Tuesday, November 25, 2008

Security lab environment ftw

I teach a basic undergraduate computer security class, which is a mix between ethical hacking, incident response, and a little bit of security management. My students do their assignments in a virtual security lab (7 hosts in a VMWare environment). When class is over, I'll post how I set up this lab in a little more detail.

Getting to work this morning, I found the following message in my mailbox:

Subject: host5 is down
Date: 11/25/2008 2:10 AM

Good Morning,

I crashed host5 by trying to run the following exploit:
http://milw0rm.com/exploits/7091
The files that should be removed: ~mikei/data/1.c    and   ~mikei/data/1

~Apologies



That makes me happy ;)


Not only did my students feel the urge to play around in the virtual
lab in the middle of the night (the deadline isn't for a few weeks), they were also able to identify what they did, and were open and honest about it.


I wish everyone would be so forthcoming. Mistakes are there to be
made and learned from. As an information security manager, it should be
your job to encourage people to disclose mistakes to you without
necessarily being afraid for their jobs.


Now, this is not to say that I wouldn't be extremely mad if
someone if in a commercial environment crashes a production server by
trying to run milw0rm exploit code on it, but I would still rather know
;)


No comments:

Post a Comment

Please share your view and opinions on what I wrote. In order to maintain quality, all comments will be moderated for merit. Contributions that call me out on statements that appear unfounded, wrong, or simply with which you disagree are highly appreciated and are even encouraged. Spam and 'me too' answers will be ignored.