Requirement for creating a Penetration Testing Lab

9
REQUIREMENTS FOR CREATING A PENETRATION TESTING LAB Contributed By: Syed Ubaid Ali Jafri Virtual Security 1

Transcript of Requirement for creating a Penetration Testing Lab

Page 1: Requirement for creating a Penetration Testing Lab

REQUIREMENTS FOR CREATING A PENETRATION TESTING LAB

Contributed By: Syed Ubaid Ali Jafri

Virtual Security 1

Page 2: Requirement for creating a Penetration Testing Lab

Virtual Security 2

Page 3: Requirement for creating a Penetration Testing Lab

ContentsREQUIREMENTS FOR CREATING A PENETRATION TESTING LAB.................................................................1

Introduction....................................................................................................................................................4

Hardware Requirements?...............................................................................................................................4

Software Requirements?................................................................................................................................4

Operating System Requirements?..................................................................................................................5

Network Diagram............................................................................................................................................6

Internet Connectivity Requirements:..............................................................................................................6

Pre- Requisites For a LAB:...............................................................................................................................6

Specialized Software Requirements for Vulnerability Assessment & Penetration Testing.............................7

Virtual Security 3

Page 4: Requirement for creating a Penetration Testing Lab

Introduction

This document has been prepared in order to develop a good Penetration Testing and Vulnerability Assessment Lab. The document contains Hardware requirements, our manual & automated Software requirements, approaches for Performing Penetration testing.

Further, this document is design to make a Penetration test LAB in order to simulate the vulnerabilities in the testing environment and to execute the vulnerability assessment & penetration testing from the LAB by providing the Static IP to the Client, ensuring that the test is being performed from a valid/legitimate link.

The tools that are mentioned in this document are the proprietary of different vendors that are commercial and open source and our motive is not to advertise the software quality of a vendor, instead to providing the qualities of software we will share our good experience of different solutions, and also build custom script and tools for the specific tasks for example (Brute force attack, Dos Attack, Exploits etc).

Hardware Requirements?The Minimum requirements for creating a Penetration Testing Lab are stated below:

1. Minimum 5th Generation Server(s) with Quad Processor Technology.2. Minimum 16 GB of RAM.3. Minimum 500GB Hard Drive.4. 3 LAN Ports Initially required.5. 1 Switch of layer 2 Manageable is required.6. 1 Wi-Fi router is required for remote connectivity with the Server(s).7. 1 Router (2800, 2811) Cisco.8. 2 Firewalls are required for Securing the LAB Infrastructure.9. 3 LED based Monitors are required.10. 1 Rack at least 20U is required.11. 10 - 15 Bootable USB sticks are required12. Windows / Linux Operating System.

Software Requirements?List of Minimum Customized Software requirements that are required on Windows based Operating System:

1. Mozilla Firefox with minimum add-ons (Hack bar, Cookie Stealer, Temper Data, Request Header Modifier).2. Java for windows.3. Virtual Machine (VMware Pro, Oracle Virtual Box).4. Microsoft .Net Framework 4.5. 5. Winrar.6. Visual Studio version 2010.

Virtual Security 4

Page 5: Requirement for creating a Penetration Testing Lab

7. Sys Internal Suite 8. Adobe Acrobat Reader.9. Microsoft Office 2010.

Operating System Requirements?List of Operating Systems that are required on Bootable USB Sticks

1. Kali Linux Version 2.0.2. DEFT (Digital Evidence Forensics Toolkit).3. Backtrack 5 R3.4. Windows 7 Bootable USB5. Wifi Slax6. Kali Linux Version 1.0.6

Virtual Security 5

Page 6: Requirement for creating a Penetration Testing Lab

Network Diagram

Internet Connectivity Requirements:The Connectivity for the internet requires:

1. Static (Dedicated IP Address) from the service provider

2. Minimum 8-10 MB Internet connection Pipe is required.

Pre- Requisites For a LAB:1. Lab resource must have minimum 2 years of Networking/Information Security background I.T related organization.

2. Professional Hands on Command on Windows and Linux Based Operating systems

3. Basic programming on C, C++, VB is required,.

4. Lab resource must have good knowledge about Routing, Switching, Network /System Administration.

Note: The Requirements are initially mark up to reach the initial level but are not limited to the above, it may changed depends on subject matter.

Virtual Security 6

Page 7: Requirement for creating a Penetration Testing Lab

Specialized Software Requirements for Vulnerability Assessment & Penetration Testing

Virtual Security 7

Page 8: Requirement for creating a Penetration Testing Lab

Note: This document is a initial level document for designing and performing a vulnerability Assessment & penetration testing LAB, other requirements of penetration testing could vary upon organizational requirements.

Virtual Security 8

Source Code ReviewApp Scan Source by IBM (Commercial)VisualCode Grapper(Open Source)OWASP LAPSE + (Open Source)