Announcement

Collapse
No announcement yet.

Building a VMware Security Lab

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Building a VMware Security Lab

    Well, university isn't meeting my information needs, and I need to move on from hoarding book knowledge to the hands on application of it. So I come to you guys - what sorts of network topologies should I set up to learn in my little vmware lab? What OS's do you suggest if I have to keep it down to three.

    I want to set it up on a desktop at home, but be able to access it from a laptop while I'm on the go, which is a lot of the time. Advice?

    Also, anyone have lab handouts, papers, or book recommendations on the topic?

    Thanks!

  • #2
    Re: Building a VMware Security Lab

    Originally posted by valen View Post
    I want to set it up on a desktop at home, but be able to access it from a laptop while I'm on the go, which is a lot of the time. Advice?
    I've used OpenVPN to overcome this problem. I would suggest looking into setting up a TAP interface on whatever private network you create for the vms to use. Feels just like being plugged into the same switch (if you weren't doing this all in vms on one computer)
    afterburn

    Comment


    • #3
      Re: Building a VMware Security Lab

      Lots of cpu cores & memory if you are going to be hosting any of the post Windows XP variants. 2 cores and 4GB should be a good starting point, 2 cores and 8GB would be better. As far as OS selection something with known vulnerabilities that you can test exploit.

      If you haven't been here then you should go:

      http://www.de-ice.net/

      If you aren't aware of all the GREAT books written by the fine folks here on this very forum you should get familiar with both of them.

      xor

      Actually I hate to pass the buck but VMWare has a good community support site. If you really want to get into nuts and bolts you might consider doing all this with the OSS hyper-visors. The benefits for you being a stud(student) is that all is free except of course Windows releases.
      Last edited by xor; April 9, 2009, 06:10. Reason: It's early for crying out loud
      Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

      Comment


      • #4
        Re: Building a VMware Security Lab

        I have one of these that I got for $179 from Geeks.com late last year.

        I have CentOS 5.2 running on it with VmWare server, and about a dozen or so VM"s configured to run. The VM's are a mix, Win2k, Win2k3, WinXP, CentOS, BackTrack, Helix, Ubuntu and a bunch of others. Many of the VM's are LiveCD's that I've been messing around with.

        It's been a very decent system to run, although it does not support ESXi, but it can run a couple of sessions decently without bogging down too much. If you're just gonna use it for yourself it should perform well.

        I only use mine as a Sandbox machine for testing new applications and a few other things.
        A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

        Comment


        • #5
          Re: Building a VMware Security Lab

          Originally posted by streaker69 View Post
          I have one of these that I got for $179 from Geeks.com late last year.
          That's a great find Streaker. Very sexy indeed.

          xor
          Just because you can doesn't mean you should. This applies to making babies, hacking, and youtube videos.

          Comment


          • #6
            Re: Building a VMware Security Lab

            VMs are great for doing host based stuff but a big portion is missing, namely the networking side. I understand that most people can't afford to buy Cisco equipment but knowing the in's and outs of some of the most frequently used network vendors equipment is invaluable in the 'real world' from a security perspective.

            In a purely vitural environment there's always the nexus 1000v (again most likely out of everyone's price range) that can simulate Cisco networking equipment within an ESX server...haven't really read up on those much though.

            Just my two cents :-)
            (less taxes of course, your mileage may vary)
            Network Jesus died for your SYN

            Comment


            • #7
              Re: Building a VMware Security Lab

              I haven't read any of the books from the forum users, I'd definitely like to check those out. Everyone here gives me great feedback to my questions. Is there a listing of them here? I'll search after this.

              I currently have 2 cores and 4GB running VM Server on Windows 7. Anyone know if there is a big difference performance wise between say Win7 and Ubuntu?

              That is a very nice find streaker - would make everything a lot more sleek here.

              As to the networking dilemma that was brought up - assuming there is no cheap virtual way, what's the cheapest way to get experience with that? What features am I looking for? Can I get something as cheap as an 830? I do definitely want to look into this as it's quite a weakness.

              Thanks

              Comment


              • #8
                Re: Building a VMware Security Lab

                There may be classes offered at your university or a lab available, I'm not sure. (regarding networking equipment)
                Network Jesus died for your SYN

                Comment


                • #9
                  Re: Building a VMware Security Lab

                  If you have to keep it down to 3 OS's, I'd go Win2k3, CentOS, Solaris10. Use what's most commonly used out in the wild. Keep snapshots of properly hardened systems as well as versions that simulate a lazy admin. As far as remote access, I'd also suggest OpenVPN.
                  "You have cubed asscheeks?"... "Do you not?"

                  Comment


                  • #10
                    Re: Building a VMware Security Lab

                    If you're going to build a lab, don't overlook used Cisco equipment. eBay or other sales sites are a good choice, as are buddies who are in the business and may know of equipment upgrades or replacements. I have several used Cisco 1900's and 2950's in my lab. They aren't the fastest devices by today's standards, but since the lab is offline, and huge file transfers aren't a big concern in the lab, it's hard to beat the price. For a grand total of $250 bucks, they allowed me to learning the ins and outs of the Catalyst CLI and Cisco IOS.

