Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Basic facilities required to establish a pen test lab

from [Jan Heisterkamp] Network Security [Permanent Link]
Subject: Re: Basic facilities required to establish a pen test lab
Date: Sun, 29 Jul 2007 08:28:48 -0600
Gubir schrieb: 
I am CEH. But still I need some suggestion from you guys to setup a pen test
lab. Please give me some guidance about the basic essential hardware and
software to make a good pen test lab

A pent test lab; what could this be?
Definition of laboratory: A laboratory (often abbreviated lab) is a place where scientific research and experiments are conducted. A lab can hold space for one to thirty, or more, researchers depending on the size of the room and state mandated maximum occupancy limit.

In conjunction with pen-test this makes no sense to me, exeptual you are conducing external tests.
I for myself decided that I don't use laptops, exeptual I go mobile-wireless, they are mostly not the money worth, you can't mainteaince them tecnically by yourself -at least not here in Costa Rica.
What I do have here are a few boxes with 2.8 G Intel Pentium, 2GB Ram, 80 - 160 Gb HDD, 2 NICs and one with AMD 64bit Athlon, 2GB Ram, 80GB HDD, 2NICs. For special purposes I use PowerEdge 1850, 2 Xeon 2.8 G, 4GB Ram, 2x36 GB HDD, 2 NICs [doesn't run with Unix :'( ]

OS's: Windows XP, Fedora7, freeBSD

Before you step into a new job you have to setup your box new, that means set your HDD on zero. For this purpose I use PowerMax [Live-On edition], it takes some hours but its working excellent and with all brands of HDDs.
Don't use the OS "onboard"-formatting tools.
Never ever perform a test with a "USED" box.

If you use [Vuln]-Scanner [for a first look] make sure that you use only open-source products.
Double check all results.
Especially, don't believe the results of a Vuln-Scanner until you haven't proofed it manually.

In your repositioy you should have the common OS's for practizing and studying, as well as a collection of all Exploits you can grab, wether you need them or not.
Exploit-Frameworks like Metasploit or ATK are helpful.
You might come into a situation where you have to reverse-engineer something; IDA Pro is a excellent and comfortable choice and it's money worth.
Not mentioned the tools of the trade, you should know them all, you are CEH; isn't it?!

Regards
Jan











------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Cross testing exploit with vulnerability scan results, Anders Thulin
Next by Date:  Re: Cross testing exploit with vulnerability scan results, Christine Kronberg
Previous by Thread:  Basic facilities required to establish a pen test lab, Gubir
Next by Thread:  RE: Basic facilities required to establish a pen test lab, Shenk, Jerry A
Indexes:  [Date] [Thread] [Top] [All Lists]