Re: Lab OS Choices

From: Peter Manis (manis@digital39.com)
Date: Sat Aug 11 2007 - 20:24:04 EDT


Thanks Shaon, I will do some searches.

Your advice on the internet connection is directed at when I start
doing things remotely correct? since my labs would be internal. For
my internal work I was going to buy some Cisco 2950 switches to play
with, which came from another post.

I am rural so I don't know that ADSL2 would be available, and where I
am moving I know I can get fiber, cable and standard dsl. Will cable
handle the exotic port scans? or do I need to go with fiber if ADSL2
is not available?.

Thanks,

PM

On 8/11/07, Shaon Diwakar <shaon.diwakar@yahoo.com.au> wrote:
> Hi Peter,
>
> This issue has been discussed on the list a few times, so you might find some great advice from looking in the archives as well...
>
> I would recommend having a base desktop build with what ever OS you are comfortable (GNU/Linux, Windows or even MacOSX) and using VMWare Server or Parallels images.
>
> There are some good virtual machine appliances available on the VMWare site, which should save you the time of creating images yourself. You can then practise your pen testing techniques against these. I've even used Backtrack Linux in a VM - and all but the wireless & bluetooth tools work well (though, you might get some port scanning issues out of VM's depending on your config, since the virtual ethernet adapter NAT's packets). Having a dual booting laptop is also great for learning wireless pen testing etc.
>
> So I'd say its easiest to have a few desktops and a nice stable server to host your virtual machines on.
>
> The most important thing is your Internet connection, its worth devoting time to researching the technology you wish to use and the hardware to support that - ADSL2+ if available, should be great, but be vary of those SOHO routers - some do not seem to deal with large volumes of exotic port scans well. In my experience you'd probably have less headaches if you purchase something which is more configurable e.g. a Cisco 800 series or similar within your budget?
>
>
>
> ----- Original Message ----
> From: Peter Manis <manis@digital39.com>
> To: pen-test@securityfocus.com
> Sent: Sunday, 12 August, 2007 8:40:25 AM
> Subject: Lab OS Choices
>
> I am new to the world of pen testing and am working on building a lab.
> What operating systems and versions do you recommend for a good all
> around lab. Windows of course is a big one, but do you go back to 98?
> Being a beginner I would think having all the patches on XP or Vista
> might make it difficult to learn. I would also think adding a secure
> OS like openbsd would be a waste of time for a beginner to try to gain
> access to. All advice is appreciated.
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
>
>
>
>

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:00 EDT