Q: OK guys a while back I posted about “Network Security” and learning the ins and outs. Following the recommendation of others here, I acquired some other computers in my test lab to be. I want to learn but I do not think jail time is a reasonable price to pay. Anyway heres my current setup. Tell me what you think and what you would change. I will also try to get a feel for the overall management of the network and plan to ISA Server 2000 and Exchange Server 2000 MCSE to my full advantage.
Domain Server:
Running Windows 2000 Advanced Server, SP2, all updates applied.
ISA 2000 Server: (This is the set up for sharing a dial-up account, no other options in my area yet)
Running Windows 2000 Advanced Server, SP2, all updates applied and removed
Exchange IIS Server:
Running Windows 2000 Advanced Server, SP2, all updates are applied.
Client PC1:
Running Windows 2000 Professional, SP2, all updates applied.
Client PC2:
Running Windows 2000 Professional, SP2, all updates applied
Client PC3: (used for sharing MP3 only needed the smallest os I could throw up, hopefully a Linux box in a few weeks)
Running Windows 95OSR2 be
So far I have called all local admin accounts and created dummy accounts that are named manager actually locked. Ive been playing with setting the general guidelines for safety. Before I ran 2000 Pro on both machines ICS and Zone Alarm, I want to transfer all that over to ISA Server 2000, but the firewall built into each well. Can I use ZA firewall and built together? Thanks in advance for your help
Virtual Private Server (vps) with Web Interface, for MetaTrader Forex
Re:My personal security test network, if it ever gets built, will be as follows:
Main/gaming rig – 1.0 GHz TBird, WinXP
Web Victim – 800 MHz Duron, WinXP, IIS on port 80 – unpatched, Apache on port 8080 – default install
NT 4.0 Sacrificial Lamb – Dual Pentium 100 (yup, one hundred) box with NT 4.0 – latest service pack
Linux victim – Pentium 166, RedHat (latest available at install time), default install, no firewall
Linux attacker – Haven't determined which distro yet, 600 MHz Duron, tons of attack tools
Routing Linux box – Pentium 75, RedHat, default high security install
SPARC victim – Sparc 4, RedHat latest, spare drive with Solaris
Router victim – Cisco 2501, latest IOS
I have several hubs and switches, and can move stuff around on multiple networks with this. I have other machines I can put in as needed. You obviously don't have all the equipment I have (and I don't have near what others do), but this should give you an idea of something to start with.
Based on what knowledge I'm guessing you have, I'd stick with one Linux install, and the rest various versions of Windows. As you learn more about Linux, expand your systems – try FreeBSD or OpenBSD, try to get Solaris, test different Linux distributions. It can take a long time to really get in to this and understand what you are seeing and doing. Let me know if I can help with anything.
guy
Setting Up A Web Server.
Re:The reason I am staying mostly Microsoft is because that is what most of the companies that I know anything about their infanstructure are running. Lets try this again. Here is what I have in the way of PC's, now you guys can configure the lab for Network Security Testing. In essence if you had these PC's how would you set them up in a LAB.
PC 1 = PII 400, 128mb, 6.4gb
PC 2 = PII 400, 128mb, 4.3gb
PC 3 = P166, 64mb , 2.5gb
PC 4 = Celeron 500, 128mb, 6.4gb
PC 5 = AMD 800, 512mb, 40gig
PC 5 is my main machine and as much as I would like to keep it windows I guess the best way to learn Linux would be to toss it on there and go. Are there any versions to aviod when using an Abit KT7 Raid board?
2000 Fans in 27 Days
Re:when designing a test lab it pays to have a diverse configuration; it sounds like your layout is fairly Microsoft-centric. Honestly, the terms 'computer security' and 'Microsoft' are oxymorons, at least as far as serious security researchersare concerned; lots of vulnerabilities are discovered in MS products that people don't hear about in a public forum; they are simply rolled into some other patch or service pack. i recommend at least a few different UNIX machines, because while Microsoft will drone on all day about how their operating systems power critical internet infrastructure servers, all the root servers for DNS are UNIX. Large scale financial servers are UNIX; IBM just made a bid to switch all the NYSE's systems to Linux/S390 [i think, don't quote me on that] anyways, check out www.freebsd.org in addition to linux. Also, stay away from 'point and click' penetration tools, like Nessus or ISS. go hardcore and learn CLI tools so you get a more fine-grained hands-on experience with them, rather than using a pretty frontend to do the work.
