As I’m currently setting up and playing with my home research lab this article from Dark Reading caught my attention. The article doesn’t provide too much ‘new’ material to those that have researched security labs even in minimal depths, but it does focus on how security labs can provide cheap training to keep your skills sharp during the current economic current. I don’t want to paraphrase the article as it is all fairly self-explanatory, for those considering how to use a proposed or existing lab John Sawyers’ article suggests the following possibilities:
Before everyone signs off on the security testing lab, however, you need to answer several questions to determine the design and purpose of the lab. They include:
- Is the lab just for testing new security tools and exploits in a controlled environment?
- Will the lab be home to staged cyberwarfare, where multiple staff members are involved as either attackers or defenders?
- What about mock incident-response scenarios, where one team member “hacks” a system or pretends to be a disgruntled employee while the others are left trying to put the pieces back together?
The article does go on to suggest different hardware and systems for various flavours of labs but nothing particularly mindbending (VMWare for basics, more hardware required for larger labs, etc.)
— Andrew Waite