Build your own security lab for network testing

Đây là bộ sách tiếng anh cho dân công nghệ thông tin chuyên về bảo mật,lập trình.Thích hợp cho những ai đam mê về công nghệ thông tin,tìm hiểu về bảo mật và lập trình.

for Network Testing

Michael Gregg

Wiley Publishing, Inc.

for Network Testing

Michael Gregg

Wiley Publishing, Inc.

Wiley Publishing, Inc.

10475 Crosspoint Boulevard

Indianapolis, IN 46256

www.wiley.com

Copyright  2008 by Michael Gregg

Published by Wiley Publishing, Inc., Indianapolis, Indiana

Published simultaneously in Canada

ISBN: 978-0-470-17986-4

Manufactured in the United States of America

10 9 8 7 6 5 4 3 2 1

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form

or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee

to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600 Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, or online at http://www.wiley.com/go/permissions.

warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose No warranty may be created or extended by sales or promotional materials The advice and strategies contained herein may not be suitable for every situation This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services If professional assistance is required, the services of a competent professional person should be sought Neither the publisher nor the author shall be liable for damages arising herefrom The fact that an organization or Website is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization

or Website may provide or recommendations it may make Further, readers should be aware that Internet Websites listed in this work may have changed or disappeared between when this work was written and when it is read.

For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S at (800) 762-2974, outside the U.S at (317) 572-3993 or fax (317) 572-4002.

Library of Congress Cataloging-in-Publication Data

Gregg, Michael (Michael C.)

Build your own security lab : a field guide for network testing / Michael Gregg.

Inc and/or its affiliates in the United States and other countries, and may not be used without written permission All other trademarks are the property of their respective owners Wiley Publishing, Inc., is not associated with any product or vendor mentioned in this book.

Wiley also publishes its books in a variety of electronic formats Some content that appears in print may not be available in electronic books.

DCNP, ES Dragon IDS, ES Advanced Dragon IDS, and TICSA.

In addition to his experience performing security audits and assessments,

Michael has authored or coauthored more than 10 books, including Security

Administrator Street Smarts: A Real World Guide to CompTIA Security + Skills

(Sybex), CISSP Exam Cram 2 (Que), and Hack the Stack: Using Snort and real to Master the 8 Layers of an Insecure Network (Syngress) Michael is a

Ethe-site expert for TechTarget web Ethe-sites, including SearchCIO-Midmarket.comand SearchNetworking.com He also serves on their editorial advisory board.His articles have been published on IT web sites, including CertificationMagazine (certmag.com), CramSession (cramsession.com), and GoCertify(gocertify.com) Michael has created more than 15 security-related coursesand training classes for various companies and universities While audits andassessments are where he spends the bulk of his time, teaching and contribut-ing to the written body of IT security knowledge is how Michael believes hecan give something back to the community that has given him so much

He is a member of the American College of Forensic Examiners and is anactive member of ISACA When not working, Michael enjoys traveling andrestoring muscle cars

vii

Chapter 1 Hardware and Gear 1 Chapter 2 Building a Software Test Platform 31 Chapter 3 Passive Information Gathering 63 Chapter 4 Detecting Live Systems 105 Chapter 5 Enumerating Systems 149 Chapter 6 Automated Attack and Penetration Tools 189 Chapter 7 Understanding Cryptographic Systems 225 Chapter 8 Defeating Malware 259 Chapter 9 Securing Wireless Systems 291 Chapter 10 Intrusion Detection 325 Chapter 11 Forensic Detection 365

xi

Chapter 1 Hardware and Gear 1

Obtaining Requisite Hardware/Software 10

Exploring Other Operating System Options 30

xiii

Chapter 2 Building a Software Test Platform 31

Chapter 3 Passive Information Gathering 63

Exploiting Web Site Authentication Methods 77Mining Job Ads and Analyzing Financial Data 80Using Google to Mine Sensitive Information 83

