Solved

Penetration test lab setup

Posted on 2014-02-19
7
772 Views
Last Modified: 2014-03-01
Dear Experts,

I am planning to prepare penetration testing lab in home. I will be installling following machines in vmware workstation or virtual box.
The objective of this is to learn penetration testing in controlled enviroment

1) one windows 2008 server AD with dhcp, dns
2) one windows 2012 server AD with dhcp, dns
3) One win7/win8 client PC
4) One Ubuntu server
5) Backtrack 5r3
6) Kali linux.

All will be running on single box.

Nessus will be running on Kali or backtrack machine

For above congurations I need to have solid motherboard and RAM configuration PC.

Please let me know good motherboards with RAM.
Also motherboard should consume less power so that electricity bill be less.
If you are running this kind of lab please share your experience.
I need cost effective solution.

Also Please specify if you know who will provide VMs on internet, or any sites for pentesting practise there I can practise security skills.

How can I add wireless network in above configuration

Thanks in advance
rjp55
0
Comment
Question by:rjp55
  • 3
  • 3
7 Comments
 
LVL 5

Assisted Solution

by:arjunvyavahare
arjunvyavahare earned 100 total points
ID: 39872802
Hi,

I have own LAB which is configured in VMware and my lab machine's configuration is :

CPU: Intel Core i7
Memory: 16 GB
Disk: 1 TB

and i'm using various tools like Kali/ Backtrack / Nessus/ Nmap/ Wireshark/ Wireless Device Tools etc.

I hope this will help you to prepare your own PT lab.

Regards,
Arjun
0
 

Author Comment

by:rjp55
ID: 39872957
Hi Arjun,

Thanks for the information.

But I want to know exact model motherboard/cpu and type of RAM you are using.
How is the performance of your machine. Can It take load of all machines. What about power consumption

Regards
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 400 total points
ID: 39877432
Each VM will consume 500Mb to 1G of ram, you can give them more but it will be wasted on the VM's. Ram is very cheap these days, the motherboard only has to support the amount of ram you  need, and the CPU is barely a consideration. Ideally you want a CPU that use Intel-VT or AMD-V, That would be my only consideration for the CPU, the motherboard will support those as long as the CPU is the same socket as the motherboard.
Pentesting is hard to do on your own without some guidance or training, I'd start poking around Sans.org for some tips or exercises. Pentesting is not bruteforcing, so the hardware considerations are really unnecessary from that aspect.
Slowness and such isn't a consideration in your scenario, the traffic won't even leave the host's own NIC, and it one host is hogging the CPU a bit, then the others are going to have less available to them no matter what you have going on.
-rich
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 

Author Comment

by:rjp55
ID: 39879459
Than you richrumble for your valueable comment.

I have a basic to intermediate knowledge of pentesting and vulnerability and I want to expand my knowledge in this area.
The idea behind this is to first run vulnerability scanning using nessus or other program from kali/backtrack to other machines like win2008 server/linux server to find vulnerability and learn to exploit using metasploit.
Do you have any idea who will provide a kind of test lab or vms on internet to study this topics,

Thanks in advance
rjp55
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 400 total points
ID: 39879492
Most courses come with the materials and resources you need, I don't know of any free ones at this time. There have been sites over the years that offer games or challenges but they aren't full VM's or anything, mostly demonstration pages
The best one, and I haven't found it's equal since, was the "enterthematrix" hacking challenge, it had a very wide range of challenges. Hackthisite might be one to try in this vain, they typically however don't require running a tool against them (old school).

Here are some various Certificates, perhaps look into training centered around them
http://www.eccouncil.org/Certification/exam-information/ceh-exam-312-50
http://pen-testing.sans.org/certification
http://www.crest-approved.org/

-rich
0
 

Author Comment

by:rjp55
ID: 39884754
Guys,

I need to have more openions on this topics.
Come on and share your expert knowledge.

Thank you
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 400 total points
ID: 39885433
Most people I know took classes or courses, you can setup contrived networks and even find some sites out there that let you test against them. Then your employer should allow you to test against their network with you new skills in a limited, that's how it generally works. I'm not sure what else you need to know. When penetesting, hardware is not the concern, it's the software you testing against 99.% of the time.
-rich
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Suggested Solutions

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now