Tuesday, January 04, 2011

TaoSecurity Lab

In a recent blog comment one of you asked about TaoSecurity lab. This is a collection of my own gear -- nothing associated with my corporate employer. I decided to post the diagram at left in case someone found it useful.

To summarize the color scheme: 1) blue (and the blue squiggle) means "wireless access," regardless of the nature of the device (phone, appliance, laptop, etc.); 2) green means Cisco; 3) gray means "appliance"; 4) peach (?) means server; and 5) orange means no IP address (e.g., two dumb taps). The two small purple arrows represent lines running to a sensor for monitoring purposes.

As you can see, there are two main segments. The blue devices all connect via wireless to the main network. You could consider the blue devices (and the supported WAP, iTap, and gateway) to be "production." The other devices are all wired, and they are more for "research." In other words, if the Cisco 2651xm router or anything else connected to it dies, no one but me will likely care!

A few aspects of this lab stand out to me:

  • The number of wired devices is roughly equal to the number of wireless devices. A few years ago I had a couple dozen white box systems that took nearly all the shelf space in my wire racks. Now wireless devices generate most of the interesting traffic.

  • I've replaced most hardware systems with virtual systems. The 2950iii is an ESXi server with 10 NICs. With so many NICs I can simulate systems on multiple VLANs on real hardware switches.

  • I like having three Cisco switches and a router. They aren't really necessary but a real layer 3 switch plus two real layer 2 switches is fun for working with IOS.

  • I need a real computer rack. All the rackmount gear is sitting on wire shelving. I'd rather not show any photos until it looks more professional!


So there it is. I didn't show a few more systems which I consider retired, or at least "shut down unless I really need them." For example, I have a PPC Mac Mini and a HP Visualize PA-RISC, plus two Shuttle SFFs and a portable Hacom device. Right now I can't think of a reason to keep them running since I can always spin up a new VM if I need to test anything.

4 comments:

Stunder said...

Nice lab... I am 100% wired still in mine with no wireless and I should be adding things but haven't had a chance. I have a couple of actual server racks (without doors) but for most of the stuff coming in an out for testing I have to admit I am using wire shelving and I love it. I recently took 14 old Compaq DL360/380s with 10/100/1000 cards in them and built a stress testing lab using a custom built Ubuntu bootable disk.

I like the drawing and man I really need to work on one of my own.

chuck said...

Badass rack stuff:

www.starcase.com

I use several of their products. They have an open frame construction with that has optional Currently I am setting up a home theater system rack and and a attack/defend rack for training. The steel racks are find and less expensive than the full aluminum options. You can put them on optional locking wheels, great for a lab.

I first spotted these products used in a secure VTC setup. We used them for our lab racks in our National Guard CERT operations and training center.

Charles "Chuck" A. Fair

Anonymous said...

I also when started tried to get as much as possible of the hardware gear , but now all switched to VMs - too many different systems, too high price of electricity :) .
Yuri

Anonymous said...

You may want to check craigslist for a network rack/cabinet - seen several over the last couple of months.