NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Pen-test> 2009-03

Re: Startup security lab setup

From: Adriel T. Desautels (ad_listsnetragard.com)
Date: Thu Mar 19 2009 - 10:02:23 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Are you using esxi now?

On Mar 18, 2009, at 10:11 PM, Jeremy Brown wrote:

> I used to have 10+ boxes all connected to a big kvm switch running
> from room to room, but it really is more efficient and less costly if
> you just invest into 2 or 3 high end machines and run vm's for all you
> stuff from there.. limits things to x86 usually, though, except for
> pearpc/etc/blah
>
> On Wed, Mar 18, 2009 at 2:55 PM, David Schekaiban <davidcodigoverde.com
> > wrote:
>> Abo,
>>
>> First try to evaluate what the lab's main purpose would be, is it
>> to offer
>> services internally or externally (scan and protect your services
>> or help
>> other companies), to train people or to "test" random stuff. I'd
>> suggest you
>> get some Linux boxes on there, I can strongly recommend Debian and
>> openSUSE, they both behave well. Maybe what you could do is get 2
>> physical
>> machines, one that acts as a "main" and other that works as a
>> "client", then
>> install your nifty tools on one and strip the other one up. This
>> would be a
>> VERY simple and basic and cheap setting.
>>
>> Then get some virtual machine technology, Sun xVM Virtualbox works
>> like a
>> charm, that way you can emulate machines in the lab to basically
>> screw
>> around, infect them with trojans, install malware or whatever you
>> need. This
>> way you can try different types of Windows, Linux and so on.
>>
>> Some interesting tools are included in Backtrack, its a live Linux
>> distro that
>> integrates a lot of tools like Metasploit, Nessus, Paros and SO
>> MANY others.
>>
>> If you need more details contact me. Best regards from Mexico.
>>
>>
>> David Schekaiban, CISA, CISSP
>> davidcodigoverde.com
>> twitter.com/codigoverde
>>
>>> Hello All,
>>>
>>> i've been asked to start a lab setup for my company, with a focus on
>>> vulnerability assessments. So far, what i have in mind includes: a
>>> firewall unit, a couple of PCs with different OS flavors, some VA
>>> applications (Nessus, metasploit...)
>>> What else should i look for? what applications would you deem
>>> indispensable in such a lab?
>>>
>>> thanks in advance,
>>> -AS.
>>>
>>> ------------------------------------------------------------------------
>>> This list is sponsored by: InfoSec Institute
>>>
>>> Learn all of the latest penetration testing techniques in InfoSec
>>> Institute's Ethical Hacking class. Totally hands-on course with
>>> evening
>>> Capture The Flag (CTF) exercises, Certified Ethical Hacker and
>>> Certified
>>> Penetration Tester exams, taught by an expert with years of real pen
>>> testing experience.
>>>
>>> http://www.infosecinstitute.com/courses/
>>> ethical_hacking_training.html
>>> ------------------------------------------------------------------------
>>
>>
>>
>>
>
> ------------------------------------------------------------------------
> This list is sponsored by: InfoSec Institute
>
> Learn all of the latest penetration testing techniques in InfoSec
> Institute's Ethical Hacking class.
> Totally hands-on course with evening Capture The Flag (CTF)
> exercises, Certified Ethical Hacker and Certified Penetration Tester
> exams, taught by an expert with years of real pen testing experience.
>
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ------------------------------------------------------------------------
>

        Adriel T. Desautels
        ad_listsnetragard.com
         --------------------------------------

Subscribe to our blog
http://snosoft.blogspot.com

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class.
Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]