RE: Training Lab Question

From: Ballowe, Charles (CBallowe@usg.com)
Date: 05/30/02 

From: "Ballowe, Charles" <CBallowe@usg.com>
To: "'Coral J. Cook'" <cjcook@nosc.mil>, pen-test@securityfocus.com
Date: Thu, 30 May 2002 11:19:09 -0500

Since it is a training lab, let the students have root. Expect
to re-image the disks on the student machines after every class
passes through. Consider that somebody doing a pen-test will
likely be doing it from their own machine, they will most likely
have root.

It may not be the safest, but is the most realistic way to train them.
Give them the tools that they will have in the field.

I assume that you're already simulating a vulnerable network, you could
also do some host based pen-test training. Leave a vulnerable binary on
the student systems and have them exploit it before continuing on to
network pen-testing.

> -----Original Message-----
> From: Coral J. Cook [mailto:cjcook@nosc.mil]
> Sent: Wednesday, May 29, 2002 3:16 PM
> To: pen-test@securityfocus.com
> Subject: Training Lab Question
>
>
> This may be a bit off-topic, but I'd like some feedback on
> the following
> issue:
>
> I'm in the process of setting up a Pen Testing training lab. The lab
> consists of a network of target hosts and a network of attack
> hosts (student
> workstations). The student workstations running Slackware 8.x
> (current).
>
> Here's my question? What is the best/safest way to allow the
> students to run
> the tools (mostly nmap and various sniffers) that need root
> privileges for
> full functionality? Should I just make those tools suid root
> or should I use
> sudo? Are there any other alternatives? Thanks in advance.
>
> Coral
>
>
>
> --------------------------------------------------------------
> --------------
> This list is provided by the SecurityFocus Security
> Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security
> vulnerabilities please see:
> https://alerts.securityfocus.com/
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • RE: Training Lab Question
    ... My recommendation would be to give each student a VMWare workstation system ... > This list is provided by the SecurityFocus Security Intelligence ...
    (Pen-Test)
  • Mandrake Linux Login Problem!!!
    ... I created a user student apart from root. ... When I wish to login, it presents me with only one username i.e. ...
    (comp.os.linux.networking)
  • Open beaks extraction
    ... I just came back from Bangalore in India, where a PG student on the MDS ... course told me about the open beaks extraction method. ... As I did so the palatlal root poped out. ... and break PDL fibres and rotational forces to get the root to surface. ...
    (sci.med.dentistry)
  • Training Lab Question
    ... I'm in the process of setting up a Pen Testing training lab. ... The student workstations running Slackware 8.x. ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: Mandrake Linux Login Problem!!!
    ... I created a user student apart from root. ... When I wish to login, it presents me with only one username i.e. ...
    (comp.os.linux.networking)