Re: Looking to set up an infosec lab

From: Ned Kratzer (NedK@fltg.com)
Date: Tue Jul 31 2007 - 09:13:18 EDT

• Next message: Rafa Richart: "Analize Virus"
• Previous message: John M. Martinelli: "Looking to set up an infosec lab"
• Maybe in reply to: John M. Martinelli: "Looking to set up an infosec lab"
• Next in thread: Jamie Riden: "Re: Looking to set up an infosec lab"
• Reply: Jamie Riden: "Re: Looking to set up an infosec lab"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

It depends on the type of environment in which you want to look for
vulnerabilities...servers, business desktops/workstations or home
computers?

For servers, if you want your lab to mirror the "real world" as much as
possible, I'd recommend a version of RedHat 7 or newer, RedHat
Enterprise 2.1 or newer, Solaris 2.6 or newer, Win 2k and 2k3 Server
(maybe even NT4 Server).

For business desktop/workstations, 2000 and XP Pro are probably gonna
be your best bets.

Now for the "home computer" situation, Mac OSX 10.2 or newer, Win 9x,
Me, XP Home and Vista are gonna be your biggest share, on the *nix side,
I'd probably throw in Ubuntu and RedHat, maybe OpenSUSE and Fedora too.

-- Ned

>>> "John M. Martinelli" <john@martinelli.com> 07/30/07 09:40PM >>>
Hi, list.

A few of the previous e-mails going out on the mailing list got my
attention - I'm interested in building a moderate hacklab to conduct
mock attacks, intrusion detection, detection evasion, etcetera. My
hardware situation allows me to deploy a VMware or Parallels lab -
what kind of machines would you set up in my situation?

I plan on having a few Windows machines - perhaps a '98 box, a 2000
box, and an XP box. As far as Linux, I'd like to set up a Zoot
(RedHat 6.2) and BSD box, but beyond that I'm asking for advice.
Which flavors would you put up for conducting general vulnerability
testing?

Thanks,
John Martinelli
RedLevel.org Security

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: Rafa Richart: "Analize Virus"
• Previous message: John M. Martinelli: "Looking to set up an infosec lab"
• Maybe in reply to: John M. Martinelli: "Looking to set up an infosec lab"
• Next in thread: Jamie Riden: "Re: Looking to set up an infosec lab"
• Reply: Jamie Riden: "Re: Looking to set up an infosec lab"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:59 EDT