if the lab is a true pentest simulation, i believe each workstation should maintain a -unique- root, and the students should have that root on their assigned station. attacking without root can be done <of course>, but it really isnt accurate in pentest training. When i pentest, i CERTAINLY have root on the systems i attack from in our labs, or on the laptop i use in the field. Wargaming is a bit different, but im guessing that you aren't getting to that in the class. True wargaming involves more of a "simulated network environment" on the defending team... one where the teams are sub-divided into "actual roles" such as Sysadmin, Webmaster, technician, etc... and they then react to an attack by the other team. so please specifify wargaming vs. pentest training. Are they attacking eachother or are they attacking fixed targets? /oliver p. -----Original Message----- From: Coral J. Cook [mailto:cjcookat_private] Sent: Wednesday, May 29, 2002 4:16 PM To: pen-testat_private Subject: Training Lab Question This may be a bit off-topic, but I'd like some feedback on the following issue: I'm in the process of setting up a Pen Testing training lab. The lab consists of a network of target hosts and a network of attack hosts (student workstations). The student workstations running Slackware 8.x (current). Here's my question? What is the best/safest way to allow the students to run the tools (mostly nmap and various sniffers) that need root privileges for full functionality? Should I just make those tools suid root or should I use sudo? Are there any other alternatives? Thanks in advance. Coral ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu May 30 2002 - 09:59:14 PDT