RE: setting up security research lab

From: Irvin Temp (znah_irvin@yahoo.com)
Date: Tue Mar 09 2004 - 03:43:21 EST


VMWARE, Would definitely help in limiting the budget
for the hardware. Speaking of hardware, Solaris
machines and some routers/switches, wi-fi routers and
gadgets would be eating up a lot of money. What other
devices do you think would be useful in a security
lab?

> Software/Hardware: VMware will be your best friend
> when it comes to saving
> resources on software for OS systems. Applications
> will be a cost center as
> well as they will be expensive to obtain legally.
>

Im also thinking of old machines to run some linux
and BSDs. The lab would be some kind of a war room.
Their would be some ATTACK machines, DEFENSE machines,
and some TARGET MAGHCINES. The biggest challenge would
be to simulate a real world setup.

> Skills: Security centric individuals with security
> research and exploit
> testing background. Typically you will have
> individuals more specialized in
> Windows or Unix platforms and sometimes individuals
> with both.
TRUE. It would be nice to have the right personnel
skills on the team. I think they would make the most
substantial impact in determining the success or
failure mileage.

Constant training of personnel would be important to
increase their comfort level. OSSTMM, OWASP,CEH, and
what else? How to enhance your teams skills in doing
security research? what kind of training should they
take? It would be better to focus on developing the
right attitude(invetigation/forensic skills,problem
solving, analytical) than focusing on a particular
technique.

How to get the most realistic hacking/auditing
scenario
or environment for them to gain the appropriate
experience? the more realistic the test environment
the
better.

> Biggest challenge with setting up a lab is getting
> the appropriate resources
> (people) and having adequate os and apps for testing
> all versions that a
> vulnerability could apply to.

Finding the right projects for research and
development that would provide them a good feel of
security and hacking in general.

Agree. Learn things by doing.
> It would be more of a
> grow as you go scenario.

__________________________________
Do you Yahoo!?
Yahoo! Search - Find what you’re looking for faster
http://search.yahoo.com

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:50 EDT