                    BTW, a buddy from these forums was instrumental in getting the 1900's.
                    Thorn
                    "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

                    Comment


                    • #11
                      Re: Building a VMware Security Lab

                      Originally posted by Thorn View Post
                      If you're going to build a lab, don't overlook used Cisco equipment. eBay or other sales sites are a good choice, as are buddies who are in the business and may know of equipment upgrades or replacements. I have several used Cisco 1900's and 2950's in my lab. They aren't the fastest devices by today's standards, but since the lab is offline, and huge file transfers aren't a big concern in the lab, it's hard to beat the price. For a grand total of $250 bucks, they allowed me to learning the ins and outs of the Catalyst CLI and Cisco IOS.

                      BTW, a buddy from these forums was instrumental in getting the 1900's.
                      This is how I started building my lab was from buying old Cisco equipment and using a couple older computers with light OS' on them. My original intention for this was for testing/learning more basic things like building a simple vpn, im hoping to convert it into a lab for this sort of thing as well. I don’t know why but ive never liked doing a lab in VMware, something about having the real machine there that im working on appeals to me.
                      Not every problem, nor every thesis, should be examined, but only one which might puzzle one of those who needs argument

                      Comment


                      • #12
                        Re: Building a VMware Security Lab

                        Originally posted by valen View Post
                        I haven't read any of the books from the forum users, I'd definitely like to check those out. Everyone here gives me great feedback to my questions. Is there a listing of them here? I'll search after this.

                        I currently have 2 cores and 4GB running VM Server on Windows 7. Anyone know if there is a big difference performance wise between say Win7 and Ubuntu?

                        That is a very nice find streaker - would make everything a lot more sleek here.

                        As to the networking dilemma that was brought up - assuming there is no cheap virtual way, what's the cheapest way to get experience with that? What features am I looking for? Can I get something as cheap as an 830? I do definitely want to look into this as it's quite a weakness.

                        Thanks
                        Have a look at the ESXi software from vmware. It is the host os, so you don't have the host sucking down cpu and ram. Works really well. I've been playing around with it at work on an older Dell server. We have the commercial version hosting our file server at my location and at a few other locations it's hosting several win2k3 servers on one box without a problem.

                        Comment


                        • #13
                          Re: Building a VMware Security Lab

                          like bjaming said, check out a local university for IT courses. if you haven't had any experience with cisco equipment, you'd be well to take the CCNA courses (1 through 4). CCNA 2 covers basic configuration of cisco routers, CCNA 3 covers basic configuration of cisco switches, and CCNA 4 integrates the two and delves deeper into both. it also has a little bit of security stuff in there, albeit pretty basic. if you've had experience dealing with the configuration side of the cisco stuff, check out the CCNP courses and network security courses. i haven't quite gotten to this point yet in my education, but i'm sure they'd be great for learning cisco equipment

                          Comment


                          • #14
                            Re: Building a VMware Security Lab

                            This thread has actually gotten me back into my project of setting up a lab. We have some out of life servers that my work is willing to give me, so I have a chance to test some things out. I'm also working on getting some WRT hardware from ebay. You seem to be on the right track... check ebay as others have said for Cisco equipment.
                            "As Arthur C Clarke puts it, "Any sufficiently advanced technology is indistinguishable from magic". Here is my corollary: "Any sufficiently technical expert is indistinguishable from a witch"."

                            Comment


                            • #15
                              Re: Building a VMware Security Lab

                              Building an at-home network security lab seems to be on a few to-do lists around here, unsurprisingly, including my own. I've a few links that may come in handy - these are more 'what to do with your network security lab' than 'how to set up a network security training lab.'

                              I don't go to Georgia Tech, but the description of their network security lab makes me pretty jealous. The history of the lab and its current iteration might be of interest for building a home network. Their lab is likely far beyond the scope of what you (or I) can afford on our own, but it might give you some ideas. "Physically all equipment is connected together with enough physical connections that a diverse set of logical topologies may be instantiated through VLAN technology... Perl scripts, which we custom created, are used to configure the logical topology and can completely reconfigure the network."

                              The lab manual I found from a class that uses this big fancy network is here. Some of the exercises work fine without their lab - chapter 2 runs through some very basic work using one computer with a few virtualized OSes on it, for instance, before moving onto sniffing and man in the middle attacks. Students use Windows XP and Red Hat 7.2, though most of the unix tools described work fine in Ubuntu/Fedora/etc. I haven't worked through most of this, mainly because the classes I'm already taking for computer science take up a big chunk of time. And because chapter 2 alone is something like 150-200 pages long.

                              Another teacher with network security classes and (yay!) online course material would be Sam Bowne. Again, I haven't made it through all of his material, but it shows promise. His powerpoint lectures give overviews of security topics, and a bunch of .doc files below that tend to get down to brass tacks.
                              Last edited by char_guerilla; April 13, 2009, 12:22.

                              Comment

                              Working...
                              X