Re: Lab leads??

From: Alex Butcher (pentest) (pentest@cocoa.demon.co.uk)
Date: 10/17/01

• Previous message: dzzie@yahoo.com: "Re: uploading files to Apache webserver"
• In reply to: 'ken'@FTU: "Lab leads??"
• Next in thread: Matthew Leeds: "Re: Lab leads??"
• Next in thread: Don Bailey: "Re: Lab leads??"
• Reply: Matthew Leeds: "Re: Lab leads??"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 17 Oct 2001 20:12:36 +0100 (BST)
From: "Alex Butcher (pentest)" <pentest@cocoa.demon.co.uk>
To: "'ken'@FTU" <franklin_tech_bulletins@yahoo.com>
Subject: Re: Lab leads??
Message-ID: <Pine.LNX.4.33.0110172011001.6829-100000@cocoa.demon.co.uk>

On Tue, 16 Oct 2001, 'ken'@FTU wrote:

> Hello,
>
> I'm looking to set up a lab of about 30 host to simulater an
> Internet/DMZ/Intranet.
>
> Does anyone have any sources (papers) or ideas that might help? Here are
> a few parameters:
>
> Lab must contain various OS'es.
> Lab must be able to be very easily configurable to create and
> demonstrate holes and how to patch them. (But then recreate the hole to
> demonstrate the weakness again to another set of people.)
> The holes must be at the network, os and application levels.
>
> One idea I had is to create images of servers known to have holes,
> demonstrate the exploit, patch the hole, show it is fixed and then
> reimage the disk with the old hole. The imaging trick should work with
> different OS's as well. What do you think?

VMware is very nice for this. You can backup the "clean" image before and
after hardening it, so you can reuse it again and again. If you have
enough memory, you can even run multiple hosts on the same piece of
hardware.

> Thanks in advance.
> 'ken'

Best Regards,
Alex.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

---

• Previous message: dzzie@yahoo.com: "Re: uploading files to Apache webserver"
• In reply to: 'ken'@FTU: "Lab leads??"
• Next in thread: Matthew Leeds: "Re: Lab leads??"
• Next in thread: Don Bailey: "Re: Lab leads??"
• Reply: Matthew Leeds: "Re: Lab leads??"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Lab leads?? ... Subject: Lab leads?? ... >> The holes must be at the network, ... >This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) Lab leads?? ... Subject: Lab leads?? ... The holes must be at the network, ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) RE: Lab leads?? ... Subject: Lab leads?? ... > The holes must be at the network, ... > This list is provided by the SecurityFocus Security ... > SecurityFocus' SIA service which automatically alerts you to ... (Pen-Test) Re: How to access the host behind the Firewall ... positions when pressured to give access to untrained personnel. ... I am not familiar with the firewall, so maybe this problem is not ... From the host in the lab I can browse internet, ... (comp.security.firewalls) How to access the host behind the Firewall ... I am not familiar with the firewall, so maybe this problem is not ... My situation is somewhat like this: I have a hostin the lab ... From the host in the lab I can browse internet, ... from the host in Lab) I will send commands to the client through the server ... (comp.security.firewalls)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > pen-test  > 2001-10