EC2 or Bust – How to Build Your Own Pen Testing Lab in Amazon EC2 at BSidesLV on July 31, 2013
•
1 j'aime•2,480 vues
These were the slides used in in my presentation at BSidesLV on July 31, 2013. Interested in building your own pen test training lab but lack the hardware or software to roll your own? One option is to go the way that most companies are doing these days and build your own “infrastructure” in the cloud. Not only do you get the cloud benefits of only paying what you use and the ability to expand when needed but you also get a range of licensed victim servers to choose from. This talk covers the basics of Amazon’s EC2 cloud infrastructure (e.g., EC2, VPC, basic network and routing, Elastic IPs, Security Groups, VPNs, and Snapshots) and step-by-step instructions on configuring this infrastrucutre to build your own isolated test network complete with licensed victim servers or customized AMIs.
Recommandé
Contenu connexe
En vedette
En vedette (13)
Plus de grecsl
Plus de grecsl (7)
Dernier
Dernier (20)
EC2 or Bust – How to Build Your Own Pen Testing Lab in Amazon EC2 at BSidesLV on July 31, 2013
- 1. EC2 or Bust July 31, 2013 How to Build Your Pwn Pen Testing Lab in Amazon EC2 @grecs NoVA Infosec
- 13. Infosec COTS NoVA Infosec https://www.novainfosec.com
- 18. Thanks Tweet/Post: Thanks … for sponsoring @grecs & @novainfosec... @MiltonSecurity @BulbSecurity @PenTestTraining
- 20. Agenda • Introduction • Pros/Cons • Amazon Services • Setup • Conclusion NoVA Infosec https://www.novainfosec.com
- 21. Introduction • Goals o Enclosed Lab to Play On o Accessible from Anywhere o Only Pay for What You Use Payment Plan vs. Buying Outright Like Car Payment But Only Pay for When Your Drive Easier to Swallow vs. Fronting Costs o Learn Cloud Great Skill to Have Under Belt NoVA Infosec https://www.novainfosec.com
- 22. Introduction • Alternatives o Setting Up Own Machine at Home $500-$700: New Low-End Dell Server $100 - $200: Whitebox & Lots of Elbow Grease o Few VMs on Personal Machine Want Something Little Heavier Avoid Carrying Around Big Honking Laptop • Use Cases o Teaching Yourself / Learning on Own o Testing New Security Tools o Throwing Up Ad-Hoc Lab for Classes, Webinars, etc. NoVA Infosec https://www.novainfosec.com
- 23. Pros/Cons • Pros o No Space Required: Appeasing Significant Other o Upfront Cost Only Pay for What You Use No Sunk Cost If Lose Interest No Worry for Electrical Costs o Availability Accessible Anywhere Anytime Just Need Internet Connection & VPN Client o Flexible Machines Easily Add/Augment/Remove Machines based on Standard/Customized/Created AMIs NoVA Infosec https://www.novainfosec.com
- 24. Pros/Cons • Pros o Real-World Networking Experience Requires Setup of Basic LAN Subnets, Routing Tables, and Network ACLs o Access to Licensed Software Access to Range of Licensed OSs/Software with No Trial/Timeout Periods Especially Important Since Demise of TechNet o Home/Business Connectivity No Dependencies on Home Broadband for Remote Access NoVA Infosec https://www.novainfosec.com
- 25. Pros/Cons • Cons o No Amazon-Provided Desktop AMIs Easily Create Own but They Seem Resistive (caught?) 3rd Party Services Hosted on EC2 (put in VPC?) o Cost Depends on Use/Machine Types/Length of Use • Stay Away from Anything SQL Server Related • Ok If Careful Though o Network Connectivity Problems Kills Productivity NoVA Infosec https://www.novainfosec.com
- 26. Amazon Services • Cloud Definition o NIST • Amazon o IaaS o Running VMs on their Hardware o Two Types Standard EC2 Instances EC2 Instances Running within VPCs Reference: http://blog.thehigheredcio.com/2011/02/23/cloud-definition-model/
- 27. Amazon Services Amazon EC2 VPC Security Groups Network ACLs Routing Tables Subnet OS DNS DHCP VPN Subnet OSOSOS OS EIP DNS DHCP ... GWSecurity Groups EIP Dyn OS OSOS OSOS EC2 Standalone Instances Running on Amazon’s Cloud VPC EC2 but in Private LAN with Additional Controls EIP
- 28. Amazon Services EC2 • Pros o Simple & Cheap • Cons o Dynamic Public IPs o Lack Infrastructure Excellent for One-Off Standalone Testing VPC • Pros o Private Static IPs o LAN Infrastructure • Cons o Setup Difficulty Only Solution to Build True Lab NoVA Infosec https://www.novainfosec.com
- 30. Setup
- 31. Setup
- 32. Setup
- 33. Setup
- 34. Setup
- 35. Conclusion • Introduction • Pros/Cons • Amazon Services • Setup • Conclusion NoVA Infosec https://www.novainfosec.com
- 36. Questions? • Twitter @grecs • Website NovaInfosec.com • Contact http://bit.ly/nispcontact