TVonPC Elite – 2000+ Tv Channels And Radio Stations On PC And Laptop
Re:Thanks much to tallgeese I know have an outside attack box. I set up the 2nd NIC in the ISA server and ran a cross over cable to the "attack box" I have both set up in the 10.10.0.xxx range and my internal network is in the 192.168.xxx.xxx range. Everything in the internal network is working just as before. On the external I can ping the attack machine from the ISA server but not from the attack machine to the ISA Server. I thought it might just be the built in firewall but I can ping the ISA server from any machine on the internal network. Shouldn't I be able to at least ping the ISA Server from the attack machine? I will be setting up a *nix box in the next couple of days and am planning on making my attack box a linux box as well.
74.50 Per Sale. $2000 In One Hour!
Re:Buy the book "Hacker's Challenge" for an easily transported data set. It has 20 security scenarios with the logs trimmed to just the relevant data. Viewing that data, you can learn how some of these attacks take place. Also, check out The Honeynet Project (http://project.honeynet.org/) and look at their scan of the month section. More data from attacks, along with logs and analysis. I also recommend all of the Hacking Exposed books. Check out Bookpool.com for your techie book purchases.
As pointed out, you need a machine "outside" to do many attacks, and you need at least one linux/unix machine. Even if you aren't planning on attacking it, most of the good tools are linux/unix native, and you'll be missing out on a lot of useful programs for learning and testing security if you don't have one.
I'll be glad to point out more useful security books and web sites if you are interested. There is a ton out there, and I can't keep up, even though I use part of my time at work to do a lot of security reading (since it is job related, I can get away with it).
guy
Business Marketing – $2000 Course for just $47
Re:If your internal network is using 192.168.0.xxx, then no, the external machine would need to be on a different network. The ISA server's "external" NIC would also be on a network different from 192.168.0.xxx. Since they are on a different network from the "internal" interface, you would need to set them up on a separate networking device (even, tho, theoretically, putting them on the same hub–or especially the same switch–would work) to truly keep traffic separated (which is essential for your testing).
Setting up this kind of infrastructure will help give you a good foundation in the theory and implementation of "internal" vs. "external" networks, which, quite frankly, a lot of people in the networking field lack.
TrafficXactor.com – Traffic Exchange Desktop Software
Re:<< Setup an additional NIC in your ISA server, which you can use to simulate the outside world. Plug it into a hub, put another machine on the hub as well. Voila, an external attack machine. >>
OK idiot mode for me. Right now I have a 16 port hub coming off a 5 port switch. I have an extra NIC to put in the ISA server. Can both NICS (interneal & External) and the "attack machine be connected to the same hub? Right now my setup is using the 192.168.0.xxx range. Would I set up the "attack machine in this range?
Persuasive Speakers Kit
Re:Setup an additional NIC in your ISA server, which you can use to simulate the outside world. Plug it into a hub, put another machine on the hub as well. Voila, an external attack machine.
The Timeshare Exchange Bible – Interval International Edition
Re:<< If you are looking to test intrusions and attacks, you'll need at least one machine "outside" your network to simulate external attacks.
You're probably covered on the internal stuff pretty well. >>
Exactly, basically what I am wanting to do is learn how hackers get into systems, what tools or methods they use and what to really look for when locking down systems or more importantly servers. On the issue of needing to be outside my network how,if I can, do this without having to dial into my machines. From what I understand I would have to set one of them up as a RAS server or such.
The Timeshare Exchange Bible – Rci Weeks Edition
Re:If you are looking to test intrusions and attacks, you'll need at least one machine "outside" your network to simulate external attacks.
You're probably covered on the internal stuff pretty well.
Also, and don't take this personally…learning "security" using only M$ products is probably short-sighted at best, laughable at worst. Their products are not considered "secure" in any way, shape or form by anyone in the network security field.
Re:Sorry small glitch and my post didn't post
Re:What are you looking to test?
0 Comments.