4

My university is keen to build a security training simulation environment/platform and it will be a good learning experience for students. I Googled around to find out how it is built, but I only ended up with recommendations for a VirtualBox or VMWare lab environment been built using pwnOS, Metasploitable, etc...

What I'm looking for is to build an environment with a couple of vulnerable systems and network setup such that that students won't cross/interfere each other's work. For instance, the system could create a private simulation for each student to practice their class labs, I think some refer this as 'sandboxing'.

We are looking for something similar to Offensive Security training simulation or Hera Labs, another example is XNET from CERT, they have a very interesting training simulation for Forensics.

If you could give us some direction on how the system is actually built and if there any open source application that we could use to build the system, otherwise an organization who can build it for us (keep in mind this is university budget) we would really appreciate your kind input.

We are aware that Offensive Security offers this service but I need to get quotes from different vendors before can I proceed (at the end I prefer to build the system and might as well give it as project for the security lab students)

We are also aware it may require a couple of servers and OSs to build it, and we do have unused hardware.

Thank you and Happy New Year

schroeder
  • 123,438
  • 55
  • 284
  • 319
Ken Adams
  • 61
  • 1
  • 3
  • Have you considered asking Offensive Security or eLearnSecurity to ask how they set up their environments? – schroeder Jan 03 '13 at 18:13
  • of course I did consider but I thought of fishing the fish, instead of getting it in silver plate :-). interestingly, after reading your post below, I visited elearnsecurity and they are using Microsoft cloud for their lab. – Ken Adams Jan 04 '13 at 04:39

5 Answers5

4

Start with a network diagram based on how a corporate network would look like. For example the DMZ is going to contain the webservers and mailservers. Then there will be firewalls to protect the userland from the DMZ, also you are going to have domian controllers, database servers which are going to be part of a secure network. Hope you get an idea on what am trying to descibe. You can find a sample network diagram here on a for a pentest lab. You need not follow the same thing, but use it to design your own.

As for actually building the lab I would suggest using vSphere server which allows you to virtualize the operating systems and build a network. Check this blog on setting up a virtual environment.

Check out the following resources to help you in setting up a lab

http://ist.bk.psu.edu/cvclab/wp-content/uploads/2011/12/BuildingLab1.pdf

http://www.irongeek.com/i.php?page=videos/pen-testing-practice-in-a-box-how-to-assemble-a-virtual-network

http://www.jasonjfrank.com/wp-content/uploads/2012/10/Building-your-Own-Penetration-Testing-Lab-on-the.pptm

teufel
  • 86
  • 1
  • GiT has a great lab, I remember reading a lot of articles on it when it came out: Here is a whitepaper on it (unknown date, sorry. Also, PDF Warning): http://www.csc.gatech.edu/~copeland/6612/netseclab/Design%20of%20NetSecLab.pdf http://www.csc.gatech.edu/netseclab.html Description of lab and their methodology for grading – g3k Jan 03 '13 at 17:06
  • If you are planning to go with vSphere and build the machine from scratch check the hardware compatability guide before you start. – teufel Jan 04 '13 at 12:27
3

This presentation at OWASP AppSec USA 2012 is about a collaborative university program that teaches practical security. It is based on OWASP Hackademic Challenges Project. He starts talking about the pentesting lab at 06:30.

Books about building you own lab:

Cristian Dobre
  • 9,797
  • 1
  • 30
  • 50
  • Thanks Cristian, I think we can use the hackademic project for web pentest lab since it only require a server and LAMP or WAMP. if you have more information regarding what we are looking for that will be great. – Ken Adams Jan 04 '13 at 04:27
3

You need to be looking in the direction of vSphere and ESXi, Hyper-V, or the AWS. You are creating a cloud environment that can spawn new pre-configured networks and hosts. The licensing costs can be high but it will accomplish what you want.

Alternatively, you could make VirtualBox and pre-made VMs available to students along with virtual network settings. That way they could work on the labs at home.

EDIT:

My source at VMWare suggests that vCloud is the preferred approach, because it allows for the segregation you need to isolate student environments (isolated vlans, etc.). Other than that, a VPS (like EC2) can provide what you need cheaply.

Either solution can be scripted for automated management.

EDIT2:

Found this open source virtualization option that allows for complex VLAN networking: ProxMox

schroeder
  • 123,438
  • 55
  • 284
  • 319
  • The cloud service you mentioned is an interesting option that we might look into. Thank you and if there is more information from your source, do share. Thanks – Ken Adams Jan 04 '13 at 04:13
  • A hosted service like Amazon would likely not serve your needs. When we looked into setting this same type of environment with them for use by our students, they informed us that the type of activities students would have to perform against the amazon network (portscans, network exploits, etc.) would violate their terms of service and they would probably have to shut us down. Keep that in mind as you make a selection. You may have to build something in house. – queso Jan 05 '13 at 03:45
  • Thanks for the heads up queso, most probably some organization would agree and some won't. we would appreciate if you can share with us how did your institution setup the environment? – Ken Adams Jan 06 '13 at 10:51
2

I would also recommend hackthissite.org. They have a large selection of free demonstrators that vary in complexity.

AJ Henderson
  • 41,816
  • 5
  • 63
  • 110
  • I am familiar with that site and its actually very good but we want to have control of the environment to add or edit the labs. Thanks, if you found more information for what we are looking for do share. – Ken Adams Jan 04 '13 at 04:31
  • @KenAdams - the trick then is that you have to emulate a hack as opposed to actually doing it. You could give each student their own instance, but assuming you want to be able to grade it, you need a way to report success or failure of the attempts. A simple thing that one of my professors in college did was a binary bomb application that had various techniques for protecting a program and the goal of the students was to get the password out of it. Incorrect attempts would trigger a notification to the teacher unless you intercepted the instructions and broke out of them. – AJ Henderson Jan 04 '13 at 06:14
  • Not really sure exactly how they went about making it though. – AJ Henderson Jan 04 '13 at 06:16
  • Good point AJ, I agree it is a very important key to record or log the success of the student he/she pass a certain challenge. It would be very useful for practical quiz or challenge between students. – Ken Adams Jan 04 '13 at 07:19
2

SANS also provide a paid-for service similar to what you're talking about called Netwars - the site is here https://www.sans.org/cyber-ranges/netwars

monkeymagic
  • 101
  • 4
  • I have gone across NetWARS before but I was not sure, whether it function according to what we want. Thanks – Ken Adams Jan 04 '13 at 06:52