Instant Penetration Testing: Setting Up a Test Lab How-to [Instant] by Vyacheslav Fadyushin, is available now from Packt Publishing at a price of £6.99 £5.94. It is aimed at the prospective or novice security consultant and will give a high level look at the penetration test process, methods and training requirements for someone to get their teeth into.
The text starts by conveying the ethos and components of a penetration test in a logical and easy to understand fashion, and does so quite well. Whilst not particularly detailed, it provides the reader with a high-level introduction to the reasoning, approach and mechanics of the practice of penetration testing. It goes on to underline the advantages and requirements of having a lab for a consultant to test their approach and knowledge before using their skills in the field.
Lab planning is outlined alongside the various objectives which should be met through its implementation. It covers some of the targets which should be considered, including Microsoft and Linux based systems, as well as references to routers and various wireless client devices. There are some obvious exceptions, however, including Solaris, and this section could have included a discussion about virtualised networking and firewall devices for training purposes using the popular GNS3. Some assertions made with regard to virtualisation product pros and cons were very subjective, and some statements regarding VMware ESXi andVMware Workstation were inaccurate. Perhaps the most notable drawback of using VMware Player – the lack of proper snapshot functionality – was completely ignored. Readers: investigate your own virtualisation options aside from this text. Notably, there was very little discussion about requirements for operating system software to install which may not be freely available. Whilst open source operating systems were discussed, Microsoft Windows installation media wasn’t mentioned until nearly half way through the text! As a pre-requisite, this deserves mention in the preface, in my opinion.
The author goes on to describe the specific technical and software components he has used in the implementation of three labs; a network security lab, a web app lab and a wifi lab. The information provided is concise and rather than going into any great detail about why the configurations used were chosen or how a reader might devise their own, it simply describes the steps taken to configure the lab targets. The author completely ignores what level of knowledge the reader has about networking – even at a basic level. This is a major omission based on the intended readership and rookie mistakes which a user may make when following the provided steps could result in some frustration. Instead, it concentrates primarily on his chosen network configuration and installation of some vulnerable web applications. It is hard to see what this style of writing offers the target audience; my assumption would be that someone starting out as a penetration tester could find a lot of this content either unnecessary or inadequately explained.
Networks and Apps Lab
The Microsoft Windows domain set-up is likely to be useful to absolute Windows beginners as it includes the steps required to configure a new domain controller. However, substantial resources exist across the Internet that an interested user could easily find and use. The web app section runs the user through installing and configuring some common browsers and the XAMPP Apache bundle in order to use the Damn Vulnerable Web Application (DVWA). Once again, the reader is taken through the installation process in a very granular fashion. Again, however, some of the reasoning behind the chosen set-up is not divulged and it is not entirely clear to the reader what they have done or why. Perhaps a more valuable addition to the book would have been a comprehensive evaluation of available web application appliances – many of which are available to download for free – so that users could download and use a range of technologies.
The Wifi Lab section continues in largely the same vein; the reader is shown how to configure an Asus WL-520GC with two wireless networks, both bearing the same SSID but using two different encryption methods. Assumptions are made about the default configuration on other routers, which as unknowns, could confuse the readership further. There follows a brief run through of installing Radius on an Ubuntu system, with minimal explanation.
The final section of the book reviews some online lab portals. The reviews do give the reader some good information about some of the various sites available for online testing, and although there are some notable omissions, should prove to be useful to a novice penetration tester. Perhaps a valuable addition may have been VulnHub?
One useful aspect which is referred to during the text is the use of snapshots with virtualisation. Unfortunately, the author does not go into any detail about their use and purpose until the initial lab set-up is completed; an inexperienced user would benefit greatly from a clear explanation of what they are, how they can be used and why they need to know about them from the outset.
Throughout the book the author regularly refers to attack types, vulnerabilities and weaknesses with which a testing consultant should be familiar. However, the distinct lack of definition of terms in many cases means that an inexperienced user would spend a considerable amount of time using Internet resources to understand the terms. Developing the book and fully outlining the terms used further would have served to increase the value of the book substantially as a pocket reference for its audience. At no point are tools which a user might find useful in their education mentioned – which I feel would have added further good value to the publication.
Based on this book’s price I think it may well be of some value to its target audience: an interested potential penetration tester. However, the lack of detail in some areas as well as some assertions which are potentially inaccurate mean that the Internet could be as good a resource. Improvements in the level of detail and a more holistic approach to constructing and configuring the lab would help to increase the value to prospective users.
[Short Text: A quick but basic text which serves as a starting point for someone interested in penetration testing, security and constructing a lab to meet Consultant training needs]