Since it is a training lab, let the students have root. Expect to re-image the disks on the student machines after every class passes through. Consider that somebody doing a pen-test will likely be doing it from their own machine, they will most likely have root. It may not be the safest, but is the most realistic way to train them. Give them the tools that they will have in the field. I assume that you're already simulating a vulnerable network, you could also do some host based pen-test training. Leave a vulnerable binary on the student systems and have them exploit it before continuing on to network pen-testing. > -----Original Message----- > From: Coral J. Cook [mailto:cjcookat_private] > Sent: Wednesday, May 29, 2002 3:16 PM > To: pen-testat_private > Subject: Training Lab Question > > > This may be a bit off-topic, but I'd like some feedback on > the following > issue: > > I'm in the process of setting up a Pen Testing training lab. The lab > consists of a network of target hosts and a network of attack > hosts (student > workstations). The student workstations running Slackware 8.x > (current). > > Here's my question? What is the best/safest way to allow the > students to run > the tools (mostly nmap and various sniffers) that need root > privileges for > full functionality? Should I just make those tools suid root > or should I use > sudo? Are there any other alternatives? Thanks in advance. > > Coral > > > > -------------------------------------------------------------- > -------------- > This list is provided by the SecurityFocus Security > Intelligence Alert (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security > vulnerabilities please see: > https://alerts.securityfocus.com/ > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu May 30 2002 - 10:06:41 PDT