Re: Basic facilities required to establish a pen test lab
- From: Jan Heisterkamp <janheisterkamp@xxxxxx>
- Date: Sun, 29 Jul 2007 08:28:48 -0600
Gubir schrieb:
I am CEH. But still I need some suggestion from you guys to setup a pen testA pent test lab; what could this be?
lab. Please give me some guidance about the basic essential hardware and
software to make a good pen test lab
Definition of laboratory: A laboratory (often abbreviated lab) is a place where scientific research and experiments are conducted. A lab can hold space for one to thirty, or more, researchers depending on the size of the room and state mandated maximum occupancy limit.
In conjunction with pen-test this makes no sense to me, exeptual you are conducing external tests.
I for myself decided that I don't use laptops, exeptual I go mobile-wireless, they are mostly not the money worth, you can't mainteaince them tecnically by yourself -at least not here in Costa Rica.
What I do have here are a few boxes with 2.8 G Intel Pentium, 2GB Ram, 80 - 160 Gb HDD, 2 NICs and one with AMD 64bit Athlon, 2GB Ram, 80GB HDD, 2NICs. For special purposes I use PowerEdge 1850, 2 Xeon 2.8 G, 4GB Ram, 2x36 GB HDD, 2 NICs [doesn't run with Unix :'( ]
OS's: Windows XP, Fedora7, freeBSD
Before you step into a new job you have to setup your box new, that means set your HDD on zero. For this purpose I use PowerMax [Live-On edition], it takes some hours but its working excellent and with all brands of HDDs.
Don't use the OS "onboard"-formatting tools.
Never ever perform a test with a "USED" box.
If you use [Vuln]-Scanner [for a first look] make sure that you use only open-source products.
Double check all results.
Especially, don't believe the results of a Vuln-Scanner until you haven't proofed it manually.
In your repositioy you should have the common OS's for practizing and studying, as well as a collection of all Exploits you can grab, wether you need them or not.
Exploit-Frameworks like Metasploit or ATK are helpful.
You might come into a situation where you have to reverse-engineer something; IDA Pro is a excellent and comfortable choice and it's money worth.
Not mentioned the tools of the trade, you should know them all, you are CEH; isn't it?!
Regards
Jan
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
- Follow-Ups:
- Re: Basic facilities required to establish a pen test lab
- From: Hylton Conacher (ZR1HPC)
- RE: Basic facilities required to establish a pen test lab
- From: Shenk, Jerry A
- Re: Basic facilities required to establish a pen test lab
- References:
- Prev by Date: Re: Cross testing exploit with vulnerability scan results
- Next by Date: Re: Cross testing exploit with vulnerability scan results
- Previous by thread: Basic facilities required to establish a pen test lab
- Next by thread: RE: Basic facilities required to establish a pen test lab
- Index(es):
Relevant Pages
|
|