Advanced Port-Scanning Techniques 123

Routing Enumeration Countermeasures 158

Server Message Block and Interprocess Communication 163Enumeration and the IPC$ Share 164

Windows Enumeration Countermeasures 168

Sniffing Password Hashes 174

Chapter 6 Automated Attack and Penetration Tools 189

Why Attack and Penetration Tools Are Important 190

Attributes of a Good System Assessment Tool 194

Session Authentication 241

Chapter 8 Defeating Malware 259

Wireless Communication Standards 294

Finding and Assessing the Network 314

Basic Configuration 337

Creating and Testing a Simple Rule Set 347

Building a Snort Windows System 361

Chapter 11 Forensic Detection 365

Deleted/Overwritten Files and Evidence 385

Hiding Techniques 387

Advanced File-Hiding Techniques 389

Use S-Tools to Embed and Encrypt a Message 400

xxi

book can benefit IT security designers and implementers IT security designerswill benefit as they learn more about specific tools and their capabilities.Implementers will gain firsthand experience from installing and practicingusing software tools needed to secure information assets.

Overview of the Book and Technology

This book is designed for individuals who need to better understand thefunctionality of security tools Its objective is to help guide those individuals

in learning when and how specific tools should be deployed and what any ofthe tools’ specific limitations are This book is for you if any of the followingare true:

You want to learn more about specific security tools

You lack hands-on experience in using security tools

You want to get the skills needed to advance at work or move into a newposition

You love to tinker or expand your skills with computer software and

hardware

You are studying for a certification and want to gain additional skills

xxiii

How This Book Is Organized

The contents of this book are structured as follows:

Chapter 1, Hardware and Gear— Guides you through the process ofbuilding a hardware test platform

Chapter 2, Building a Software Test Platform— Looks at your

options for setting up a software test platform You should never be ing a tool for the first time on a production network Virtual machineswill be explored

test-Chapter 3, Passive Information Gathering— Reviews the many waysthat information can be passively gathered This process starts at theorganization’s web site, and then moves to WHOIS records This start-ing point allows you to build a complete profile of the organization

Chapter 4, Detecting Live Systems— Once IP ranges have been ered and potential systems have be identified, you will move quickly tousing a host of tools to determine the status of live systems Learn howInternet Control Message Protocol (ICMP) and other protocols work,while using both Linux and Windows lab systems

discov-Chapter 5, Enumerating Systems— Explores how small weaknessescan be used to exploit a system and gain a foothold or operational con-trol of a system You will learn firsthand how to apply effective counter-measures by changing default banners, hardening systems, and restrict-ing null sessions

Chapter 6, Automated Attack and Penetration Tools— Presents youwith an overview of how attack and penetration tools work These arethe same tools that may be used against real networks, so it is important

to understand how they work and their capabilities

Chapter 7, Understanding Cryptographic Systems— Provides

insight into how cryptographic systems are used to secure informationand items such as passwords You will learn firsthand how these sys-tems are attacked and which tools are used

Chapter 8, Defeating Malware— Takes you through a review of ware and demonstrates how to remove and control virulent code Read-ers will learn how to run rootkit detectors and spyware tools, and useintegrity-verification programs

mal-Chapter 9, Securing Wireless Systems— Offers an overview of thechallenges you’ll face protecting wireless networks Although wirelesssystems are easy to deploy, they can present a real security challenge

Who Should Read This Book

This book is designed for the individual with intermediate skills While thisbook is focused on the individual who seeks to set up and build a workingsecurity test lab, this does not means that others cannot benefit from it Forthose individuals who already have the hardware and software needed toreview specific tools and techniques, Chapter 3 is a good starting point Forother even more advanced individuals, specific chapters can be used to gainadditional skills and knowledge As an example, if you are looking to learnmore about password insertion and password cracking, proceed to Chapter 7

If you are specifically interested in wireless systems, Chapter 9 is for you So,whereas some readers may want to read the book from start to finish, there isnothing to prevent you from moving around as needed

