328_InfoSec_06.qxd 4/14/05 8:40 PM Page 159 Chapter 6 No Place Like /home—Creating an Attack Lab Solutions in this chapter: ■ Building an Attack Platform ■ Building a Target Lab ■ Assembling Peripherals Summary Solutions Fast Track Frequently Asked Questions 159 328_InfoSec_06.qxd 4/14/05 8:40 PM Page 160 160 Chapter 6 • No Place Like /home—Creating an Attack Lab Introduction The best way to sharpen and maintain your skills is to practice attack and defense techniques. In the movie,“The Matrix, the lead character, Neo, begins his journey as a bumbling-know nothing. In his own mind, he is hot stuff. When he steps up to the next level, Morpheus teaches him a hard lesson in the dojo (training hall).After being tossed around like a rag doll, Neo realizes his skills need focus and his mind needs to be released from the things he thought he knew about the world around him.The transition from computer geek to INFOSEC pro will undoubtedly leave you feeling a bit like Neo.As a computer hobbyist, your perspective is purposefully limited to the tech you feel like tinkering with. In the “real world” of professional INFOSEC, you must focus on the technologies that are prevalent in the industry. You have to practice your skills and techniques in an environment that mirrors what you see in that real world. Specifically, you need to build a work machine (we’ll call it an attack machine) and a working target lab that allows you to keep up with the changing face of network security. In this chapter we’ll explore the main compo- nents that make up a well-rounded, flexible attack machine. We’ll also discuss the components of a solid target lab. From software to hardware, this chapter is your guide to designing and maintaining what is arguably the most important catalyst to developing and maintaining those hard-learned skillz! Building an Attack Platform Sith and Jedi warriors carried lightsabers. Samurai warriors lived and died by their Daito and Wakizashi swords. Ninja were known to carry swords, nunchaku and shuriken as weapons.A hacker’s attack machine (powered by a keen mind) is a devastating weapon.As an INFOSEC professional, it’s important to prepare for the technology you will face, but without the proper tools installed on the proper well-thought out plat- form, you will be at a severe disadvantage professionally. In this section, we’ll discuss some the hardware and software considerations of building a well-equipped attack platform. Hardware Most INFOSEC jobs require at least some travel, whether for actual gigs or for con- ferences, training, or testing. With this in mind, a laptop is a logical choice for an attack platform.A laptop is certainly not required, but the portability of a laptop (sometimes called a notebook) is nice, even if you don’t do any traveling. Combined www.syngress.com 328_InfoSec_06.qxd 4/14/05 8:40 PM Page 161 No Place Like /home—Creating an Attack Lab • Chapter 6 161 with a wireless connection, a laptop allows you to check your email, surf the web, and keep in touch without being strapped to a desk. In addition, a laptop can easily be transported back and forth between work and home (or between the living room and the Jacuzzi), which makes synchronizing data that much simpler.The down side of a laptop is that it is portable and can easily be stolen.A stolen laptop can be dev- astating, resulting in loss of productivity and effort, or, in the most extreme case, it could allow the thief to compromise your client’s network using the data stored on the machine. Because of this downside, you should give extra consideration to an effective backup strategy (using even simple tools like rsync or tar), and utilize indus- trial-grade encryption on any laptop machine.Another downside of a portable system is that it’s much easier to suffer data loss or hardware failure due to the rela- tive frailty of most laptops.A drop from just about any height could cause hard disk problems that could result in loss or corruption of data. When considering a laptop, it’s worth looking for auto-parking hard drives that will secure the drive heads in the event of a drop.This feature alone could save your hide when your laptop goes bouncing down your driveway. Sell Your Skillz… Encrypt it! There are many good encryption products on the market. Look for a multi-use product like PGP Personal Desktop (www.pgp.com, available for Windows and Mac) that is capable of one-shot encryption of files and e- mail, but also allows virtual partition encryption, transparent encryption of files that are used on a regular