DevOpsAdvanced Penetration Testing Course

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here

Tagged: ,

This topic contains 2 replies, has 2 voices, and was last updated by  MidGe 4 years, 9 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #24254

    MidGe
    Participant

    If this is not the best place to post this, please, moderator, move to the appropriate spot. Thanks.

    I am not sure about others but, for me, learning security in depth seems to require repeating certain tasks over and over again, especially when it comes to setup some secure testing lab.

    I run my testing labs on a six-core 16 Gb workstation running Linux (Debian) and it does this very comfortably. My test labs are essentially virtual networks each bridged via a virtual router to my real router. This VM router is a 256Kb VM running IpCOP, bridged to the host, and this router splits into DMZ, secure, TUN applied, or whatever zone configuration is required at the time for the virtual networks.

    The technologies I use to facilitate my tasks are vagrant, ansible, and now docker as well.

    I use vagrant to “construct” VMs in VirtualBox, Amazon Web Services, DigitalOcean and less often a few other providers. Vagrant orchestrate as well, that is with a single invocation of a single command it will set-up, start, suspend, stop, destroy an entire network of VMs located with multiple providers (ie. local and in the cloud).

    Within vagrant, which it can use as part of its setting up of a network, are the ansible playbooks which provision all the VMs including routers. These playbooks contain the steps to configure each VN (new users, access rules, installation of software, etc.) and these steps are, again, executed automatically following creation of the VMs or even at any other time if required.

    The net results is that at the push of a button ( a one line command) I can set-up and start a new complete and populated virtual network, or re-start one started earlier and suspended or stopped. I can wipe out a whole network and rebuild it fully provisioned in a matter of a couple of minutes.

    For a more lightweight version, I can even use vagrant and/or ansible again to setup virtual machines and network using the docker technology.

    This approach is most useful in scenarios like, setting up honeypots, malware labs, networking study environments for pentesting, etc.. In fact I use VMs now for my daily tasks as well keeping them segregated.

    References:

    http://www.ansible.com/home
    https://www.vagrantup.com/
    https://www.docker.com/

    • This topic was modified 4 years, 10 months ago by  MidGe. Reason: spelling
    #25730

    Digit Oktavianto
    Participant

    It’s a great stuff. Thanks for sharing ur experience mate. Dou mind to share some topology for ur testing labs?

    #25792

    MidGe
    Participant

    I run a 16Gb workstation and over the last few years I have migrated and thereby partition most of my work to VMs. For instance I have one VM that I use for my personal accounts and banking, another to run tails, etc. Most projects I start, even if they are only exploratory, in a new VM.

    As far as security lab is concerned, there is not a single topology I use. Using DevOps, the cost of spinning a entire new set of VMs is minimal both in time and resources. However, underlying it all is a basic common topology. I use a new named internal network (not the default ‘intnet’ of VirtualBox), for instance “seclab1” and I spin a IPCop firewall router bridged to my host interface on the one hand and connected via two other interfaces to ‘seclab1’ and another internal network that I call ‘seclab1dmz’ for a DMZ zone. I usually populate the ‘seclab1’ network with an OSSIM server as a watcher 🙂 and then I add any other VM that I am investigating or playing with.

    OSSIM is probably an overkill but even my host OS reports into it as a client. So the OSSIM VM is mostly up in my setup, but, advantageously, it is part of my overall security not merely the virtual networks security.

    I choose IPCop because it is very simple and runs in a 256K VM comfortably. But I have used others in the past.

    I pinhole the firewall as required between seclab ad seclabdmz and use port forward from my external router to the internal virtual router (IPCop) and from there in turn to the VM under investigation if a public interface is required (ie for honeypots). I then simply point the interface of my Kali VM to ‘seclab1’ and I am all setup.

    Anything go wrong, a virus is loose :), a VM is compromised I simply bring the whole network, or compromised sub-net down and build a new one. And in less than 5 minutes I have it up and running as a brand new complete network.

    My combination of using both vagrant and ansible means that the entire setup is orchestrated essentially by a script and there is no intervention required between pushing the start button and having the entire network up and actually running all required tasks as well.

    I hope this rambling helps. 🙂

    I wish there was a way of showing a network diagram, but I hope my description is sufficient.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel