OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Greg (greghoobie.net)
Date: Thu May 30 2002 - 11:21:25 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    My recommendation would be to give each student a VMWare workstation system
    to play with. That way once the course is over or the student trashes their
    system (whichever happens sooner) you can simply replace their system with
    your master VMWare workstation image.

    This means that you can give the students r00t (because it's easier than
    trying to setuid lot's of software) and not worry too much about what they
    do to the systems.

    Consider using VMWare to host your target systems as well for much the same
    reasons, this also saves you using lots of physical boxes too.

    regards

    Greg

    BTW Despite the fact that nearly half of my posts to this list seem to
    pertain to VMWare (I don't know why) : I am not selling/connected to or
    otherwise related to VMWare. That said, VMWare does rock.

    > -----Original Message-----
    > From: Coral J. Cook [mailto:cjcooknosc.mil]
    > Sent: 29 May 2002 21:16
    > To: pen-testsecurityfocus.com
    > Subject: Training Lab Question
    >
    >
    > This may be a bit off-topic, but I'd like some feedback on the following
    > issue:
    >
    > I'm in the process of setting up a Pen Testing training lab. The lab
    > consists of a network of target hosts and a network of attack
    > hosts (student
    > workstations). The student workstations running Slackware 8.x (current).
    >
    > Here's my question? What is the best/safest way to allow the
    > students to run
    > the tools (mostly nmap and various sniffers) that need root privileges for
    > full functionality? Should I just make those tools suid root or
    > should I use
    > sudo? Are there any other alternatives? Thanks in advance.
    >
    > Coral
    >
    >
    >
    > ------------------------------------------------------------------
    > ----------
    > This list is provided by the SecurityFocus Security Intelligence
    > Alert (SIA)
    > Service. For more information on SecurityFocus' SIA service which
    > automatically alerts you to the latest security vulnerabilities
    > please see:
    > https://alerts.securityfocus.com/
    >

    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:
    https://alerts.securityfocus.com/