Today’s constantly changing cyber security landscape means that keeping your network secure is more essential than ever. A key part of this is penetration testing. You might think that this is a specialist area that needs to be left to the experts, but in fact, you can set up your own network penetration testing lab in house.
Not only is this a good way of securing your systems but it also helps to improve your configuration and security skills so that you are less likely to leave attack routes open in future. Carrying out penetration testing in a lab environment is also much safer, as some of the tools used can cause problems if applied to a live network. Your own lab is also a good way of experimenting with the latest testing tools and techniques.
Physical versus virtual
In the past, you would have needed a physical server as the core of your testing setup. Today, however, you can do it in a fully virtualised environment. You can combine the two, with a single virtual machine offering a number of virtual environments, or you can go for a completely cloud-based solution.
You need to be aware, however, that virtual machines don’t always precisely replicate the characteristics of physical ones, so certain techniques may not yield the same results. Even so, to get started, a virtual environment is probably best. If you need to increase the realism of your tests later, you can look at using old hardware, either surplus within the organisation or purchased second-hand.
The principal advantage of virtual machines in the cloud is scalability. You can easily add capacity as you need it. Infrastructure as a Service (IaaS) allows you to replicate all kinds of network scenarios without the need for expensive hardware. Virtual machines can be used to host a range of different environments, including Windows and Linux.
Inside the lab
Having decided on the environment you are going to use, what does your lab actually contain? At its simplest, all you need is the computer to be tested and the one that is going to carry out the testing. As your needs evolve, the number of machines may increase.
If you are just beginning, it’s best to start simple and build up to something more complex. The key thing is to replicate the target system as closely as possible. For newbie testers, it’s important to understand what it is that makes a system vulnerable. Fortunately, the internet is your friend here and there are a number of places where you can download applications and virtual machines that are pre-configured to be vulnerable. This is a good way of getting started and learning how your testing tools work.
As your skills improve, you’ll want to start adding complexity to your test setup. This means increasing the number of targets, adding machines running different operating systems and different software. This ensures that you gain experience as to how mixed networks look from an attacker’s point of view. You can also expand the potential attack surface by adding services such as FTP, databases, email and so on.
On the machine that’s carrying out the testing, you really need to be able to run both Windows and Linux as there are different tools available for each OS and their capabilities differ. Once again, there are pre-configured testing tools that you can download to help you get started. Alternatively, you can build your own toolkit. There are a number of things you need for this, a set of basic network utilities including FTP and Telnet is essential. You’ll need some packet capture software, a port scanner, and a vulnerability scanner. You may also want to look at getting a password cracker as well as a scripting tool.
It isn’t hard to get started, setting up a testing lab with just a couple of virtual machines and some pre-configured image downloads. You can then add complexity and sophistication as your skills develop.