SecurityCertified

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Tuesday, January 4, 2011

TaoSecurity Lab

Posted on 2:17 PM by Unknown
In a recent blog comment one of you asked about TaoSecurity lab. This is a collection of my own gear -- nothing associated with my corporate employer. I decided to post the diagram at left in case someone found it useful.

To summarize the color scheme: 1) blue (and the blue squiggle) means "wireless access," regardless of the nature of the device (phone, appliance, laptop, etc.); 2) green means Cisco; 3) gray means "appliance"; 4) peach (?) means server; and 5) orange means no IP address (e.g., two dumb taps). The two small purple arrows represent lines running to a sensor for monitoring purposes.

As you can see, there are two main segments. The blue devices all connect via wireless to the main network. You could consider the blue devices (and the supported WAP, iTap, and gateway) to be "production." The other devices are all wired, and they are more for "research." In other words, if the Cisco 2651xm router or anything else connected to it dies, no one but me will likely care!

A few aspects of this lab stand out to me:

  • The number of wired devices is roughly equal to the number of wireless devices. A few years ago I had a couple dozen white box systems that took nearly all the shelf space in my wire racks. Now wireless devices generate most of the interesting traffic.

  • I've replaced most hardware systems with virtual systems. The 2950iii is an ESXi server with 10 NICs. With so many NICs I can simulate systems on multiple VLANs on real hardware switches.

  • I like having three Cisco switches and a router. They aren't really necessary but a real layer 3 switch plus two real layer 2 switches is fun for working with IOS.

  • I need a real computer rack. All the rackmount gear is sitting on wire shelving. I'd rather not show any photos until it looks more professional!


So there it is. I didn't show a few more systems which I consider retired, or at least "shut down unless I really need them." For example, I have a PPC Mac Mini and a HP Visualize PA-RISC, plus two Shuttle SFFs and a portable Hacom device. Right now I can't think of a reason to keep them running since I can always spin up a new VM if I need to test anything.
Tweet
Email ThisBlogThis!Share to XShare to Facebook
Posted in | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • DojoCon Videos Online
    Props to Marcus Carey for live streaming talks from DojoCon . I appeared in my keynote , plus panels on incident response and cloud secur...
  • Practice of Network Security Monitoring Table of Contents
    Since many of you have asked, I wanted to provide an updated Table of Contents for my upcoming book, The Practice of Network Security Monito...
  • Mandiant APT1 Report: 25 Best Commentaries of the Last 12 Days
    Two weeks ago today our team at Mandiant was feverishly preparing the release of our APT1 report . In the twelve days that followed public...
  • Feedback from Network Security Monitoring 101 Classes
    At Black Hat in Las Vegas I taught two Network Security Monitoring 101 (NSM101) classes. This is a new class that I developed this year, a...
  • A Book for the Korean Cyber Armies
    I've got a book for the Korean cyber armies, North and South. That's right, it's my first book , The Tao of Network Security Mo...
  • What is Cloud?
    The slide at left was one of my favorites from Craig Balding's Cloud Security Ghost Story talk from Black Hat EU earlier this year. I ...
  • SQL Injection Challenge and Time-Based Security
    Thanks to this Tweet by @ryancbarnett, I learned of the lessons learned of the Level II component of the ModSecurity SQL Injection Challen...
  • Bejtlich Speaking at TechTarget Emerging Threats Events in Seattle and New York
    I will be speaking at two events organized by TechTarget , for whom I used to write my Snort Report and Traffic Talk articles. The one-da...
  • BeyondTrust Report on Removing Administrator: Correct?
    Last week BeyondTrust published a report titled BeyondTrust 2009 Microsoft Vulnerability Analysis . The report offers several interesting ...
  • President Obama Is Right On US-China Hacking
    I strongly recommend watching the excerpt on the Charlie Rose show titled Obama: Blunt Conversation With China on Hacking . I reproduced the...

Categories

  • afcert
  • Air Force
  • analysis
  • announcement
  • apt
  • attribution
  • bestbook
  • blackhat
  • books
  • breakers
  • bro
  • bruins
  • certification
  • china
  • cisco
  • cissp
  • cloud
  • clowns
  • commodore
  • conferences
  • controls
  • correlation
  • counterintelligence
  • cybercommand
  • cyberwar
  • dfm
  • education
  • engineering
  • feds
  • fisma
  • freebsd
  • GE
  • ge-cirt
  • hakin9
  • history
  • impressions
  • information warfare
  • ipv6
  • law
  • leadership
  • malware
  • mandiant
  • microsoft
  • mssp
  • nsm
  • offense
  • oisf
  • packetstash
  • philosophy
  • pirates
  • powerpoint
  • press
  • psirt
  • reading
  • redteam
  • reviews
  • russia
  • sans
  • sec
  • sguil
  • snorby
  • spying
  • threat model
  • threats
  • Traffic Talk
  • training
  • tufte
  • tv
  • ubuntu
  • usenix
  • verizon
  • vulnerabilities
  • wisdom
  • writing

Blog Archive

  • ►  2013 (16)
    • ►  September (1)
    • ►  August (1)
    • ►  June (2)
    • ►  April (2)
    • ►  March (1)
    • ►  February (3)
    • ►  January (6)
  • ►  2012 (60)
    • ►  December (4)
    • ►  November (5)
    • ►  October (3)
    • ►  September (10)
    • ►  August (2)
    • ►  July (6)
    • ►  June (6)
    • ►  May (4)
    • ►  April (2)
    • ►  March (9)
    • ►  February (6)
    • ►  January (3)
  • ▼  2011 (108)
    • ►  December (3)
    • ►  November (7)
    • ►  October (11)
    • ►  September (9)
    • ►  August (18)
    • ►  July (10)
    • ►  June (5)
    • ►  May (4)
    • ►  April (13)
    • ►  March (17)
    • ►  February (2)
    • ▼  January (9)
      • Wanted: Incident Handler in Michigan
      • Seven Cool Open Source Projects for Defenders
      • More on Chinese Stealth Fighter and APT
      • Happy 8th Birthday TaoSecurity Blog
      • The "IT as a Business" Train Wreck
      • To Those Who Want Tim Thomas Books
      • TaoSecurity Lab
      • VizSec 2011 Call for Papers Open
      • Starting the New Year Right
  • ►  2010 (193)
    • ►  December (14)
    • ►  November (11)
    • ►  October (6)
    • ►  September (16)
    • ►  August (15)
    • ►  July (26)
    • ►  June (15)
    • ►  May (15)
    • ►  April (15)
    • ►  March (16)
    • ►  February (19)
    • ►  January (25)
  • ►  2009 (123)
    • ►  December (10)
    • ►  November (17)
    • ►  October (21)
    • ►  September (13)
    • ►  August (20)
    • ►  July (21)
    • ►  June (21)
Powered by Blogger.

About Me

Unknown
View my complete profile