Tools You Will Need

Your desire to learn is the most important thing you have as you start to readthis book I try to use open source ‘‘free’’ software as much as possible Afterall, the goal of this book is to try to make this as affordable as possible for thosewanting to increase their skills Because the developers of many free tools donot have the development funds that those who make commercial tools do,these tools can be somewhat erratic The upside is that, if you are comfortablewith coding or developing scripts, many of the tools can be customized Thisgives them a wider range of usability than many commercial tools

Tools are only half the picture You will also need operating systems tolaunch tools and others to act as targets A mixture of Linux and Win-dows systems will be needed for this task We will delve into many ofthese issues in the first two chapters You may also want to explore siteslike http://www.linuxlinks.com/distributions A fully loaded copy ofBackTrack has been included on the attached CD There is more on this

in the next section

What’s on the DVD

To make the process as easy as possible for you to get started, some of thebasic tools you will need are included with this book You will receive ahost of security tools preloaded with the BackTrack Linux distribution Thisspecialized version of Linux can be run from a bootable CD or via VMware orvirtual machine

Also included on the DVD is a demo copy of Forensic Toolkit (FTK) 1.7 Thisuseful piece of software enables you to do many of the activities discussed inChapter 11, ‘‘Forensic Detection.’’ To learn more about what is included onthe DVD, see Appendix A, ‘‘About the DVD.’’

Summary (From Here, Up Next, and So On)

Build Your Own Security Lab is designed to take readers to the next stage of

personal knowledge and skill development Rather than presenting just the

concept or discussing the tools that fit in a specific category, Build Your Own

Security Lab takes these topics and provides real-world implementation details.

Learning how to apply higher-level security skills is an essential skill need topursue an advanced security career, and to make progress toward obtainingmore complex security certifications, including SSCP, CISSP, CEH, CHFI, andthe like I hope that you enjoy this book, and please let me know how it helpsyou advance in the field of IT security

This book is designed for those who need to better understand the functionality

of security tools Its objective is to help you learn when and how specific toolscan help you secure your network

You may be wondering what security is Security typically is defined bythree core concepts: confidentiality, integrity, and availability There is alsothe question as to how much security is enough Some might say that you cannever have enough security, yet in reality it is about balancing the value of theasset and the cost of protection One thing that is agreed upon about security

is the value of defense in depth Simply stated, security controls should bebuilt in layers For example, renaming the administrator account is a goodidea, but so too is restricting access to the account, as well as adding complexpasswords and performing periodic audits of the log files

Because no two networks are the same, and because they change over time,

it is impossible to come up with a one-size-fits-all list of hardware and softwarethat will do the job for you Networks serve the enterprise that owns them.The enterprise necessarily changes over time, too In addition, the scale ofoperation impacts security considerations If you pursue a career as a securityconsultant, your goals (and inevitably your needs) will differ if you decide

to work for a large multinational corporation (and even differ depending onthe type of industry) or if your interests lie primarily with small office/homeoffice (SOHO) or small business Clearly, a whole spectrum of possibilitiesexists here

This chapter provides the first step in building your own network securitylab You will start to examine the types of hardware and gear that you can use

to build such a test environment, and then look at the operating systems youshould consider loading on your new equipment

1

Why Build a Lab?

A laboratory is as vital to a computer-security specialist as one is to a chemist orbiologist It is the studio in which one can control a large number of variablesthat come to bear upon the outcome of one’s experiments And networksecurity, especially, is a specialization in which the researcher must have adiverse understanding of how the pertinent technologies behave at manylevels For a moment, just consider the importance of the production network

to most organizations This reliance on an always-on, operational, functioningnetwork means that many tests and evaluations must be developed in a lab on

a network that has been specifically designed for such experiments

N O T E A laboratory is a controlled environment in which unexpected events are nonexistent or at least minimized Also, having a lab provides a consequence-free setting in which damage that might result from experimentation is localized (and,

it is hoped, can be easily corrected).

