Planning the lab environment

Exclusive offer: get 50% off this eBook here
Instant Penetration Testing: Setting Up a Test Lab How-to [Instant]

Instant Penetration Testing: Setting Up a Test Lab How-to [Instant] — Save 50%

Set up your own penetration testing lab, using practical and precise recipes with this book and ebook

£8.99    £4.50
by Vyacheslav Fadyushin | April 2013 | Open Source

This article by Vyacheslav Fadyushin, author of Instant Penetration Testing: Setting Up a Test Lab How-to, reveals how to plan your lab environment step by step and shows what you should consider during the lab planning process.

(For more resources related to this topic, see here.)

Getting ready

To get the best result after setting up your lab, you should plan it properly at first. Your lab will be used to practise certain penetration testing skills. Therefore, in order to properly plan your lab environment, you should first consider which skills you want to practise. Although you could also have non-common or even unique reasons to build a lab, I can provide you with the average list of skills one might need to practice:

  • Essential skills
    • Discovery techniques

    • Enumeration techniques

    • Scanning techniques

    • Network vulnerability exploitation

    • Privilege escalation

    • OWASP TOP 10 vulnerabilities discovery and exploitation

    • Password and hash attacks

    • Wireless attacks

  • Additional skills
    • Modifying and testing exploits

    • Tunneling

    • Fuzzing

    • Vulnerability research

    • Documenting the penetration testing process

All these skills are applied in real-life penetration testing projects, depending on its depth and the penetration tester's qualifications. The following skills could be practised at three lab types or their combinations:

  • Network security lab

  • Web application lab

  • Wi-Fi lab

I should mention that the lab planning process for each of the three lab types listed consists of the same four phases:

  1. Determining the lab environment requirements: This phase helps you to actually understand what your lab should include. In this phase, all the necessary lab environment components should be listed and their importance for practising different penetration testing skills should be assessed.

  2. Determining the lab environment size: The number of various lab environment components should be defined in this phase.

  3. Determining the required resources: The point of this phase is to choose which hardware and software could be used for building the lab with the specified parameters and fit it with what you actually have or are able to get.

  4. Determining the lab environment architecture: This phase designs the network topology and network address space

How to do it...

Now, I want to describe step by step how to plan a common lab combined of all three lab types listed in the preceding section using the following four-phase approach:

  1. Determine the lab environment requirements:

    To fit our goal and practise particular skills, the lab should contain the following components:

    Skills to practice

    Necessary components

    Discovery techniques

    Several different hosts with various OSs

    Firewall

    IPS

    Enumeration techniques

    Scanning techniques

    Network vulnerability exploitation

    OWASP TOP 10 vulnerabilities discovery and exploitation

    Web server

    Web application

    Database server

    Web Application Firewall

    Password and hash attacks

    Workstations

    Servers

    Domain controller

    FTP server

    Wireless attacks

    Wireless router

    Radius server

    Laptop or any other host with Wi-Fi adapter

    Modifying and testing exploits

    Any host

    Vulnerable network service

    Debugger

    Privilege escalation

    Any host

    Tunnelling

    Several hosts

    Fuzzing

    Any host

    Vulnerable network service

    Debugger

    Vulnerability research

    Documenting the penetration testing process

    Specialized software

    Now, we can make our component list and define the importance of each component for our lab (importance ranges between less important, Additional, and most important, Essential):

    Components

    Importance

    Windows server

    Essential

    Linux server

    Important

    FreeBSD server

    Additional

    Domain controller

    Important

    Web server

    Essential

    FTP Server

    Important

    Web site

    Essential

    Web 2.0 application

    Important

    Web Application Firewall

    Additional

    Database server

    Essential

    Windows workstation

    Essential

    Linux workstation

    Additional

    Laptop or any other host with Wi-Fi adapter

    Essential

    Wireless router

    Essential

    Radius server

    Important

    Firewall

    Important

    IPS

    Additional

    Debugger

    Additional

  2. Determine the lab environment size:

    In this step, we should decide how many instances of each component we need in our lab. We will count only the essential and important components' numbers, so let's exclude all additional components. This means that we've now got the following numbers:

    Components

    Number

    Windows server

    2

    Linux server

    1

    Domain controller

    1

    Web server

    1

    FTP Server

    1

    Web site

    1

    Web 2.0 application

    1

    Database server

    1

    Windows workstation

    2

    Host with Wi-Fi adapter

    2

    Wireless router

    1

    Radius server

    1

    Firewall

    2

  3. Determine required resources:

    Now, we will discuss the required resources:

    • Server and victim workstations will be virtual machines based on VMWare Workstation 8.0. To run the virtual machines without any trouble, you will need to have an appropriate hardware platform based on a CPU with two or more cores and at least 4 GB RAM.

