OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
RE: [lists] Looking to set up an infosec lab

From: Curt Purdy (purdytecman.com)
Date: Thu Aug 02 2007 - 07:56:40 CDT


Our lab is a dual dual-core Opteron (4 procs) w/16 gb RAM running SuSE Linux
10.2 w/VMWare ESX Server (have not run Windoze on bare metal for 4 years -
thus have not had to re-install in 4 years :)

I then run about a dozen OS's including every version of Windoze, a few
*NIX's and Novell. I have images of every guest for quick re-install (10-30
minutes per, depending on size). I then turn malware loose on a Windoze box
and watch it infect the other boxes, depending on the propogation mode. Of
course the *NIX and Novell boxes never skip a beat.

Curt Purdy CISSP, GSNA, GSEC, CNE, MCSE+I, CCDA
202.302.6032
infosysecgmail.com
purdytecman.com

-------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke
 

> -----Original Message-----
> From: listbouncesecurityfocus.com
> [mailto:listbouncesecurityfocus.com] On Behalf Of John M. Martinelli
> Sent: Monday, July 30, 2007 9:40 PM
> To: pen-testsecurityfocus.com
> Subject: [lists] Looking to set up an infosec lab
>
> Hi, list.
>
> A few of the previous e-mails going out on the mailing list got my
> attention - I'm interested in building a moderate hacklab to conduct
> mock attacks, intrusion detection, detection evasion, etcetera. My
> hardware situation allows me to deploy a VMware or Parallels lab -
> what kind of machines would you set up in my situation?
>
> I plan on having a few Windows machines - perhaps a '98 box, a 2000
> box, and an XP box. As far as Linux, I'd like to set up a Zoot
> (RedHat 6.2) and BSD box, but beyond that I'm asking for advice.
> Which flavors would you put up for conducting general vulnerability
> testing?
>
> Thanks,
> John Martinelli
> RedLevel.org Security
>
> --------------------------------------------------------------
> ----------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> --------------------------------------------------------------
> ----------
>
>

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------