Consider something as basic as patch management Very few organizationsmove directly from downloading a patch to installing it directly in the pro-duction environment The first step is to test the patch The most agreed-uponway to accomplish this is to install it on a test network or system This allowsproblems to be researched and compatibility ensured You might also wish

to consider a typical penetration test It may be that the penetration-testingteam has developed a new exploit or written a specific piece of code for thisunique assignment Will the team begin by deploying this code on the client’snetwork? Hopefully not The typical approach would be to deploy this on

a test network to verify that it will function as designed The last thing thepenetration test team needs is to be responsible for a major outage on theclient’s network These types of events are not good for future business.Building a lab requires you to become familiar with the basics of wiring,signal distribution, switching, and routing You also need to understand howone might ‘‘tap into’’ a data stream to analyze or, potentially, to attack thenetwork The mix of common network protocols must be understood Only

by knowing what is normal on the network can you recognize and isolatestrange behavior Consider some of the other items that might motivate you

to construct such a lab:

able to identify the knowledgeable people on the job or at a customer’s siteand align yourself with them You might even uncover some gifts that youdid not previously realize that you possess Building a lab demonstrates yourdesire and ability to study and control networks One key item that potentialemployers always consider is whether a candidate has the drive to get thejob done Building your own security lab can help demonstrate to employersthat you are looking for more than just a job: you want a career As you usethe network resources in your lab, you will invariably add to your knowledgeand understanding of the technologies that you employ Learning is a naturalconsequence.

Experimentation is a practical necessity if you are to fully understand many

of the tools and methods employed by security professionals and hackersalike Just consider the fact that there are many manuals that explain howWindow Vista works, or how a Check Point firewall works, but no manualcan explain how these systems will function when combined with hundreds ofother software and hardware products Some combinations and interactionsare simply unknown By building your own lab, you will discover that whendeployed in complex modern networks many things do not work the way thedocumentation says that they do And many times, it does not suffice to simply

understand what happens; you need to appreciate the timing and sequence

of events And that requires the control that a laboratory environmentprovides you

Because IT is an industry of continual change, new software, new securitytools, new hacking techniques, and new networking gizmos constantly appear

A network security lab provides you with a forum in which to try these thingsout You certainly don’t want to risk corrupting a computer that you depend

on every day to do your job And you don’t want to negatively impact thework of others; doing so is a good way to quickly put the breaks on yourbudding career

A laboratory thus provides a place where you can try new things This is

a setting in which you can gain a detailed understanding of how things areput together and how they normally interact It is an environment in which

you can likely predict the outcome of your experiments, and if an outcome isunexpected, you can then isolate the cause.

BUILDING YOUR OWN SECURITY LAB

In the thousand of training events and emails I have received from students and those preparing for certification, the question that always arises is, How

do I really prepare for the job or promotion I am seeking? My answer is always the same: know the material, but also get all the hands-on experience you can Many times, the response is that they don’t have enough money in their IT budget or they are a struggling student That is totally understandable Yet the fact is that there is no way to pick up many of the needed skills by reading alone And many tests cannot be conducted on a live Internet-connected network With a little work and effort, you can find the equipment required to practice necessary skills at a reasonable price As an example, network professionals have been doing this for years There are even sites such as www.ciscokits.com that are set up exclusively to provide students with a complete set of

networking gear needed to complete a CCNA or a CCNP certification.

Hackers Welcome

Well, perhaps the title of this section is misleading In fact, I am referring to

the term hacking in a more historic context Originally, years ago, a hacker

was someone who focused on security mechanisms That is part of therole of a security specialist They are responsible for understanding securitymechanisms and sometimes even trying to break them This is often termed

ethical hacking.

