-
Playing in a Sandbox
I'm in the process of building myself a "sandbox" it's going to consist of:
DEC 1000 as a honeypot
Gateway E-3200 running OpenBSD 3.4 with PF as the firewall
Linksys dual-ethernet router
compaq laptop as a host running slackware 9.1
PII 266 w/ 192MB RAM running XP Pro and VMWare (its slow as a dog, but it runs;) )
Compaq Presario 4784 running OpenBSD 3.4 with SNORT
xl0: inside sensor
xl1: outside sensor
xl2: private network to Sun Ultra 1 running ACID, MySQL and APACHE/PHP/SSL
my question is this: what do you think would be better? Patch all the system then play, or leave them unpatched..play, then go back and patch and play some more.
I've gotten mixed answers from searching and talking to others. I'm curious what the AO communities view is on this.
If anyone wants pictures of my sandbox when its complete...let me know...i'll be more than happy to post them:D
laters.
-
I would say play around and then patch. This way you can get some experience managing systems after they have been exploited. Also you can always reinstall and try diffrent options, such as not fully updating a system (example: patching O/S but not Firewall) all can have diffrent affects.
DeafLamb
P.S. Some pictures would be cool :)
-
Personally, I'd play first unpatched so I'd experience what it's like and what the responses look like. Make an evaluation on how serious the issues (so I know in the future how to prioritize fixes). Then fix and play again.
Lather, rinse, repeat.
And do... reeeeeeeeeeeeee-search. :D
-
all my machines are ghosted as soon as the default os is installed so wiping them and reinstalling isn't an issue. I was planning on playing with the systems unpatched...then patching them. Basically I would be doing the job of the attacker, defender, and clean-up. Then creating a report based on my findings. I'm snowed in so i have nothing better to do ;)
msmittens: you trying to say I haven't done my research? :p
**EDIT**
i'll post pics when the sandbox is complete:D
-
No.. Mooooooooorre reeeeeeeeeeee-search!! :D
-
DEAFLAMB: and u said patched systems can't be exploited? i would play and then patch, and then keep playing! cheers.
consoleknight