• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Help me design my "Test Lab"

2

2canSAM

Diamond Member
OK guys a while back I posted about "Network Security" and learning the ins and outs. Upon the recommendation of others here I acquired some other computers to set up as my test lab. I want to learn but I don't think jail time is a reasonable price to pay. Anyway here is my current setup. Tell me what you guys think and what you would change. I will also be trying to get a feel for general Network management and plan to use ISA server 2000 and Exchange Server 2000 to complete my MCSE.


Domain Server:
Running Windows 2000 Advanced Server, SP2, All updates applied.

ISA 2000 Server: (This is set-up for sharing a dial-up account, no other options in my area yet)
Running Windows 2000 Advanced Server, SP2, All updates applied and IIS removed

Exchange Server:
Running Windows 2000 Advanced Server, SP2, All updates applied.

Client PC1:
Running Windows 2000 Professional, SP2, All updates applied.

Client PC2:
Running Windows 2000 Professional, SP2, All updates applied

Client PC3: (used for MP3 sharing only, needed the smallest os I could toss on there, hopefully will be a Linux box in a few weeks)
Running Windows 95OSR2,


So far I have renamed all the local Admin accounts and created dummy accounts that are named administrator that are actually locked out. I have been playing with setting Global policies for security. Before I was running 2000 Pro on both machines with ICS and Zone Alarm, I would like to transfer that all over to ISA server 2000 but is the firewall built in any good. Can I run ZA and the built firewall together? Thanks in advance for your help
 
If you are looking to test intrusions and attacks, you'll need at least one machine "outside" your network to simulate external attacks.
You're probably covered on the internal stuff pretty well.

Also, and don't take this personally...learning "security" using only M$ products is probably short-sighted at best, laughable at worst. Their products are not considered "secure" in any way, shape or form by anyone in the network security field.
 


<< If you are looking to test intrusions and attacks, you'll need at least one machine "outside" your network to simulate external attacks.
You're probably covered on the internal stuff pretty well. >>




Exactly, basically what I am wanting to do is learn how hackers get into systems, what tools or methods they use and what to really look for when locking down systems or more importantly servers. On the issue of needing to be outside my network how,if I can, do this without having to dial into my machines. From what I understand I would have to set one of them up as a RAS server or such.
 
Setup an additional NIC in your ISA server, which you can use to simulate the outside world. Plug it into a hub, put another machine on the hub as well. Voila, an external attack machine.
 


<< Setup an additional NIC in your ISA server, which you can use to simulate the outside world. Plug it into a hub, put another machine on the hub as well. Voila, an external attack machine. >>



OK idiot mode for me. Right now I have a 16 port hub coming off a 5 port switch. I have an extra NIC to put in the ISA server. Can both NICS (interneal & External) and the "attack machine be connected to the same hub? Right now my setup is using the 192.168.0.xxx range. Would I set up the "attack machine in this range?
 
If your internal network is using 192.168.0.xxx, then no, the external machine would need to be on a different network. The ISA server's "external" NIC would also be on a network different from 192.168.0.xxx. Since they are on a different network from the "internal" interface, you would need to set them up on a separate networking device (even, tho, theoretically, putting them on the same hub--or especially the same switch--would work) to truly keep traffic separated (which is essential for your testing).

Setting up this kind of infrastructure will help give you a good foundation in the theory and implementation of "internal" vs. "external" networks, which, quite frankly, a lot of people in the networking field lack.
 
Buy the book "Hacker's Challenge" for an easily transported data set. It has 20 security scenarios with the logs trimmed to just the relevant data. Viewing that data, you can learn how some of these attacks take place. Also, check out The Honeynet Project and look at their scan of the month section. More data from attacks, along with logs and analysis. I also recommend all of the Hacking Exposed books. Check out Bookpool.com for your techie book purchases.

