Why Build a Lab? The Build Process
Why Build a Lab: So which should you become fluent with or concentrate on when testing or training? I have included a list of tools later in this post, where you should consider getting familiar with in order to prepare properly for the test.
NOTE: The list is s short one, but that does not mean you should stop with what is noted here. You should have at least three to five of each type of tool available just in case you don’t get the results you want out of your favorite tool.
Read: Penetration Testing Framework & Alternative Methods
The Build Process
The first step in setting up a lab is to configure the system that you will use for testing. Since this guide assumes you will be since a single system to test your skills and evaluate tools, we will be using virtualization as the way to best facilitate this goal.
This lab setup described here assumes that you will be using Windows as a base operating system with virtualized operating system hosted on top of this environment.
If you don’t wish to host virtual machines with additional tools in either Windows or Linux, you can skip setting up the virtual environment.
But before you decide against creating a virtual machine, consider the advantages:
- You can test malware without risk because your guest operating system can be isolated.
- You can easily test different servers and applications without modifying your base operating system.
- In case the virtual machine gets damaged or misconfigured in some way, you can reinstall it or roll it back to a previous snapshot.
- You can set restore points or snapshots prior to installing and testing new tools; if something goes away, you can easily revert to an earlier configuration.
- You can host multiple operating systems on one physical machine without configuring some complex multi-boot setup.
- Configuring a test network or virtual machines is much cheaper and more efficient than using actual networking hardware.
Read: Penetration Testing Mobile Devices Using Android
Of course, everything has its downside, so let me address of those:
- Some software will not work properly in a virtual environment.
- Some hardware devices used for penetration testing will not work with virtualization, although this is becoming less of a problem with newer versions of the technologies involved.
- The hardware used to host both the physical operating system and multiple virtual machines will need much more memory, and it will need plenty of disk space to host everything.
- Sometimes the virtualized networking functionality can be a bit glitch.
While neither of these lists is exhaustive, they should at least get you thinking. Neither choice (to go virtualized or not) is wrong, and in the field you can find individual using both, but make sure you understand the situation before you implement it and use it in production.