The Goal:
To provide a robust yet portable (I picked up this lab from home and moved it to the school and back today and have every Saturday for the last 12 weeks) RootWars training solution for students of varying skill levels and security disciplines.
The Tools:
Linksys WRT150N - DD-WRT firmware - Allows participants to connect via WPA encrypted wireless for convenience. Syslog forwarding to Bastion host, also provides static DHCP addresses to laptops.
Clearwire modem – Portable Internet – Allows for relatively fast Internet access in a portable form factor.
Main computer – Quad Core Intel, 4GB RAM, 500GB HD, Opensolaris 2009.06, Virtualbox 3.1.6
The Island -Bastion host - running over sshd, centralized logging over syslog, Stratum 3 NTP time server, IRC server (with SSL enabled) with Eggdrop bot (persistent channels and ease of administration). Runs tcpdump full content data capture as a backup to the NSM VM.
Rootwars VMs – Redhat 9 Virtualbox appliances. Running rootsh.pl to keep track of all commands issued as root. Incident Handling included with 9 backdoors, 4 trojans and 2 rootkits. Syslog sent to Bastion host, NTP time synced with Bastion host.
Securix-NSM VM – Running sguild server with ntop, also provides full content data capture using tshark running in ring buffer mode.
Macbook Pro laptop – OSX 10.5.8 - Connected to projector, acting as operator of IRC channels via screen sessions, running sguil client and X11 forwarded wireshark session from NSM VM.
Dell D600 laptop – Back|Track 4 Final - Runs regular nmap and other scans against RW VMs to verify that required services are up and running. Acts as an NFS and SMB server for attached students to download files and utilities from.
Samsung N110 laptop – Windows XP SP3 - The Jack of all trades, authoring MS Word docs (Rules of Conduct, Survival Guide and Kickoff documents), moving files around via WinSCP, acting as an FTP server for Virtualbox images, pcap files and more.
The Time:
All in all this was a lot of work...to the sum of approximately 151 hours over 10 days from concept to project deployment. Not for the faint of heart but definitely worth it.
I hope this is helpful for anyone considering a similar endeavor.
May Your Skill Prevail.
To provide a robust yet portable (I picked up this lab from home and moved it to the school and back today and have every Saturday for the last 12 weeks) RootWars training solution for students of varying skill levels and security disciplines.
The Tools:
Linksys WRT150N - DD-WRT firmware - Allows participants to connect via WPA encrypted wireless for convenience. Syslog forwarding to Bastion host, also provides static DHCP addresses to laptops.
Clearwire modem – Portable Internet – Allows for relatively fast Internet access in a portable form factor.
Main computer – Quad Core Intel, 4GB RAM, 500GB HD, Opensolaris 2009.06, Virtualbox 3.1.6
The Island -Bastion host - running over sshd, centralized logging over syslog, Stratum 3 NTP time server, IRC server (with SSL enabled) with Eggdrop bot (persistent channels and ease of administration). Runs tcpdump full content data capture as a backup to the NSM VM.
Rootwars VMs – Redhat 9 Virtualbox appliances. Running rootsh.pl to keep track of all commands issued as root. Incident Handling included with 9 backdoors, 4 trojans and 2 rootkits. Syslog sent to Bastion host, NTP time synced with Bastion host.
Securix-NSM VM – Running sguild server with ntop, also provides full content data capture using tshark running in ring buffer mode.
Macbook Pro laptop – OSX 10.5.8 - Connected to projector, acting as operator of IRC channels via screen sessions, running sguil client and X11 forwarded wireshark session from NSM VM.
Dell D600 laptop – Back|Track 4 Final - Runs regular nmap and other scans against RW VMs to verify that required services are up and running. Acts as an NFS and SMB server for attached students to download files and utilities from.
Samsung N110 laptop – Windows XP SP3 - The Jack of all trades, authoring MS Word docs (Rules of Conduct, Survival Guide and Kickoff documents), moving files around via WinSCP, acting as an FTP server for Virtualbox images, pcap files and more.
The Time:
All in all this was a lot of work...to the sum of approximately 151 hours over 10 days from concept to project deployment. Not for the faint of heart but definitely worth it.
I hope this is helpful for anyone considering a similar endeavor.
May Your Skill Prevail.
No comments:
Post a Comment