Penetration test lab setup

Dear Experts,

I am planning to prepare penetration testing lab in home. I will be installling following machines in vmware workstation or virtual box.
The objective of this is to learn penetration testing in controlled enviroment

1) one windows 2008 server AD with dhcp, dns
2) one windows 2012 server AD with dhcp, dns
3) One win7/win8 client PC
4) One Ubuntu server
5) Backtrack 5r3
6) Kali linux.

All will be running on single box.

Nessus will be running on Kali or backtrack machine

For above congurations I need to have solid motherboard and RAM configuration PC.

Please let me know good motherboards with RAM.
Also motherboard should consume less power so that electricity bill be less.
If you are running this kind of lab please share your experience.
I need cost effective solution.

Also Please specify if you know who will provide VMs on internet, or any sites for pentesting practise there I can practise security skills.

How can I add wireless network in above configuration

Thanks in advance
rjp55
rjp55Asked:
Who is Participating?
 
Rich RumbleSecurity SamuraiCommented:
Most courses come with the materials and resources you need, I don't know of any free ones at this time. There have been sites over the years that offer games or challenges but they aren't full VM's or anything, mostly demonstration pages
The best one, and I haven't found it's equal since, was the "enterthematrix" hacking challenge, it had a very wide range of challenges. Hackthisite might be one to try in this vain, they typically however don't require running a tool against them (old school).

Here are some various Certificates, perhaps look into training centered around them
http://www.eccouncil.org/Certification/exam-information/ceh-exam-312-50
http://pen-testing.sans.org/certification
http://www.crest-approved.org/

-rich
0
 
Arjun VyavahareTechnical ConsultantCommented:
Hi,

I have own LAB which is configured in VMware and my lab machine's configuration is :

CPU: Intel Core i7
Memory: 16 GB
Disk: 1 TB

and i'm using various tools like Kali/ Backtrack / Nessus/ Nmap/ Wireshark/ Wireless Device Tools etc.

I hope this will help you to prepare your own PT lab.

Regards,
Arjun
0
 
rjp55Author Commented:
Hi Arjun,

Thanks for the information.

But I want to know exact model motherboard/cpu and type of RAM you are using.
How is the performance of your machine. Can It take load of all machines. What about power consumption

Regards
0
Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

 
Rich RumbleSecurity SamuraiCommented:
Each VM will consume 500Mb to 1G of ram, you can give them more but it will be wasted on the VM's. Ram is very cheap these days, the motherboard only has to support the amount of ram you  need, and the CPU is barely a consideration. Ideally you want a CPU that use Intel-VT or AMD-V, That would be my only consideration for the CPU, the motherboard will support those as long as the CPU is the same socket as the motherboard.
Pentesting is hard to do on your own without some guidance or training, I'd start poking around Sans.org for some tips or exercises. Pentesting is not bruteforcing, so the hardware considerations are really unnecessary from that aspect.
Slowness and such isn't a consideration in your scenario, the traffic won't even leave the host's own NIC, and it one host is hogging the CPU a bit, then the others are going to have less available to them no matter what you have going on.
-rich
0
 
rjp55Author Commented:
Than you richrumble for your valueable comment.

I have a basic to intermediate knowledge of pentesting and vulnerability and I want to expand my knowledge in this area.
The idea behind this is to first run vulnerability scanning using nessus or other program from kali/backtrack to other machines like win2008 server/linux server to find vulnerability and learn to exploit using metasploit.
Do you have any idea who will provide a kind of test lab or vms on internet to study this topics,

Thanks in advance
rjp55
0
 
rjp55Author Commented:
Guys,

I need to have more openions on this topics.
Come on and share your expert knowledge.

Thank you
0
 
Rich RumbleSecurity SamuraiCommented:
Most people I know took classes or courses, you can setup contrived networks and even find some sites out there that let you test against them. Then your employer should allow you to test against their network with you new skills in a limited, that's how it generally works. I'm not sure what else you need to know. When penetesting, hardware is not the concern, it's the software you testing against 99.% of the time.
-rich
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.