    • Windows servers OSs will work under Microsoft Windows 2008 Server and Microsoft Windows Server 2003.

    • We will use Ubuntu 12.04 LTS as a Linux server OS. Workstations will work under Microsoft Windows XP SP3 and Microsoft Windows 7.

    • ASUS WL-520gc will be used as the LAN and WLAN router.

    • Any laptop as the attacker's host.

    • Samsung Galaxy Tab as the Wi-Fi victim (or other device supporting Wi-Fi).

    We will use free software as a web server, an FTP-server, and a web application, so there is no need for any hardware or financial resources to get these requirements.

  4. Determine the lab environment architecture:

    Now, we need to design our lab network and draw a scheme:

    Address space parameters

    • DHCP server: 192.168.1.1

    • Gateway: 192.168.1.1

    • Address pool: 192.168.1.2-15

    • Subnet mask: 255.255.255.0

How it works...

In the first step, we discovered which types of lab components we need by determining what could be used to practise the following skills:

  • All OSs and network services are suitable for practicing discovery, enumeration, and scanning techniques and also for network vulnerability exploitation. We also need at least two firewalls – windows built-in software and router built-in firewall functions.

  • Firewalls are necessary for learning different scanning techniques and firewall rules detection knowledge. Additionally, you can use any IPS for practicing evasion techniques.

  • A web server, a website, and a web application are necessary for learning how to disclose and exploit OWASP TOP 10 vulnerabilities. Though a Web Application Firewall (WAF) is not necessary, it helps to improve web penetration testing skills to higher level.

  • An FTP service ideally fits to practice password brute-forcing. Microsoft domain services are necessary to understand and try Windows domain passwords and hash attacks including relaying. This is why we need at least one network service with remote password authentication and at least one Windows domain controller with two Windows workstations.

  • A wireless access point is essential for performing various wireless attacks, but it is better to combine LAN router and Wi-Fi access point in one device. So, we will use Wi-Fi router with several LAN ports. A radius server is necessary for practicing attacks on WLAN with WPA-Enterprise security.

  • A Laptop and a tablet PC with any Wi-Fi adapters will work as an attacker, and victim in wireless attacks.

  • Tunnelling techniques could be practiced at any two hosts; it does not matter whether we use Windows or any other OS.

  • Testing and modifying exploits as well as fuzzing and vulnerability research need a debugger installed on a vulnerable host.

  • To properly document a penetration testing process, one can use just any test processor software, but there are several specialized software solutions, which make a thing much more comfortable and easier.

In the second step, we determined which software and hardware we can use as instances of chosen component types and set their importance based on a common lab for a basic and intermediate professional level penetration tester.

In the third step, we understood which solutions will be suitable for our tasks and what we can afford. I have tried to choose a cheaper option, which is why I am going to use virtualization software. The ASUS WL-520gc router combines the LAN router and Wi-Fi access point in the same device, so it is cheaper and more comfortable than using dedicated devices. A laptop and a tablet PC are also chosen for practising wireless attacks, but it is not the cheapest solution.

In the fourth step, we designed our lab network based on determined resources. We have chosen to put all the hosts in the same subnet to set up the lab in an easier way. The subnet has its own DHCP server to dynamically assign network addresses to hosts.

There's more...

Let me give you an account of alternative ways to plan the lab environment details.

Lab environment components variations

It is not necessary to use a laptop as the attacker machine and a tablet PC as the victim – you just need two PCs with connected Wi-Fi adapters to perform various wireless attacks.

As an alternative to virtual machines, a laptop, and a tablet PC or old unused computers (if you have them) could also be used to work as hardware hosts. There is only one condition – their hardware resources should be enough for planned OSs to work.

