Penetration Testing: RE: Suggested lab materials/systems/setup?

["Nathan Einwechter" <nathan () ontologystream com>]

I use vmware A LOT for vulnerability and defense research. Other than
that - my lab changes from week-to-week depending on what I'm
researching or testing out. The only constants, really, are my main
firewall to the real world (whatever that is), and my network tap and
monitoring/analysis station. The monitoring/analysis station is just an
OpenBSD system connected to the tap with packet sniffers,
network/software analysis tools, and forensic utilities.

-- Nathan

-----Original Message-----
From: Erin Carroll [mailto:amoeba () amoebazone com] 
Sent: July 10, 2005 6:43 PM
To: pen-test () securityfocus com
Subject: Suggested lab materials/systems/setup?

All,

I'm in the process of setting up a pen-test lab environment of several
servers running various OS flavors (both Windows & BSD/*nix) along with
a
netscreen-10 firewall and cisco 3825 to use as the lab router. What do
other
list members use for their lab environments and what suggestions/issues
have
you encountered? I'm just using equipment I have laying around but would
be
interested in hearing about other lab setups to get some ideas (or
excuses
to go shopping) on what else I can utilize for pen-testing practice.

I'm definitely going to set up an imaging server (jumpstart & Altiris)
to
make changing things around less painful but I've also considered Vmware
on
the hosts. Basically I'm curious as to what you all use to practice
pen-testing to keep the skills sharp when not "on the job".

Thanks!
--
Erin Carroll
"Do Not Taunt Happy-Fun Ball"