basis, like customer vulnerability reports. SafeHouse (www.pcdynamics.com/SafeHouse/) is another good hard drive encryption program for Windows, but lacks the industry-stan- dard e-mail protection offered by the PGP product line. Windows 2000/ XP Pro, Linux, and Mac OS X users are afforded basic protection in the operating system software through the EFS filesystem, losetup command and disk image encryption features, respectively. www.syngress.com 328_InfoSec_06.qxd 4/14/05 8:40 PM Page 162 162 Chapter 6 • No Place Like /home—Creating an Attack Lab Which Notebook Vendor? There are so many PC laptop vendors these days that it’s nearly impossible to keep up with them all. However, most laptops are similar and share various components produced from the same manufacturer. When considering a laptop purchase, it’s easy to get lured by “sex appeal”. Lean, mean, powerful machines are all the rage these days, but if you’re considering a single laptop purchase, and you’re on a budget, sexy isn’t always better. Consider the Sony VAIO PCG-TR3A notebook, shown in Figure 6.1.This machine is lightweight, with built-in wireless, digital camera, CD- RW/DVD drive and a 40GB hard drive.Although this machine is very capable, it costs nearly 4 times the price of the similarly equipped (and less sexy) Dell Inspiron 1000, Dell’s entry-level notebook machine. Beware the sex factor, however, even if you’re independently wealthy. In most cases, highly customized machines like the Sony VAIO are harder to customize with niceties like external wireless antennas or non-OEM operating systems like Linux. In addition, sexy machines can become tar- gets, even to non-technical thieves. What’s most important for work is flexibility. Figure 6.1 The Sexy Sony VAIO PCG-TR3A Photo Courtesy of Sony VAIO What about a Mac? This is a loaded question with no correct answer.The Mac vs PC war is a bloody one with zealots on both sides of the argument.Apple makes gorgeous hardware; there’s no doubt about that. In fact, even the “Anti-Mac” camp generally agrees that Apple makes amazing hardware. Consider the 12-inch Mac Powerbook G4, shown in Figure 6.2. www.syngress.com 328_InfoSec_06.qxd 4/14/05 8:40 PM Page 163 No Place Like /home—Creating an Attack Lab • Chapter 6 163 Figure 6.2 The equally-sexy Mac Powerbook G4 12-inch Photo Courtesy of Sony VAIO Nicely equipped, the PowerBook is more than able to handle the stresses of life as an attack machine, but not without a price. Priced firmly in the mid to high range, these machines range in performance, from the svelte 12-inch to the 17-inch model, which is a desktop replacement system.The Apple operating system, OS X, is based loosely on FreeBSD, with a smooth-as-butter Aqua user interface. Unix users will delight in the ability to control the machine from a familiar command-line shell like tcsh or bash. Macs, however, are not PC compatible, and they are best suited for run- ning Mac (or in some cases Linux) software.This is not a showstopper when consid- ering the PowerBook as an attack machine, and thanks to programs like Virtual PC (www.microsoft.com/windows/virtualpc), the Mac is capable of running Windows or Linux operating systems as a virtual session, enabling their respective software libraries. If you aren’t familiar with Windows and/or Linux, you may consider an attack platform based on those OSs, since you’re more likely to run into them in the field. Many renowned INFOSEC pros and hackers have migrated to a Mac as an attack platform, but if you’re just getting started, there’s no sense overwhelming your- self with too much new technology. Once you get the hang of things, however, a Mac is an excellent choice. Software: Running Multiple Operating Systems War is also apparent in the battle of the operating systems. If you want to start a flame war in just about any forum, try jumping on and shouting “Windoze sucks!” or www.syngress.com 328_InfoSec_06.qxd 4/14/05 8:40 PM Page 164 164 Chapter 6 • No Place Like /home—Creating an Attack Lab “Linucks is for losers!”The choice of operating system for your attack machine is important, as certain attacks against certain targets are just plain easier from certain environments. For example, it’s quite easy for an advanced attacker to bounce around a bunch of Windows shares from a Linux machine, but navigating a web of Windows domain trusts tends to be much simpler from a Windows-based attack platform. Fortunately, you don’t have to choose between operating systems.These days, it’s simple to run multiple operating systems on the same system.