Information Security and Network Awareness

Hurricane Labs

Subscribe to Hurricane Labs: eMailAlertsEmail Alerts
Get Hurricane Labs: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Related Topics: CEOs in Technology, Ubuntu Linux Journal, Cisco Virtualization Journal, Telecom Innovation, Haiti EarthQuake

Blog Feed Post

Build Your Own Hack Lab

Ethical hackers have to start learning their methods somewhere

No matter what facet of information security you're in, from being the CISO down to just installing security patches and keeping up to date, there will probably be a point where you need to see the details of a hack. Maybe it's because you need to fingerprint what it does or how it acts on your network. Maybe it's because you need to be able to reproduce it in a penetration test. Either way you look at it, sometimes you just need to test something out. Obviously, this could go one of a few ways. You could execute these hacks on your network. This could lead to potentially bad outcomes, especially if you break something. The next option is to try it out on someone else's network who doesn't know. (Read: ILLEGAL!). The last option, and also the one we use over here at Hurricane Labs, is a lab environment.

A lab environment is simply going to consist of a bunch of different types of machines and hardware that you can hack away at without any real repercussions. This could be as simple as having one server-level machine running multiple virtual machines, or as complex as a complete infrastructure setup. This obviously depends on your budget and on how serious you are. Starting with one decent machine and tossing a few Windows Server, client and Linux machines on it should leave you pretty much where you want to be. Install a penetration testing distribution on a laptop and you're ready to start your research. If you're a Windows fan and want to keep it entirely one platform, build a Windows laptop with the proper tools on it. As far as networking equipment goes, you could use a simple switch from an electronics store, or go all out and find a used Cisco device to put on the network. Note that the latter would also let you test other types of network hacks since Cisco is a widely used platform and often has vulnerabilities.

So what does this give us? Now that you're setup with all the proper platforms and your test environment is ready for hacking, you can begin. Not only can you begin, you can do anything you want to. Need to prove to the CEO that something is a big deal? Show him/her in a fake environment. Need to see if the latest Windows patch is going to destroy some vendor software? Fire it off in your lab. Want to see what a worm virus really does? You get the idea. Often here at Hurricane Labs, we test out the newest vulnerabilities and hack tools to see how they operate. More often than not, we learn something new or it gives us a different way of looking at testing.

This sort of hack lab can also be an entrance into the security field. Say you want to learn some techniques that could help you get a position in the security industry... why not get a start here? You can't go around hacking the Internet unless you enjoy the idea of prison. Ethical hackers have to start learning their methods somewhere.

You could always use it to learn and win the next Hurricane Labs Hack Challenge as well. :)

Read the original blog entry...

More Stories By Hurricane Labs

Christina O’Neill has been working in the information security field for 3 years. She is a board member for the Northern Ohio InfraGard Members Alliance and a committee member for the Information Security Summit, a conference held once a year for information security and physical security professionals.