These were the slides used in in my presentation at BSidesLV on July 31, 2013.
Interested in building your own pen test training lab but lack the hardware or software to roll your own? One option is to go the way that most companies are doing these days and build your own “infrastructure” in the cloud. Not only do you get the cloud benefits of only paying what you use and the ability to expand when needed but you also get a range of licensed victim servers to choose from. This talk covers the basics of Amazon’s EC2 cloud infrastructure (e.g., EC2, VPC, basic network and routing, Elastic IPs, Security Groups, VPNs, and Snapshots) and step-by-step instructions on configuring this infrastrucutre to build your own isolated test network complete with licensed victim servers or customized AMIs.
21. Introduction
• Goals
o Enclosed Lab to Play On
o Accessible from Anywhere
o Only Pay for What You Use
Payment Plan vs. Buying Outright
Like Car Payment But Only
Pay for When Your Drive
Easier to Swallow vs. Fronting Costs
o Learn Cloud
Great Skill to Have Under Belt
NoVA Infosec https://www.novainfosec.com
22. Introduction
• Alternatives
o Setting Up Own Machine at
Home
$500-$700: New Low-End Dell Server
$100 - $200: Whitebox & Lots of Elbow Grease
o Few VMs on Personal Machine
Want Something Little Heavier
Avoid Carrying Around Big Honking Laptop
• Use Cases
o Teaching Yourself / Learning on Own
o Testing New Security Tools
o Throwing Up Ad-Hoc Lab for Classes, Webinars, etc.
NoVA Infosec https://www.novainfosec.com
23. Pros/Cons
• Pros
o No Space Required: Appeasing
Significant Other
o Upfront Cost
Only Pay for What You Use
No Sunk Cost If Lose Interest
No Worry for Electrical Costs
o Availability
Accessible Anywhere Anytime
Just Need Internet Connection & VPN Client
o Flexible Machines
Easily Add/Augment/Remove Machines based on
Standard/Customized/Created AMIs
NoVA Infosec https://www.novainfosec.com
24. Pros/Cons
• Pros
o Real-World Networking Experience
Requires Setup of Basic LAN
Subnets, Routing Tables, and Network ACLs
o Access to Licensed Software
Access to Range of Licensed OSs/Software with No
Trial/Timeout Periods
Especially Important Since Demise of TechNet
o Home/Business Connectivity
No Dependencies on Home Broadband for Remote Access
NoVA Infosec https://www.novainfosec.com
25. Pros/Cons
• Cons
o No Amazon-Provided Desktop AMIs
Easily Create Own but They Seem Resistive (caught?)
3rd Party Services Hosted on EC2 (put in VPC?)
o Cost
Depends on Use/Machine Types/Length of Use
• Stay Away from Anything SQL Server Related
• Ok If Careful Though
o Network Connectivity Problems
Kills Productivity
NoVA Infosec https://www.novainfosec.com
26. Amazon Services
• Cloud Definition
o NIST
• Amazon
o IaaS
o Running VMs on their
Hardware
o Two Types
Standard EC2
Instances
EC2 Instances
Running within VPCs
Reference: http://blog.thehigheredcio.com/2011/02/23/cloud-definition-model/
27. Amazon Services
Amazon EC2
VPC
Security Groups
Network ACLs
Routing Tables
Subnet
OS
DNS DHCP VPN
Subnet
OSOSOS
OS
EIP
DNS DHCP ...
GWSecurity Groups
EIP Dyn
OS
OSOS OSOS
EC2
Standalone Instances
Running on Amazon’s
Cloud
VPC
EC2 but in Private LAN with
Additional Controls
EIP
28. Amazon Services
EC2
• Pros
o Simple & Cheap
• Cons
o Dynamic Public IPs
o Lack Infrastructure
Excellent for One-Off
Standalone Testing
VPC
• Pros
o Private Static IPs
o LAN Infrastructure
• Cons
o Setup Difficulty
Only Solution to Build
True Lab
NoVA Infosec https://www.novainfosec.com