RE: Training Lab Question

From: Greg (gregat_private)
Date: Thu May 30 2002 - 09:21:25 PDT

Next message: John_Leitchat_private: "RE: PEN Testing a everchanging realm in apache"

Previous message: Coral J. Cook: "Training Lab Question"
In reply to: Coral J. Cook: "Training Lab Question"
Next in thread: Jacques Thomas: "Re: Training Lab Question"
Next in thread: Oliver Petruzel: "RE: Training Lab Question"
Reply: Jacques Thomas: "Re: Training Lab Question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

My recommendation would be to give each student a VMWare workstation system
to play with. That way once the course is over or the student trashes their
system (whichever happens sooner) you can simply replace their system with
your master VMWare workstation image.

This means that you can give the students r00t (because it's easier than
trying to setuid lot's of software) and not worry too much about what they
do to the systems.

Consider using VMWare to host your target systems as well for much the same
reasons, this also saves you using lots of physical boxes too.

regards

Greg

BTW Despite the fact that nearly half of my posts to this list seem to
pertain to VMWare (I don't know why) : I am not selling/connected to or
otherwise related to VMWare. That said, VMWare does rock.



> -----Original Message-----
> From: Coral J. Cook [mailto:cjcookat_private]
> Sent: 29 May 2002 21:16
> To: pen-testat_private
> Subject: Training Lab Question
>
>
> This may be a bit off-topic, but I'd like some feedback on the following
> issue:
>
> I'm in the process of setting up a Pen Testing training lab. The lab
> consists of a network of target hosts and a network of attack
> hosts (student
> workstations). The student workstations running Slackware 8.x (current).
>
> Here's my question? What is the best/safest way to allow the
> students to run
> the tools (mostly nmap and various sniffers) that need root privileges for
> full functionality? Should I just make those tools suid root or
> should I use
> sudo? Are there any other alternatives? Thanks in advance.
>
> Coral
>
>
>
> ------------------------------------------------------------------
> ----------
> This list is provided by the SecurityFocus Security Intelligence
> Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities
> please see:
> https://alerts.securityfocus.com/
>


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: John_Leitchat_private: "RE: PEN Testing a everchanging realm in apache"
Previous message: Coral J. Cook: "Training Lab Question"
In reply to: Coral J. Cook: "Training Lab Question"
Next in thread: Jacques Thomas: "Re: Training Lab Question"
Next in thread: Oliver Petruzel: "RE: Training Lab Question"
Reply: Jacques Thomas: "Re: Training Lab Question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu May 30 2002 - 09:51:32 PDT