« links for 2009-02-15
Top Web 2.0 Security Vulnerabilities Unveiled »

Security Lab Part 2 – Putting it together

This is Part 2 of my Security Lab series.  If you have never built a Security Lab or are new to Information Security I would suggest you check out the book Build Your Own Security Lab: A Field Guide for Network Testing.

Having gathered the various pieces of hardware I discussed in Part 1, I have now put everything together.  This is what it looks like.

The 2Wire 3800HGV-B Gateway connects everything to the Internet through AT&T’s U-Verse service.  The RG (2Wire 3800HGV-B Residential Gateway) acts as a Wireless Router, Ethernet Switch, DHCP server, and Firewall.  At first I was disappointed in not finding options for logging.  After a little investigative work, I found a hidden Management and Diagnostic Console that allows you to configure logging to a syslog server.  For those that have this gateway, check out http://192.168.XXX.XXX/xslt?PAGE=J18&THISPAGE=A02_POST&NEXTPAGE=J18 on your own router if you have the 2Wire 3800HGV-B.

Logging is very important when doing this type of research.   To get the detail I need, I need to be able to see everything on the wire.  Since the 2Wire box does not have a span port, I simply pugged in a hub for connecting my honey pots (attack targets).  This will allow me to easily use various network monitoring and capture tools.  I also connected a LinkSys Wireless router to have a management network that is seperate from the lab network.

The HoneyWall acts as a reverse firewall so to speak.  It is designed to allow all trafiic in and block bad traffic from going back out.  It also acts as an IPS (Intrusion Provention System) using Snort Inline to inpect the packets.  Once a honey pot is compromised, it cannot be used as an attack platform against the rest of the Internet.

Attacks against the honey pots will come from the Internet and from a laptop I will be using as an attack platform using various tools.  With the RG, I will have the ability to place a machine in DMZ+ mode which basically puts it directly on the internet.  I can also route traffic to specific ports to other machines.

Now that the lab is in place, look for future postings of research done in the lab.

Possibly related posts: (automatically generated)

Explore posts in the same categories: Honey Pots, Security, Security Lab, Security Research

This entry was posted on February 21, 2009 at 10:55 am and is filed under Honey Pots, Security, Security Lab, Security Research. You can subscribe via RSS 2.0 feed to this post's comments.

Tags: , , ,

You can comment below, or link to this permanent URL from your own site.

Comment: