virtualizing testbeds for fun and profit
TRANSCRIPT
![Page 1: Virtualizing Testbeds For Fun And Profit](https://reader034.vdocuments.mx/reader034/viewer/2022042818/55ab060f1a28abce118b46e1/html5/thumbnails/1.jpg)
Virtualizing Networks for Fun and Profit
Matt MaiselBrian Reitz
![Page 2: Virtualizing Testbeds For Fun And Profit](https://reader034.vdocuments.mx/reader034/viewer/2022042818/55ab060f1a28abce118b46e1/html5/thumbnails/2.jpg)
Download VirtualBox and Leonidas VDI http://www.virtualbox.org/wiki/Downloads Copy Leonidas virtual drive image onto your desktop
from a flash drive
![Page 3: Virtualizing Testbeds For Fun And Profit](https://reader034.vdocuments.mx/reader034/viewer/2022042818/55ab060f1a28abce118b46e1/html5/thumbnails/3.jpg)
The 300 LEONIDAS Solution
A product of SRA 221, Fall 2008
![Page 4: Virtualizing Testbeds For Fun And Profit](https://reader034.vdocuments.mx/reader034/viewer/2022042818/55ab060f1a28abce118b46e1/html5/thumbnails/4.jpg)
Leonidas InfoSec, LLC Executive Level Leadership
![Page 5: Virtualizing Testbeds For Fun And Profit](https://reader034.vdocuments.mx/reader034/viewer/2022042818/55ab060f1a28abce118b46e1/html5/thumbnails/5.jpg)
Malicious Attackers, Tonight You Dine in Hell!
![Page 6: Virtualizing Testbeds For Fun And Profit](https://reader034.vdocuments.mx/reader034/viewer/2022042818/55ab060f1a28abce118b46e1/html5/thumbnails/6.jpg)
Virtualize the Network with Leonidas Clones
![Page 7: Virtualizing Testbeds For Fun And Profit](https://reader034.vdocuments.mx/reader034/viewer/2022042818/55ab060f1a28abce118b46e1/html5/thumbnails/7.jpg)
![Page 8: Virtualizing Testbeds For Fun And Profit](https://reader034.vdocuments.mx/reader034/viewer/2022042818/55ab060f1a28abce118b46e1/html5/thumbnails/8.jpg)
Leonidas Fights for the Future of the Free Enterprise
Virtualization will move processing power back to the mainframe
Virtualization redefines rapid development and disaster recovery
Virtualization makes baseline management easy Open Source software is coming to a level of maturity
![Page 9: Virtualizing Testbeds For Fun And Profit](https://reader034.vdocuments.mx/reader034/viewer/2022042818/55ab060f1a28abce118b46e1/html5/thumbnails/9.jpg)
The Cogs of Leonidas
Technical Implementation
![Page 10: Virtualizing Testbeds For Fun And Profit](https://reader034.vdocuments.mx/reader034/viewer/2022042818/55ab060f1a28abce118b46e1/html5/thumbnails/10.jpg)
VirtualBoxVirtualBox is free, open-source virtualization software developed by Sun, Inc. It creates virtual machines upon which nearly any operating system can be run. Users can customize the amount of RAM, hard drive size, network adapters, etc. as needed.
http://virtualbox.org
![Page 11: Virtualizing Testbeds For Fun And Profit](https://reader034.vdocuments.mx/reader034/viewer/2022042818/55ab060f1a28abce118b46e1/html5/thumbnails/11.jpg)
Ubuntu 7.10Ubuntu is a distribution of
Linux that focuses on ease of
use, compatibility, and
security. Ubuntu 7.10,
released in October of 2007,
was the operating system
detailed in the project outline
provided and has since been
superseded by Ubuntu 8.10,
the Intrepid Ibex.
http://ubuntu.com
![Page 12: Virtualizing Testbeds For Fun And Profit](https://reader034.vdocuments.mx/reader034/viewer/2022042818/55ab060f1a28abce118b46e1/html5/thumbnails/12.jpg)
Synaptic Package Manager
The APT framework
Makes installing popular
packages as simple as
sudo apt -get i nst al l
openssh
Manages updates and
dependencies as well
http://wiki.debian.org/Apt
![Page 13: Virtualizing Testbeds For Fun And Profit](https://reader034.vdocuments.mx/reader034/viewer/2022042818/55ab060f1a28abce118b46e1/html5/thumbnails/13.jpg)
The Master Image Install all the necessary
software onto a master leonidas.
