Tuesday, January 27, 2015

Building your very own Pentest Lab









I am going to go through the steps of building a penetration testing lab, I can’t over emphasizes the point to plan, you can’t do it enough. Please do as I did and look at other articles and books for ideas and fundamentals in information technology. This article assumes the reader has a certain level of understanding in I.T. networking, servers, applications and hypervisors at least.

I.            Planning
a.       Hardware and Software
                                                   i.      You need to start by determining what hardware and software you will need to build your Lab.
b.      Physical or Virtual
                                                   i.      You will also need to think about what type of Lab you will have; will it be all physical devices, one physical device with many Virtual or VM’s, or will you use a hybrid. The manner in which you will determine this will most likely depend on how much money you are willing to spend. The less money you have, the more virtual you will want to go.
c.       What type of pretesting
                                                   i.      It is also a very good idea to have some goals, and be very specific with them, as to what you are building the Lab for. If you have no real agenda then it will make it much harder to know what you need and what to do. There are a great many books and articles on the net I suggest that you do, as I did, and research.
II.            Preparing
a.       Download
                                                   i.      Your Hypervisor(VMware or VirutalBox)
                                                 ii.      Any way you build it you will need to download all required software and applications you will be using. This can actually be the longest part. . All VM’s should be standard and only need to be 32bit for testing.
1.       You should setup your Kali Pentest box first
2.       Have at least one Ubuntu and one Windows box as well
3.       Install any firewall appliances that you may wish to pentest    
III.            Build
a.       Setup
                                                   i.      Start hooking up and configuring you hardware, if using VM’s then start will configuring you Hypervisor
                                                 ii.      All VM’s can use minimum requirements and defaults as they are only testing devices.
                                                iii.      Have and keep a journal or log of all your configurations.
                                               iv.      Make backups and snapshots of all devices before you start your testing
IV.            Pentest
a.       Grab a book, watch a video or take a class; that is where you start! Again this is where your agenda of attacks comes in handy.

Obviously, this is a bit vague but there is no standard way to setting up a pentest lab that is detailed. The only thing you need to know is the tools and where to find them, and unfortunately everyone has a different answer or preference. My suggestion is that you start out basic with one Kali Linux box and one Linux and windows box.  Kali Linux is a very good operating system with all the tools you need to start, there is also an OS for testing on called Metasploitable, also look to the VMware virtual appliance marketplace.

No comments:

Post a Comment