Keeping skills up to date is extremely important in most professions; it is no different for penetration testing. Penetration testing skills take time to develop and to top it off the information security landscape changes on a daily basis. With this in mind, it is not difficult in this day and age to obtain a semi-powerful computer system with 4-16 gigs of RAM and a four or six core processor. Equipment such as this allows a penetration tester to build out full-fledged virtual networks that can be used as practice labs. In this chapter, we review building such environments. We will attempt to emulate the types of secured networks we might see in use, using limited system resources.
We will discuss the following items in this chapter:
It may seem that experimenting in a more comprehensive testing environment will always be the best choice once you have your labs built out, but in fact, you may only be adding unnecessary complexities that may divert or completely ruin the test.
Let's take a look at setting up a web server to run a simple web application. We will need to determine what we are testing before we choose our lab environment. Some of the questions that should be asked include:
Hopefully this quick list of basic questions will prepare you for the considerations that should be taken into account when choosing which type of lab is preferable and for which task. There are many scenarios that can be tested with a simple virtual guest machine speaking to another; on the other hand there are some scenarios that will require the usage of tens and even hundreds of systems to accurately represent the experience you will have in a real world environment. Regardless of how you choose to build out your lab it should always allow you to make modifications or to build upon existing systems. It should also be simple to manage and update as needed.
13.59.96.247