• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 835
  • Last Modified:

Penetration test lab setup

Dear Experts,

I am planning to prepare penetration testing lab in home. I will be installling following machines in vmware workstation or virtual box.
The objective of this is to learn penetration testing in controlled enviroment

1) one windows 2008 server AD with dhcp, dns
2) one windows 2012 server AD with dhcp, dns
3) One win7/win8 client PC
4) One Ubuntu server
5) Backtrack 5r3
6) Kali linux.

All will be running on single box.

Nessus will be running on Kali or backtrack machine

For above congurations I need to have solid motherboard and RAM configuration PC.

Please let me know good motherboards with RAM.
Also motherboard should consume less power so that electricity bill be less.
If you are running this kind of lab please share your experience.
I need cost effective solution.

Also Please specify if you know who will provide VMs on internet, or any sites for pentesting practise there I can practise security skills.

How can I add wireless network in above configuration

Thanks in advance
rjp55
0
rjp55
Asked:
rjp55
  • 3
  • 3
4 Solutions
 
Arjun VyavahareTechnical ConsultantCommented:
Hi,

I have own LAB which is configured in VMware and my lab machine's configuration is :

CPU: Intel Core i7
Memory: 16 GB
Disk: 1 TB

and i'm using various tools like Kali/ Backtrack / Nessus/ Nmap/ Wireshark/ Wireless Device Tools etc.

I hope this will help you to prepare your own PT lab.

Regards,
Arjun
0
 
rjp55Author Commented:
Hi Arjun,

Thanks for the information.

But I want to know exact model motherboard/cpu and type of RAM you are using.
How is the performance of your machine. Can It take load of all machines. What about power consumption

Regards
0
 
Rich RumbleSecurity SamuraiCommented:
Each VM will consume 500Mb to 1G of ram, you can give them more but it will be wasted on the VM's. Ram is very cheap these days, the motherboard only has to support the amount of ram you  need, and the CPU is barely a consideration. Ideally you want a CPU that use Intel-VT or AMD-V, That would be my only consideration for the CPU, the motherboard will support those as long as the CPU is the same socket as the motherboard.
Pentesting is hard to do on your own without some guidance or training, I'd start poking around Sans.org for some tips or exercises. Pentesting is not bruteforcing, so the hardware considerations are really unnecessary from that aspect.
Slowness and such isn't a consideration in your scenario, the traffic won't even leave the host's own NIC, and it one host is hogging the CPU a bit, then the others are going to have less available to them no matter what you have going on.
-rich
0
Become an IT Security Management Expert

In today’s fast-paced, digitally transformed world of business, the need to protect network data and ensure cloud privacy has never been greater. With a B.S. in Network Operations and Security, you can get the credentials it takes to become an IT security management expert.

 
rjp55Author Commented:
Than you richrumble for your valueable comment.

I have a basic to intermediate knowledge of pentesting and vulnerability and I want to expand my knowledge in this area.
The idea behind this is to first run vulnerability scanning using nessus or other program from kali/backtrack to other machines like win2008 server/linux server to find vulnerability and learn to exploit using metasploit.
Do you have any idea who will provide a kind of test lab or vms on internet to study this topics,

Thanks in advance
rjp55
0
 
Rich RumbleSecurity SamuraiCommented:
Most courses come with the materials and resources you need, I don't know of any free ones at this time. There have been sites over the years that offer games or challenges but they aren't full VM's or anything, mostly demonstration pages
The best one, and I haven't found it's equal since, was the "enterthematrix" hacking challenge, it had a very wide range of challenges. Hackthisite might be one to try in this vain, they typically however don't require running a tool against them (old school).

Here are some various Certificates, perhaps look into training centered around them
http://www.eccouncil.org/Certification/exam-information/ceh-exam-312-50
http://pen-testing.sans.org/certification
http://www.crest-approved.org/

-rich
0
 
rjp55Author Commented:
Guys,

I need to have more openions on this topics.
Come on and share your expert knowledge.

Thank you
0
 
Rich RumbleSecurity SamuraiCommented:
Most people I know took classes or courses, you can setup contrived networks and even find some sites out there that let you test against them. Then your employer should allow you to test against their network with you new skills in a limited, that's how it generally works. I'm not sure what else you need to know. When penetesting, hardware is not the concern, it's the software you testing against 99.% of the time.
-rich
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now