As pointed out, you need a machine "outside" to do many attacks, and you need at least one linux/unix machine. Even if you aren't planning on attacking it, most of the good tools are linux/unix native, and you'll be missing out on a lot of useful programs for learning and testing security if you don't have one.

I'll be glad to point out more useful security books and web sites if you are interested. There is a ton out there, and I can't keep up, even though I use part of my time at work to do a lot of security reading (since it is job related, I can get away with it).

RagManX
 
Thanks much to tallgeese I know have an outside attack box. I set up the 2nd NIC in the ISA server and ran a cross over cable to the "attack box" I have both set up in the 10.10.0.xxx range and my internal network is in the 192.168.xxx.xxx range. Everything in the internal network is working just as before. On the external I can ping the attack machine from the ISA server but not from the attack machine to the ISA Server. I thought it might just be the built in firewall but I can ping the ISA server from any machine on the internal network. Shouldn't I be able to at least ping the ISA Server from the attack machine? I will be setting up a *nix box in the next couple of days and am planning on making my attack box a linux box as well.
 
when designing a test lab it pays to have a diverse configuration; it sounds like your layout is fairly Microsoft-centric. Honestly, the terms 'computer security' and 'Microsoft' are oxymorons, at least as far as serious security researchersare concerned; lots of vulnerabilities are discovered in MS products that people don't hear about in a public forum; they are simply rolled into some other patch or service pack. i recommend at least a few different UNIX machines, because while Microsoft will drone on all day about how their operating systems power critical internet infrastructure servers, all the root servers for DNS are UNIX. Large scale financial servers are UNIX; IBM just made a bid to switch all the NYSE's systems to Linux/S390 [i think, don't quote me on that] anyways, check out www.freebsd.org in addition to linux. Also, stay away from 'point and click' penetration tools, like Nessus or ISS. go hardcore and learn CLI tools so you get a more fine-grained hands-on experience with them, rather than using a pretty frontend to do the work.
 
The reason I am staying mostly Microsoft is because that is what most of the companies that I know anything about their infanstructure are running. Lets try this again. Here is what I have in the way of PC's, now you guys can configure the lab for Network Security Testing. In essence if you had these PC's how would you set them up in a LAB.


PC 1 = PII 400, 128mb, 6.4gb
PC 2 = PII 400, 128mb, 4.3gb
PC 3 = P166, 64mb , 2.5gb
PC 4 = Celeron 500, 128mb, 6.4gb
PC 5 = AMD 800, 512mb, 40gig


PC 5 is my main machine and as much as I would like to keep it windows I guess the best way to learn Linux would be to toss it on there and go. Are there any versions to aviod when using an Abit KT7 Raid board?
 
My personal security test network, if it ever gets built, will be as follows:

Main/gaming rig - 1.0 GHz TBird, WinXP
Web Victim - 800 MHz Duron, WinXP, IIS on port 80 - unpatched, Apache on port 8080 - default install
NT 4.0 Sacrificial Lamb - Dual Pentium 100 (yup, one hundred) box with NT 4.0 - latest service pack
Linux victim - Pentium 166, RedHat (latest available at install time), default install, no firewall
Linux attacker - Haven't determined which distro yet, 600 MHz Duron, tons of attack tools
Routing Linux box - Pentium 75, RedHat, default high security install
SPARC victim - Sparc 4, RedHat latest, spare drive with Solaris
Router victim - Cisco 2501, latest IOS

I have several hubs and switches, and can move stuff around on multiple networks with this. I have other machines I can put in as needed. You obviously don't have all the equipment I have (and I don't have near what others do), but this should give you an idea of something to start with.

Based on what knowledge I'm guessing you have, I'd stick with one Linux install, and the rest various versions of Windows. As you learn more about Linux, expand your systems - try FreeBSD or OpenBSD, try to get Solaris, test different Linux distributions. It can take a long time to really get in to this and understand what you are seeing and doing. Let me know if I can help with anything.

RagManX
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top