up their own labs.
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Sat Feb 14, 2009 3:18 pm

Re: Setting Up Lab

I highly recommend setting up one machine as a VMWare ESXi server. You can host all sorts of guest with different OSes, patch levels, and software. It also has the ability for snapshots which is very useful for testing and learning.
twitter.com/timmedin | http://blog.securitywhole.com
<<

Jhaddix

User avatar

Sr. Member
Sr. Member

Posts: 317

Joined: Wed Oct 29, 2008 10:25 pm

Post Sat Feb 14, 2009 5:09 pm

Re: Setting Up Lab

Alternatively you can check out NETinVM

NETinVM is a single VMware virtual machine image that contains, ready to run, a series of User-mode Linux (UML) virtual machines which, when started, conform a whole computer network inside the VMware virtual machine. Hence the name NETinVM, an acronym for NETwork in Virtual Machine. NETinVM has been conceived mainly as an educational tool for teaching and learning about operating systems, computer networks and system and network security, but other uses are certainly possible.
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Sat Feb 14, 2009 8:42 pm

Re: Setting Up Lab

KrisTeason wrote:Mambo, you may want to look into a book called "Build Your Own Security Lab: A Field Guide for Network Testing".


It is a good book. I did run across a few dead links in it however...
<<

charlottebandit

Newbie
Newbie

Posts: 49

Joined: Sat Jun 10, 2006 4:26 pm

Post Wed Feb 25, 2009 9:32 am

Re: Setting Up Lab

The thing with pentesting, is that you need SOMETHING to assess whether it's a service or network.  What I mean for service is whether it's a web server, database server, data center, web services, or even an IP voice solution.  By assessing the network, I mean attempting to assess targets through a real switch, real router, and multiple other security controls.

Hence my point is that you'll need to either team up with someone who knows how to configure servers, or a network guy unless you want to learn either one (or both!).  Not knowing how to do one at least leaves you at a major disadvantage I feel.
MS, CCSP, CCNP, CCDP, CEH, CHFI, CPTS
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Wed Feb 25, 2009 9:44 am

Re: Setting Up Lab

charlottebandit wrote:The thing with pentesting, is that you need SOMETHING to assess whether it's a service or network.  What I mean for service is whether it's a web server, database server, data center, web services, or even an IP voice solution.  By assessing the network, I mean attempting to assess targets through a real switch, real router, and multiple other security controls.


Agreed, there are probably well known to most here (mentioned in the forums a lot) but check out De-ICE and DVL to get you start with targets.
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Wed Feb 25, 2009 12:48 pm

Re: Setting Up Lab

charlottebandit wrote:The thing with pentesting, is that you need SOMETHING to assess whether it's a service or network.  What I mean for service is whether it's a web server, database server, data center, web services, or even an IP voice solution.  By assessing the network, I mean attempting to assess targets through a real switch, real router, and multiple other security controls.

Hence my point is that you'll need to either team up with someone who knows how to configure servers, or a network guy unless you want to learn either one (or both!).  Not knowing how to do one at least leaves you at a major disadvantage I feel.


Great idea. You could get additional experience and knowledge by setting up additional linux VMs as IPS, Firewall, or for routing. This would teach you how to configure them, and how to get past them. Again, I recommend VMWare's ESXi since it is free and based on the industry leading VM platform. Not a bad idea to learn VMWare while you are at it. ESXi will allow you to set up multiple networks for setting up the lab described above.
twitter.com/timmedin | http://blog.securitywhole.com

Return to Hardware

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software