Re: Lab setup for security learning

Ankur Jindal wrote:

Hello all
Me and a couple of friends wish to set up a lab of our own for
learning network security. I'd like some suggestions about the setup
of the lab with respect to

a) The number of machines (We only have 3)

3 is fine, but you could increase this to any number using virtual
machines. Install VMWare (http://en.wikipedia.org/wiki/Vmware), User
Mode Linux (http://en.wikipedia.org/wiki/User-mode_Linux) or XEN
(http://en.wikipedia.org/wiki/Xen).
That also makes it easy to test different setups and revert to earlier
snapshots (post install, post configuration, etc.).

b) Networking components (we have a 4 port switch and a 4-port hub)

A switch with a monitor port for sniffing could be useful...or that hub.
Depends on what you want to do. The hub sends out all packets to all
connected machines which makes it easy to sniff but if you want to play
with overflowing the arp tables in the switch that's what you'll need.
For playing with intrusion any will probably do just fine.

c) OS/Softwares (Win XP, Fedora Core 2, Backtrack (for all testing),
windows disassemblers etc.)

Depends on how skilled you are. If you are beginners start with an old
version of some Linux distribution or Windows version with known problems.
I like Backtrack for performing attacks and forensics...has nearly
everything you need.
Disassembling is (in my opinion) for advanced users only...or those who
want to be advanced :-)
IDA Pro is probably the best disassembler out there.

d) Setup architecture (both physical and software)

Go with a realistic setup.
Firewall with a couple of servers behind (web, database, dns, whatever).
The firewall will also be a great place to hook up a sniffer to see your
attacks. Maybe also a Snort machine.

Good luck

---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------

Relevant Pages

  • RH to Debian migration
    ... I have recently taken over as the admin of a small lab at school. ... over the lab setup. ... Workstation, so they setup one RHN account, added all 10 machines and then ...
    (Debian-User)
  • Re: Lab OS Choices
    ... Is there a benefit to performing pen tests on physical machines vs ... somewhere...then you lab can grow. ... I think I'd start with an unpatched Windows 2000 server. ... wipe the drives before you mess with 'em. ...
    (Pen-Test)
  • RE: Lab OS Choices
    ... I've found a few tests that worked against virtual machines but did not ... I also have some routers in my lab. ... to the client how to make their network more secure. ... I think I'd start with an unpatched Windows 2000 server. ...
    (Pen-Test)
  • Re: How to change Windows server 2003 Domain User password?
    ... desktop with common files or shortcuts on desktop. ... If you want the same desktop definitions you can setup users with roaming ... Check DNS (domain machines should point ONLY to their local DNS), ... the problem could be on server configuration or services ...
    (microsoft.public.windows.server.active_directory)
  • Re: Lab OS Choices
    ... physical machines, ... somewhere...then you lab can grow. ... I think I'd start with an unpatched Windows 2000 server. ... wipe the drives before you mess with 'em. ...
    (Pen-Test)