Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

3/20/2009
01:47 PM
50%
50%

Tech Insight: A DIY Security Testing Lab

When tough economic times do away with security training and other professional networking opportunities, it's time to roll up your sleeves and do it yourself

A Special Analysis for Dark Reading

Ongoing security training, research, and hands-on testing are required to stay sharp in the information security field. But training is one of the first items to get chopped in tight times, so one option is to take the initiative and create alternative training methods -- like building an in-house security testing lab.

Providing hands-on training and testing in your own lab environment -- which doesn't necessarily have to mimic your production environment -- can prove even more beneficial for infosec pros because it's more flexible and easier to customize than "canned" training environments.

An internal security testing lab is a great asset to an organization. It saves money on training and associated travel expenses, and can serve as a supplemental resource to online training or smaller conferences closer to home. In-house research and training can take place in lieu of travel, which can cost thousands of dollars per person per training class.

For infosec pros, an internal lab is where they can finally test all of the latest, hottest tools they just read about on Twitter or saw in a video from a security conference that they couldn't afford to attend. The silver lining is that a large number of conferences are now putting videos of the talks online, so even if you can't attend, you can view the content as if you were there and then immediately apply what you learned in the testing lab.

Another major benefit is that hands-on lab training can be self-paced, rather than the grueling pace found in many multiday courses. Or if the budget exists and your staff does attend training courses, the lab can be a good resource for reinforcing the course training materials.

Before everyone signs off on the security testing lab, however, you need to answer several questions to determine the design and purpose of the lab. They include:

  • Is the lab just for testing new security tools and exploits in a controlled environment?
  • Will the lab be home to staged cyberwarfare, where multiple staff members are involved as either attackers or defenders?
  • What about mock incident-response scenarios, where one team member "hacks" a system or pretends to be a disgruntled employee while the others are left trying to put the pieces back together?

Answering those questions will help you know what you'll need in terms of the numbers of computers or servers, virtualization options, network equipment, and space. If the goal is to just test new tools and exploits, a simple environment with preconfigured virtual machines (VMs) is probably sufficient. Ideally, a VM of every operating system in use in your organization can be built at varying patch levels that represent your environment. Depending on the tool or exploit, a different VM can be brought online for testing.

Conducting extensive "capture the flag" type scenarios with multiple personnel will obviously require more hardware, including servers and network hardware. The servers can host multiple VMs, and networking can include both switches and firewalls. The exercises can be fictional -- where you simply have groups that must defend their resources while attacking others' -- or more realistic -- where a small representation of the production network is designed, and then one group attacks while the other defends.

Forensic investigators and incident responders need to keep their skills sharp, as well, so analyzing the systems in the above-mentioned scenarios can be useful. And since many incidents often center around HR investigations and sometimes insider attacks, a staff member can create scenario-based VMs that represent an insider attack, employee misconduct, or similar issues. The VM is then provided to other staff for analysis to see if they can catch all of the clues and write a clear, concise report on the "case."

Companies that set aside time and resources for staff to work in the lab will likely find their employees more prepared to deal with emerging threats. Having that hands-on time gives infosec pros the opportunity to test cutting-edge tools and techniques to see both how they work and how they apply in offensive and defensive situations. And the good news is that it also keeps tool testing off the production network, where it could cause unexpected problems and outages.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-25250
PUBLISHED: 2021-04-13
An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a sensitive file could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privil...
CVE-2021-25253
PUBLISHED: 2021-04-13
An improper access control vulnerability in Trend Micro Apex One, Trend Micro Apex One as a Service and OfficeScan XG SP1 on a resource used by the service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to exec...
CVE-2021-28645
PUBLISHED: 2021-04-13
An incorrect permission assignment vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target ...
CVE-2021-28646
PUBLISHED: 2021-04-13
An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and OfficeScan XG SP1 could allow a local attacker to take control of a specific log file on affected installations.
CVE-2021-28647
PUBLISHED: 2021-04-13
Trend Micro Password Manager version 5 (Consumer) is vulnerable to a DLL Hijacking vulnerability which could allow an attacker to inject a malicious DLL file during the installation progress and could execute a malicious program each time a user installs a program.