Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Penetration test lab setup

Posted on 2014-02-19
7
Medium Priority
?
828 Views
Last Modified: 2014-03-01
Dear Experts,

I am planning to prepare penetration testing lab in home. I will be installling following machines in vmware workstation or virtual box.
The objective of this is to learn penetration testing in controlled enviroment

1) one windows 2008 server AD with dhcp, dns
2) one windows 2012 server AD with dhcp, dns
3) One win7/win8 client PC
4) One Ubuntu server
5) Backtrack 5r3
6) Kali linux.

All will be running on single box.

Nessus will be running on Kali or backtrack machine

For above congurations I need to have solid motherboard and RAM configuration PC.

Please let me know good motherboards with RAM.
Also motherboard should consume less power so that electricity bill be less.
If you are running this kind of lab please share your experience.
I need cost effective solution.

Also Please specify if you know who will provide VMs on internet, or any sites for pentesting practise there I can practise security skills.

How can I add wireless network in above configuration

Thanks in advance
rjp55
0
Comment
Question by:rjp55
  • 3
  • 3
7 Comments
 
LVL 5

Assisted Solution

by:Arjun Vyavahare
Arjun Vyavahare earned 300 total points
ID: 39872802
Hi,

I have own LAB which is configured in VMware and my lab machine's configuration is :

CPU: Intel Core i7
Memory: 16 GB
Disk: 1 TB

and i'm using various tools like Kali/ Backtrack / Nessus/ Nmap/ Wireshark/ Wireless Device Tools etc.

I hope this will help you to prepare your own PT lab.

Regards,
Arjun
0
 

Author Comment

by:rjp55
ID: 39872957
Hi Arjun,

Thanks for the information.

But I want to know exact model motherboard/cpu and type of RAM you are using.
How is the performance of your machine. Can It take load of all machines. What about power consumption

Regards
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 1200 total points
ID: 39877432
Each VM will consume 500Mb to 1G of ram, you can give them more but it will be wasted on the VM's. Ram is very cheap these days, the motherboard only has to support the amount of ram you  need, and the CPU is barely a consideration. Ideally you want a CPU that use Intel-VT or AMD-V, That would be my only consideration for the CPU, the motherboard will support those as long as the CPU is the same socket as the motherboard.
Pentesting is hard to do on your own without some guidance or training, I'd start poking around Sans.org for some tips or exercises. Pentesting is not bruteforcing, so the hardware considerations are really unnecessary from that aspect.
Slowness and such isn't a consideration in your scenario, the traffic won't even leave the host's own NIC, and it one host is hogging the CPU a bit, then the others are going to have less available to them no matter what you have going on.
-rich
0
Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

 

Author Comment

by:rjp55
ID: 39879459
Than you richrumble for your valueable comment.

I have a basic to intermediate knowledge of pentesting and vulnerability and I want to expand my knowledge in this area.
The idea behind this is to first run vulnerability scanning using nessus or other program from kali/backtrack to other machines like win2008 server/linux server to find vulnerability and learn to exploit using metasploit.
Do you have any idea who will provide a kind of test lab or vms on internet to study this topics,

Thanks in advance
rjp55
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 1200 total points
ID: 39879492
Most courses come with the materials and resources you need, I don't know of any free ones at this time. There have been sites over the years that offer games or challenges but they aren't full VM's or anything, mostly demonstration pages
The best one, and I haven't found it's equal since, was the "enterthematrix" hacking challenge, it had a very wide range of challenges. Hackthisite might be one to try in this vain, they typically however don't require running a tool against them (old school).

Here are some various Certificates, perhaps look into training centered around them
http://www.eccouncil.org/Certification/exam-information/ceh-exam-312-50
http://pen-testing.sans.org/certification
http://www.crest-approved.org/

-rich
0
 

Author Comment

by:rjp55
ID: 39884754
Guys,

I need to have more openions on this topics.
Come on and share your expert knowledge.

Thank you
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 1200 total points
ID: 39885433
Most people I know took classes or courses, you can setup contrived networks and even find some sites out there that let you test against them. Then your employer should allow you to test against their network with you new skills in a limited, that's how it generally works. I'm not sure what else you need to know. When penetesting, hardware is not the concern, it's the software you testing against 99.% of the time.
-rich
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Considering today’s continual security threats, which affect Information technology networks and systems worldwide, it is very important to practice basic security awareness. A normal system user can secure himself or herself by following these simp…
The Internet has made sending and receiving information online a breeze. But there is also the threat of unauthorized viewing, data tampering, and phoney messages. Surprisingly, a lot of business owners do not fully understand how to use security t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question