April 20th, 2003 03:26 AM
I need to be able to install and review security products for my site and test exploits and such. I have a few computers I can network to create a lab environment.
My "lab" environment consists of 1 RH9 Linux box, 1 Windows 2000 Pro and 1 Windows 98se. I have some of the tools that have been suggested on here in other threads like the Foundstone tools and such.
What else do I need to have a good test lab? By good, I mean an affordable home test lab- not a corporate level test lab. I know that there is no 100% right answer. Some software or platforms are better for testing some things than others. With my limited setup I can only get so much diversity and test so much. I want to have a good, diverse lab though so I can test a variety of products and exploits without rebuilding the lab every time.
Is there any specific hardware or software I should have? Are there different operating systems I should have in the lab? What sort of tools would you recommend for a lab environment?
April 20th, 2003 03:39 AM
You might want to consider Norton's Ghost so that you can re-install any OS if you happen to blow it up.
I'd also recommend isn't tools but rather humans. What you need is someone to set things up and then you go and "break" it as it were. I find that works far better than just trying to do it yourself since you'll know what you did but if you don't know how they set it up, then the challenge is that much more. Maybe even invite some buddies over for a home-made "war games".
April 20th, 2003 05:40 AM
If you can get your hands on a Cisco router anywhere, you could really be having some fun.
/* You are not expected to understand this. */
April 20th, 2003 07:26 PM
If you use VMware or Virtual PC you can set up different OS's on the same computer and run them at the same time.
That's nice if you want to check exploits on different OS's.
Both products have trial versions so you can try it out before you buy it.
April 20th, 2003 08:41 PM
norton Ghost is a must in such environments, It will save you so mutch time It's not funny, and If you can get plenty of cheap CD's or a big enough extra HDD, you can image several drastically different configurations and change back and forth, in no time.
If your testing any products on your redhat box, it might be a good idea to set up another one to attack it from, I wouldn't really trust the loopback to provide realistic results, In your case, with such a budget, VM ware should be a good solution for the second RH box, and imaging would be a snap.
You may want to consider XP, but then again... maybe not it's not that different from win2k. For a security test, a cisco router would be great. For certain scenarios, you could simulate a more or less real world infrastructure, and experiment with what info the cisco router can capture, and thus the traceability of any attack. some of the lower end ones aren't too bad on ebay, 2500 - http://cgi.ebay.com/ws/eBayISAPI.dll...category=28033 or 1600 - http://cgi.ebay.com/ws/eBayISAPI.dll...category=28031 and It's PSU - http://cgi.ebay.com/ws/eBayISAPI.dll...category=28031
You may also want win2k server or advanced server, but It's not really reasonable to get it legally, and if your doing this for profit in any way, using a bootleg copy would be wreckless. You should be able to configure 2kpro with a lot of the services provided by server if you do enough research though.
Tried to pick up some links to guides for such things... but I haven't had mutch luck finding such an animal online. So I guess playin it by ear may be the best solution, since that seems to be how the internet was created anyways Hope it turns out great. are you gonna post product reviews and such here? If so, hope to hear it from someone inhouse.
April 21st, 2003 12:02 AM
Might want to consider a removable hardrive tray to.
Its not software piracy. I’m just making multiple off site backups.
April 21st, 2003 12:24 AM
Just to add somethine really quick like...
check out the tools from www.systernals.com
They have some really good tools to see what is going on behind the scenes....
say you let a virus loose on your box... it'd be a pain in the arse to go looking for everything that happened... but with filemon, regmon and tcpmon... you can see what happened on the hard drive activity, the registry activity and communications all at the same time... in real time.
is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.