Use Vboxmanage to clone the hard drive image, essentially making duplicate machines.
Easy to simulate back-ups. Spend less time installing
and configuring software
![Page 14: Virtualizing Testbeds For Fun And Profit](https://reader034.vdocuments.mx/reader034/viewer/2022042818/55ab060f1a28abce118b46e1/html5/thumbnails/14.jpg)
Definitions and terms
SRA Club? What’s that mean?
![Page 15: Virtualizing Testbeds For Fun And Profit](https://reader034.vdocuments.mx/reader034/viewer/2022042818/55ab060f1a28abce118b46e1/html5/thumbnails/15.jpg)
Virtualization The abstraction of
computer resources Platform Virtualization
Virtualization of computers or operating systems. It hides the physical characteristics of computing platform from the users, instead showing another abstract, emulated computing platform.
![Page 16: Virtualizing Testbeds For Fun And Profit](https://reader034.vdocuments.mx/reader034/viewer/2022042818/55ab060f1a28abce118b46e1/html5/thumbnails/16.jpg)
Cloud Computing Internet, "cloud," based development and
use of computer technology that provides real-time scalable resources are provided “as a service” over the Internet to users who need not have knowledge of, expertise in, or control over the technology infrastructure that supports them.
Google Apps Salesforce.com, Amazon Web Services
![Page 17: Virtualizing Testbeds For Fun And Profit](https://reader034.vdocuments.mx/reader034/viewer/2022042818/55ab060f1a28abce118b46e1/html5/thumbnails/17.jpg)
Host In this context, we’ll use
host to refer to the physical computer running the virtual machines, to keep things straight. A host can virtualize one or more virtual machines.
![Page 18: Virtualizing Testbeds For Fun And Profit](https://reader034.vdocuments.mx/reader034/viewer/2022042818/55ab060f1a28abce118b46e1/html5/thumbnails/18.jpg)
Commandline A mechanism for interacting with a computer operating
system or software by typing commands to perform specific tasks.
![Page 19: Virtualizing Testbeds For Fun And Profit](https://reader034.vdocuments.mx/reader034/viewer/2022042818/55ab060f1a28abce118b46e1/html5/thumbnails/19.jpg)
Virtualization software VirtualBox Xen VMWare
VMWare Server VMWare ESX VMWare Workstation
Parallels Desktop for Mac QEMU Microsoft Virtual Server
Microsoft Virtual PC
![Page 20: Virtualizing Testbeds For Fun And Profit](https://reader034.vdocuments.mx/reader034/viewer/2022042818/55ab060f1a28abce118b46e1/html5/thumbnails/20.jpg)
VMWare vs. Virtualbox
Free, open-source, limited vs free, licensed, and limited?
![Page 21: Virtualizing Testbeds For Fun And Profit](https://reader034.vdocuments.mx/reader034/viewer/2022042818/55ab060f1a28abce118b46e1/html5/thumbnails/21.jpg)
VMWare Appliances
Virtual Appliances are pre-built software solutions, comprised of one or
more Virtual Machines that are packaged, updated,
maintained and managed as a unit.
Unlike a traditional hardware
appliance, these software appliances let customers
easily acquire, deploy and manage, pre-integrated solution stacks. This speeds
up time to value and simplifies software development,
distribution, and management.
![Page 22: Virtualizing Testbeds For Fun And Profit](https://reader034.vdocuments.mx/reader034/viewer/2022042818/55ab060f1a28abce118b46e1/html5/thumbnails/22.jpg)
Virtualbox and Vboxmanage
If you are comfortable with the command line, you can do something similar by duplicating the .vdi, the virtual machine’s hard drive, and creating a new machine.
This is the route we took.
![Page 23: Virtualizing Testbeds For Fun And Profit](https://reader034.vdocuments.mx/reader034/viewer/2022042818/55ab060f1a28abce118b46e1/html5/thumbnails/23.jpg)
Which is better? Virtualbox
Open-source (partly) Free for personal use Easy to set up Cloned virtual machines
can be tuned as needed
-Some capabilities require the command-line
Networking can be tricky
VMWare Many different versions Some are free (Server,
Player) Registration is needed for
some Appliances can’t be
tweaked Appliance Marketplace Easier VM networking
Verdict: Hard to say
![Page 24: Virtualizing Testbeds For Fun And Profit](https://reader034.vdocuments.mx/reader034/viewer/2022042818/55ab060f1a28abce118b46e1/html5/thumbnails/24.jpg)
Practical Applications
Why bother with virtual machines?
