Sunday, December 27, 2009

The SynJunkie Lab - Part 2

This is just a very quick followup post to get a couple of diagrams posted following a few of requests after my last blog post.

I'll start off by saying that the network details I'm posting are for a test lab that I am currently preparing for some future blob posts. I'm not overly concerned about posting these details as they are for my lab which will be pretty much trashed when I've finished a few blog posts I have planned. The network is segmented off from my own network so anything I let loose on the Walliford LAN is not going to impact my wifes Facebook usage! (Got to get the priorities straight).

The image below shows the 2 laptops and a netbook I have and how I use them in respects to the lab.

I usaually just fire up a DC and whichever hosts are needed depending on what I'm testing. This just goes to show that if your not doing anything to heavy on the VM's you really can create a lab on a shoestring budget.

Below is the diagram of the Walliford LAN as it would look if it were a real network. Obviously there would be additional hosts and other network devices but what I have created is enough for me to test most of the functionality of my tools, and the range of host I have (Mail, SQL, Web etc...) is enough to keep me busy for a while yet.

This is the LAN which Bob will be playing with in the next series of Bob posts which I plan for the new year.

As you can see, I'm no diagramming expert but what I have is good enough to help me step through the network as i'm planning my posts. I'll probably tweak and adjust the diagrams as needed but for now they'll do.

Anyway, thats about it for this post. As I said it was just about getting the diagrams out.



Monday, December 21, 2009

The SynJunkie Lab - Part 1

I've been asked a couple of times recently how I have my lab set up, in this post I'll provide a brief overview.

Just quickly I want to say that if you have the time and resources to create a lab I thoroughly recommend doing so. I use my lab for testing configurations that I wouldn't want to try on a production network, applying policies and testing the effects on servers and clients and learning new software. Primarily I like to use the my lab for learning and using security tools in an environment that will allow me to have a complete view of the effects of the tools from both an attackers and defenders perspective where they won't damage anyone's network.

Setting up a lab is a really useful learning exercise in itself. For example, I haven't had the opportunity to use virtualisation in the workplace yet but because of my lab I have experience using VMWare, Xen, Parallels and Virtualbox.

One tip I would give to anyone setting up a lab is this, approach the project as if you were designing a real network. Plan it, document it and maintain it. A few years ago I heard an interview with Mike Poor, one of the tips he gave was to know your network. In real life that might not be possible, you might be working the helpdesk or in IT Support and not have access to servers and switches, But in your lab you can be in control of every area of the network, the servers, the network, the clients. You really are God, so use those god-like powers to know your network inside out. Use the functionality offered in the virtualisation tools, if you are going to make a major change or you are going to perform a particular attack, back up the necessary hosts firsts or take snapshots so you can roll back, just like you would on a real network. There's nothing worse than having to rebuild servers of your network just because you didn't take 5 minutes to do a snapshot first.

Finally, give thought to segmentig your lab from the rest of your network, realising you have DOS'd you wife as you refine your ARP poisoning attack is not a good thing!

With that said, here's a few details of my lab. The physical hardware I have is as follows:

1 x Dell laptop
1 x MacBook
1 x Acer netbook
2 x wireless routers
1 x Cisco 2950 switch
1 x Cisco 800 series router

I use a combination of Parallels, Xen and Dynamips to virtualise about 5 servers, some workstations and as many routers as I need. The Dell laptop is a pretty beefy laptop that I used as my primary PC before I got the Mac. I wiped off the OS which was Vista and installed the free Xen Server hypervisor. This allows me to use all the memory for servers and PC's as the hypervisor runs on next to nothing. These are the primary servers and workstations that I attack in my lab.

On my mac I have another DC, a member server and a few VM clients. Having the DC allows me to perform some tests if I'm away from home and I don't have access to the xen server.

The Switches and routers are from a bin (yes people really do just throw out perfectly good hardware) and from ebay.

For OS's for the VM's I'll either use the 180 day eval versions or whatever else I can find, there are plenty of Linux distros about that can be downloaded. Or if you are limited on bandwidth Go down to the newsagents and grab a linux magazine, there are always Cover CD's which have distributions included.

Building a lab can be done for very little cost. With Virtualbox for virtualisation, eval versions of OS's available from Microsoft and more free Linux distros than you can shake a big stick at there's really no excuse. I guess the only outlay is going to be hardware and at the moment hardware is pretty cheap. One thing I do to make the most of my hardware is after building a host, I get it up and running and then look at the resources (memory and CPU) it's using. Then I tweak the resources available to the VM down as much as I possibly can. This allows me to get more VM's up and running on my Xen laptop at the same time. However, if the role of the VM changes make sure you review the resources so it has enough power to do it's new job. And once again, document the lab so if you don't get chance to use it for a while you can easily review your network diagrams and pick up where you left off. Kivio is a free network diagramming tool for the Linux platform. If your a Windows only type of guy then give a try, you need to register but after that you'll have access to pretty snazzy network planning tools.

I hope this has been useful to someone.

All the best


Friday, December 11, 2009

The Obligatory "I'm Not Dead" Post

There comes a time in a bloggers life that he or she has to post the "I'm not dead" entry. I'm not sure why and I'm not sure if anyone cares but I guess it's just good manners. So here it is.

I'm not dead but I am currently updating my lab with a SAN/NAS, SQL server, routers & switches and an Exchange Server for yet more Bob fun, well fun for me anyway. I hope to have the lab ready to continue and some fresh ideas for the next round of Bob posts in the new year. I'll be picking up where I left off, with Bob having planted his backdoors and now preparing to make himself at home on the Walliford network.

All the best for the holiday season.