An IPS could be either a software or hardware, but hardware systems are more expensive. For our needs, it is enough to use any freeware Internet security software including both the firewall and IPS functionality.

It is not essential to choose the same OS as I have chosen in this chapter; you can use any other OSs that support the required functionality. The same is true about network services – it is not necessary to use an FTP service; you can use any other service that supports network password authentication such as telnet and SSH.

You will have to additionally install any debugger on one of the victim's workstations in order to test the new or modified exploits and perform vulnerability research, if you need to.

Finally, you can use any other hardware or virtual router that supports LAN routing and Wi-Fi access point functionality. A connected, dedicated LAN router and Wi-Fi access point are also suitable for the lab.

Choosing virtualization solutions – pros and cons

Here, I want to list some pros and cons of the different virtualization solutions in table format:

Solution

Pros

Cons

VMWare ESXi

  • Enterprise solution
  • Powerful solution
  • Easily supports a lot of virtual machines on the same physical server as separate partitions
  • No need to install the OS
  • Very high cost
  • Requires a powerful server
  • Requires processor virtualization support

VMWare workstation

  • Comfortable to work with
  • User friendly GUI
  • Easy install
  • Virtual *nix systems work fast
  • Better works with virtual graphics
  • Shareware
  • It sometimes faces problems with USB Wi-Fi adapters on Windows 7
  • Demanding towards system resources
  • Does not support 64-bit guest OS
  • Virtual Windows systems work slowly

VMWare player

  • Freeware
  • User-friendly GUI
  • Easy to install
  • Cannot create new virtual machines
  • Poor functionality

Micrisoft Virtual PC

  • Freeware
  • Great compatibility and stability with Microsoft systems
  • Good USB support
  • Easy to install
  • Works only on Windows and only with Windows
  • Does not support a lot of features that concurrent solutions do

Oracle Virtual Box

  • Freeware
  • Virtual Windows systems work fast
  • User-friendly GUI
  • Easy to install
  • Works on Mac OS and Solaris as well as on Windows and Linux
  • Supports the "Teleportation" technology
  • Paid USB support;
  • Virtual *nix systems work slowly

Here, I have listed only the leaders of the virtualization market in my opinion. Historically, I am mostly accustomed to VMWare Workstation, but of course, you can choose any other solutions that you may like.

You can find more comparison info at http://virt.kernelnewbies.org/TechComparison.

Summary

This article explained how you can plan your lab environment.

Resources for Article :


Further resources on this subject:


Instant Penetration Testing: Setting Up a Test Lab How-to [Instant] Set up your own penetration testing lab, using practical and precise recipes with this book and ebook
Published: March 2013
eBook Price: £8.99
See more
Select your format and quantity:

About the Author :


Vyacheslav Fadyushin

Vyacheslav Fadyushin graduated from the Novosibirks State Technical University, with a Master’s degree in Comprehensive Information Security of Automated Systems. He started as a lead information security officer at a power engineering company and continued as a lead information security consultant. Vyacheslav acquired a lot of diverse experience and skills performing various information security audits, and consulting and penetration testing projects with major CIS companies. An experienced information security consultant and penetration tester, at present, he works at the major CIS system integrator company and continues his professional activity performing both management and methodological functions as well as working on customer projects.

Books From Packt


 Instant Netcat Starter [Instant]
Instant Netcat Starter [Instant]

FreeRADIUS Beginner's Guide
FreeRADIUS Beginner's Guide

ICEfaces 1.8: Next Generation Enterprise Web Development
ICEfaces 1.8: Next Generation Enterprise Web Development

 Metasploit Penetration Testing Cookbook
Metasploit Penetration Testing Cookbook

 BackTrack 4: Assuring Security by Penetration Testing
BackTrack 4: Assuring Security by Penetration Testing

Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide
Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide

BackTrack 5 Wireless Penetration Testing Beginner’s Guide
BackTrack 5 Wireless Penetration Testing Beginner’s Guide

 BackTrack 5 Cookbook
BackTrack 5 Cookbook


Code Download and Errata
Packt Anytime, Anywhere
Register Books
Print Upgrades
eBook Downloads
Video Support
Contact Us
Awards Voting Nominations Previous Winners
Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
Resources
Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software