![Page 25: Virtualizing Testbeds For Fun And Profit](https://reader034.vdocuments.mx/reader034/viewer/2022042818/55ab060f1a28abce118b46e1/html5/thumbnails/25.jpg)
1. Learning Linux without fear Don’t worry about hardware requirements
Automatically set up internet access, too!
Keep your current operating system Try out different operating systems Use only the tools you need
Easily recover from catastrophic failure The infamous “rm –rf /”
![Page 26: Virtualizing Testbeds For Fun And Profit](https://reader034.vdocuments.mx/reader034/viewer/2022042818/55ab060f1a28abce118b46e1/html5/thumbnails/26.jpg)
2. Try some hacking! Perfectly legal to hack your own (virtualized) computer
Damn Vulnerable Linux [http://damnvulnerablelinux.org]
Proof of concept exploits and attacks See how fast an unpatched copy of Windows can get
exploited. Don’t forget the MSDN Academic Alliance!
Brute-force attacks
![Page 27: Virtualizing Testbeds For Fun And Profit](https://reader034.vdocuments.mx/reader034/viewer/2022042818/55ab060f1a28abce118b46e1/html5/thumbnails/27.jpg)
3. Learn some networking! Equipment is expensive! Easily try differences between OS’s
*nix systems: ifconfig Windows systems: ipconfig
Because it’s virtual, you can pull it up anytime you need it in minutes. Much more convenient than trying to get in the networking
lab.
![Page 28: Virtualizing Testbeds For Fun And Profit](https://reader034.vdocuments.mx/reader034/viewer/2022042818/55ab060f1a28abce118b46e1/html5/thumbnails/28.jpg)
4. Great for in-class demos
![Page 29: Virtualizing Testbeds For Fun And Profit](https://reader034.vdocuments.mx/reader034/viewer/2022042818/55ab060f1a28abce118b46e1/html5/thumbnails/29.jpg)
Real world implementations Virtual Private Server Hosting
Ex: linode.com, slicehost.com Pay for more resources/bandwidth If you screw up big time/get haxxed, just reset the VPS
Enterprise systems Legacy systems
Come see a speaker from Morgan Franklin on Monday February 2 in the Cybertorium!
![Page 30: Virtualizing Testbeds For Fun And Profit](https://reader034.vdocuments.mx/reader034/viewer/2022042818/55ab060f1a28abce118b46e1/html5/thumbnails/30.jpg)
DEMONSTRATIONS
Virtualbox and internal networking
![Page 31: Virtualizing Testbeds For Fun And Profit](https://reader034.vdocuments.mx/reader034/viewer/2022042818/55ab060f1a28abce118b46e1/html5/thumbnails/31.jpg)
Cloning a VDI Create an army of virtual machines
Vboxmanage cl onevdi mast er l eoni das. vdi cl i ent l eoni das. vdi
![Page 32: Virtualizing Testbeds For Fun And Profit](https://reader034.vdocuments.mx/reader034/viewer/2022042818/55ab060f1a28abce118b46e1/html5/thumbnails/32.jpg)
Creating an Internal (Virtual) Network vboxmanage modi f yvm Ubunt u. Host -ni c1 i nt net vboxmanage modi f yvm Ubunt u. Host - i nt net 1 t est net
vboxmanage modi f yvm Ubunt u. Server –ni c1 i nt net vboxmanage modi f yvm Ubunt u. Server - i nt net 1 t est net
![Page 33: Virtualizing Testbeds For Fun And Profit](https://reader034.vdocuments.mx/reader034/viewer/2022042818/55ab060f1a28abce118b46e1/html5/thumbnails/33.jpg)
Assigning Static IP addresses
Client: IP: 192.168.1.3 Mask: 255.255.255.0 Gateway: 10.0.1.x
Server IP: 192.168.1.2 Mask: 255.255.255.0 Gateway: 10.0.1.x
![Page 34: Virtualizing Testbeds For Fun And Profit](https://reader034.vdocuments.mx/reader034/viewer/2022042818/55ab060f1a28abce118b46e1/html5/thumbnails/34.jpg)
Ping Start both machines Open terminal Open Wireshark
Sudo wi reshark Capt ure on port t hat you assi gned an I P
Open second t ermi nal Pi ng 192. 168. 1. x
![Page 35: Virtualizing Testbeds For Fun And Profit](https://reader034.vdocuments.mx/reader034/viewer/2022042818/55ab060f1a28abce118b46e1/html5/thumbnails/35.jpg)
Questions?