OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Coral J. Cook (cjcooknosc.mil)
Date: Mon Jun 03 2002 - 09:19:06 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Much Thanks to all who have replied, both on & off list. Giving the students
    root access & imaging their workstation drives is by far the most popular
    answer, and is the way we will proceed. Now for one more question, any
    suggestions for a good open source disk imaging package? I've identified
    several possible choices, but have not had time to evaluate them yet:

    CloneIt - http://www.ferzkopp.net/Software/CloneIt/index.html

    G4U - http://www.feyrer.de/g4u/

    Partition Image - http://www.partimage.org/

    WebClone - http://sourceforge.net/projects/webclone/

    Again, any comments/recommendations will be greatly appreciated. Please
    answer off list, unless others express interest in this matter.

    Coral

    -----Original Message-----
    From: Coral J. Cook [mailto:cjcooknosc.mil]
    Sent: Wednesday, May 29, 2002 1:16 PM
    To: pen-testsecurityfocus.com
    Subject: Training Lab Question

    This may be a bit off-topic, but I'd like some feedback on the following
    issue:

    I'm in the process of setting up a Pen Testing training lab. The lab
    consists of a network of target hosts and a network of attack hosts (student
    workstations). The student workstations running Slackware 8.x (current).

    Here's my question? What is the best/safest way to allow the students to run
    the tools (mostly nmap and various sniffers) that need root privileges for
    full functionality? Should I just make those tools suid root or should I use
    sudo? Are there any other alternatives? Thanks in advance.

    Coral

    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:
    https://alerts.securityfocus.com/

    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:
    https://alerts.securityfocus.com/