Penetration testing is becoming an increasingly sought-after skill. Greater security awareness, high-profile hacks of major organisations and, above all, growing compliance requirements all mean that more firms than ever are performing security audits. So it’s a skill worth acquiring.
And even if you have no ambition to become a fully fledged pen-tester, security auditing abilities are valuable in many areas, from software development to network management. If you work in IT, you owe it to yourself – and everyone else – to improve your security skills and awareness.
It can be a long haul to the point where you have the expertise to call yourself a real penetration tester or ethical hacker. Many in the business believe that a few years of apprenticeship are needed, regardless of whatever qualifications you may have, before you can be safely let out on your own.
But you have to start somewhere – and it could be with this book. It’s a slim volume, so it’s wise not to expect too much from it, although it does also have the attraction of being very inexpensive. By the time you reach the end … well, you won’t be a penetration tester. It’s not a how-to of security auditing techniques. Indeed, it doesn’t tell you how to hack anything, but is, instead, about setting up an environment in which you can learn.
As you can guess from the title, the focus here is on creating a ‘lab’. This is a place where you can try out pen-testing techniques (or hacking, take your pick) without getting into trouble. Employers, customers and, naturally, complete strangers tend to take exception when you start using their networks to try out a few Metasploit modules or hone your ARP cache poisoning technique. A lab setup – even the very modest kind described here – allows you to make mistakes without upsetting anyone, or breaking the law. For once, the phrase ‘don’t try this at home’ doesn’t apply.
The requirements, in terms of kit, aren’t that onerous, although laying your hands on Windows XP, 7, Server 2003 and Server 2008 Virtual Machine (VM) images might involve either some expense or a bit of unwise torrenting.
Vyacheslav Fadyushin makes a few references to legal issues – not only when trying out software and techniques, but also in terms of obtaining permissions from clients. The latter is a little premature for a book of this kind: if you’re at this level, you shouldn’t yet be contemplating taking on customers. Nevertheless, it doesn’t hurt to drive home the sensitive and delicate nature of this work.
The first quarter of the book is really setting the scene, explaining what pen-testing is all about and why people do it. Then we get into the meat of the matter with an overview of the skills you’ll want to develop and how the lab fits into this. Fadyushin suggests that, to cover everything, you’ll really want three labs, covering network security, web applications and wifi. All of them, though, have the same basic requirements in terms of planning: you’ll need to work out what kinds of tests you’re going to run, how much and what type of kit you’re going to need and how it all fits together – which is to say, the network topology.
All of that is going to be tricky for the beginner, at whom this book is mostly aimed, so the author takes you through some examples. In truth, though, I think this is going to be an iterative process for many people who are just getting going. You’ll make guesses, based on the book’s guidelines, and then find out where you were wrong, and all the things you didn’t know about, once you start testing. Then it’s back to the planning stage to refine your ideas. That process of discovering by error is very useful: where this book helps is in giving you a place to start and an overall framework.
In his example list of requirements, Fadyushin details the components according to importance – for example, he shows a Windows server as being essential, a Linux server as important and a FreeBSD server as ‘additional’ (and another 15 components rated according to these terms). Your mileage is likely to vary on this score, but it does at least give you an idea of what you’ll be getting into. You’re not going to create a useful ‘lab’ with nothing but a couple of pensioned-off XP desktops and a cast-off router. Fadyushin does, at least, give you a useful break-down as to why you need each component – what skills it will help you practice.
There’s a quite detailed section on how you go about actually setting up and configuring all this kit, based on the assumption that most of the ‘machines’ involved will, in fact, be VMs. Particular attention is paid to the network configuration, which includes making sure your test setup isn’t accessible from the Internet – you don’t want someone else rooting your system!
These setup sections are classified variously as ‘must know’, such as the configuration of the core lab equipment and software, and ‘should know’ – for example, installing Damn Vulnerable Web App (DVWA) for web application testing. The wifi lab comes under the heading ‘become an expert’, which is overstating things somewhat. But at least this gives you a chance to prioritise and to get some sense of progress as you work your way through. Fadyushin also includes a brief review of some online labs you can use, if you haven’t the time, resources or inclination to set up your own.
So, what happens once the lab is up and running? You’ll have to look elsewhere for that. This book doesn’t get into the subject of how you use the lab. It’s purely about creating an environment in which to practice and experiment.
So how useful is it? As someone who is entirely self-taught, I’d have to say that there’s nothing more frustrating than reading about a technique and not being able to (legally) try it for yourself. You don’t really get a full understanding of what it’s like to open up a reverse shell or make a database spill its secrets with SQL injection until it happens on the screen in front of you. So, at this price, I’d say this is one potential route to having that experience.
- Instant Penetration Testing: Setting Up a Test Lab How-to at Packt Publishing
- Buy on Amazon.com
- Buy on Amazon.co.uk