With hyper-threading enabled, it provides eight usable logical processors in ESXi. Intel Xeon X3450 2.67GHz. This CPU is a quad core. This was the most important factor - building the system with proven hardware components and avoiding any incompatibilities. The parts I chose are widely in use and generally accepted to be compatible with ESXi. The hardware I chose was one generation behind when I purchased it last November. Here is a screenshot of the ESXi Summary page in Virtual Center:Ī complete list of the hardware I used for the ESXi server is listed below.
I can use the ALFA USB card attached to my laptop or I can connect the ALFA attached to the ESXi box to any virtual host and attack the wireless network from a VM. The ASA is configured to allow inbound traffic on a variety of ports (TCP 21,22,110,1433,3389) to the DMZ from the internet.įor wireless hacking research and practice, I added a WRT54G Linksys wireless router configured as an access point with default Linksys firmware. I can now connect any virtual machine to the DMZ switch and with a few clicks can place it in the DMZ honeynet network. The network currently has one host running a honeypot. I connected this interface to one of the ethernet interfaces in ESXi and assigned it to a virtual switch. This enables me to assign a physical port on the firewall as a DMZ interface. The internet firewall for my home network is a Cisco ASA 5505 with an enterprise security license.
#Security onion iso usb how to#
Attacking and exploiting hosts like this is a great way to keep your offensive skills sharpened while deepening your understanding of how to defend.
#Security onion iso usb windows#
The malnet02 network, for example, contains a poorly configured and largely unpatched Windows 2003 AD domain controller that is running several vulnerable services. I am also creating my own set of vulnerable virtual hosts and services which are designed to be exploited in interesting and clever ways. The malnet networks are populated with some of the deliberately vulnerable OS images available on the internet, such as metasploitable and Kioptix. ESXi virtual interfaces and switches make it easy to assign IDS monitoring interfaces to any of the virtual networks on the fly. Security Onion combines open source security packages Snort and OSSEC with the security management consoles squil, Snorby and SQuert to make one great security monitoring Linux distro. I use the excellent open source IDS package, Security Onion, as the lab's core IDS. The front-end Endian firewall that separates the virtual and physical networks is configured to avoid any contamination from the vulnerable/exploited/infected hosts on the malnet networks.Įach of the malnet networks and the DMZ honeynet are monitored by Snort intrusion detection sensors. The firewalls are precisely configured to allow and deny strategic ports and protocols to pass between the three malnet networks enabling a variety of attack scenarios. Each network is assigned to a virtual switch and has a Endian Firewall with two interfaces. I have three separate host-only networks configured. I created a self-contained, deliberately insecure set of networks populated with vulnerable hosts and systems, while keeping them segregated from my internal "production" systems and home network. Its not 100% technically accurate but provides an overview of the architecture. The diagram below is a logical representation of the current state of my security lab. This process was equally straightforward. I initially installed ESXi 4.x, but soon upgraded to ESXi 5. ESXi was up and running and I was logging into virtual center about 20 minutes after I had started the installation. It involved booting from the ISO and pointing the installer to the USB drive for the OS, and then let setup take care of the rest.
#Security onion iso usb install#
I had read reports of problems with non-compatible hardware and I wanted to ensure that my time would be spent productively working on my virtual machines rather than fighting with ESXi.Īfter assembling the system hardware and testing basic functionality, it was time to install ESXi. I had a few requirements, but the most important one was stability. Reading blogs and forums ( HardOCP's virtualized computing forum was especially helpful), helped me assemble a list of parts that would make up my ESXi security lab. I started my research on VMware ESXi and soon had it running nested within VMware workstation so I could get a sense of how to install and configure the basics. Since the advent of Microsoft Hyper-V and VMware ESXi, I had been eager to start using a pure hypervisor solution rather than just VMware server and workstation. Late last year, I set about building a new virtualization platform to serve as my security lab.
0 kommentar(er)
