Re: Lab leads??

From: Matthew Leeds (mleedsat_private)
Date: Wed Oct 17 2001 - 15:34:03 PDT

Next message: rudi carell: "htdig HOWTO followup"

Previous message: patrik.karlssonat_private: "Xsecurity.tool.smbat.0.9.1"
In reply to: Alex Butcher (pentest): "Re: Lab leads??"
Next in thread: Greg Rice: "RE: Lab leads??"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

We use the imaging method in our QA lab all the time. We build systems with two hard drives, one holds all the images, the other is the target for whatever current image you want to be running. With a boot floppy for whatever favorite image tool you use, you're all set. We had started with removable drives, but found that to be slow, costly, and labor intensive. With the most current image tools you can store the images on a server as the boot floppies can also hold network drivers. Or of course you can build boot CDs, but since modern image tools will build you a boot floppy, why bother.

---Matthew
*********** REPLY SEPARATOR  ***********

On 10/17/2001 at 8:12 PM Alex Butcher (pentest) wrote:

>On Tue, 16 Oct 2001, 'ken'@FTU wrote:
>
>> Hello,
>>
>> I'm looking to set up a lab of about 30 host to simulater an
>> Internet/DMZ/Intranet.
>>
>> Does anyone have any sources (papers) or ideas that might help? Here are
>> a few parameters:
>>
>> Lab must contain various OS'es.
>> Lab must be able to be very easily configurable to create and
>> demonstrate holes and how to patch them. (But then recreate the hole to
>> demonstrate the weakness again to another set of people.)
>> The holes must be at the network, os and application levels.
>>
>> One idea I had is to create images of servers known to have holes,
>> demonstrate the exploit, patch the hole, show it is fixed and then
>> reimage the disk with the old hole. The imaging trick should work with
>> different OS's as well. What do you think?
>
>VMware is very nice for this. You can backup the "clean" image before and
>after hardening it, so you can reuse it again and again. If you have
>enough memory, you can even run multiple hosts on the same piece of
>hardware.
>
>> Thanks in advance.
>> 'ken'
>
>Best Regards,
>Alex.
>
>
>
>----------------------------------------------------------------------------
>This list is provided by the SecurityFocus Security Intelligence Alert
>(SIA)
>Service. For more information on SecurityFocus' SIA service which
>automatically alerts you to the latest security vulnerabilities please see:
>https://alerts.securityfocus.com/




----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: rudi carell: "htdig HOWTO followup"
Previous message: patrik.karlssonat_private: "Xsecurity.tool.smbat.0.9.1"
In reply to: Alex Butcher (pentest): "Re: Lab leads??"
Next in thread: Greg Rice: "RE: Lab leads??"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Oct 18 2001 - 10:35:34 PDT