What better place to practice ethical hacking skills than on your own testnetwork? This gives you the opportunity to test out tools and experiment withtechnologies without the fear of damaging a production network In effect, bybuilding a network lab, you are creating an environment in which you can(and must) hack And while we are on this topic, I should also make clear thatyou should never run any tools or exploits on an outside or external networkwithout the network owner’s permission

Hacker Software

You need to be aware of the tools that security professionals and hackers alikeuse These tools can be divided into hardware and software Let’s take a look

at the software first

Many pieces of software can be used for good or malicious purposes Forexample, consider port scanners While attackers use them to scan open ports

OS fingerprinting tools

Exploit frameworks

Decompilers

Port redirection tools

Also consider other tools such as virus generators or tools designed ically to create Trojans These types of tools really have little or no practicalpurpose other than to spread malware and cause problems There are evenweb sites that are designed to do nothing but give people the skills to createsuch malicious code You can find one such site at http://vx.netlux.org

specif-A short list of such tools might include these:

Trojans

Viruses

Worms

Malware

Denial of service (DoS) tools

Distributed denial of service (DDoS) tools

consid-or loss The reality is that locks help keep honest people honest Bad guysknow how to bypass locks with tools such as lock picks Lock picks are used toopen door locks, device locks, and padlocks Most lock pickers don’t learn lockpicking as a college course or through formal training It is generally self-taught

through practice After all, lock picking is really just the manipulation of alock’s components to open it without a key The basic components used topick locks are as follows:

Tension wrenches— These are not much more than a small angledflathead screwdriver They come in various thicknesses and sizes

Picks— Just as the name implies, these are similar to a dentist’s pick.They are small, angled, and pointed

Together, these tools can be used to pick a lock One of the easiest techniques

to learn is scrapping Scrapping occurs when tension is held on the lock withthe tension wrench while the pins are scrapped quickly A good site to learnmore about locks iswww.kickthefog.com/how_works.htm

While this chapter may not go into an in-depth discussion on how lock ing works, this is something that a security professional should know some-thing about A security professional should also understand that it is important

pick-to check the organization’s locks and make sure that your company choosesthe right lock for the right job You may want to consider getting a lock-pickingset to start to learn more about how this is actually performed You will then beable to test your organization’s physical defenses (with permission, of course).Next on our list is phone-hacking tools Actually, phone-hacking toolspredate computer hacking The 1960s and 1970s were the heyday of phone

hacking Phreakers (from ‘‘phone’’ and ‘‘freak’’) typically used phreak boxes

(any device connected to a phone line) to perform their attacks Some of themany types of phreak boxes (or color boxes) are listed here:

Blue box— Free long-distance calls

Red box— Duplicates tones of coins dropped into a pay phone

Tangerine box— For eavesdropping without making a click whenconnected

Orange box— Spoofs caller ID information on the called party’s phoneBefore you get too excited about making free phone calls, just rememberthat the use of these tools is illegal and most do not work on modern telephonesystems The reason that much of this technology worked in the first place wasbecause of in-band signaling In-band signaling simply plays the control tonesright into the voice channel onto the telephone wires New telephone systemnetworks use out-of-band (OOB) signaling, in which one channel is used forthe voice conversation, and a separate channel is used for signaling With OOBsignaling, it is no longer possible to just play tones into the mouthpiece tosignal equipment within the network

box Hacking legend actually has it that Steve Wozniak was so obsessed by the

new technology that he called John Draper and asked if he could come visit

him at his UC Berkeley dorm and share his phone-hacking secrets.

Although the phreaking phenomena slowed somewhat as technologychanges enhanced telecommunication security, the culture never actuallydied, and phreaking lives on today in other forms Today you can see that awhole new generation has discovered things such as caller ID hacking Thisphreaking technique gives that attacker the ability to make the caller ID ofanyone appear on the recipient’s phone Phone hacking also played a part

in the HP scandal of 2006 This particular incident featured stories of ting to gain caller lists and determine when and how certain parties were incommunication

pretex-The final category of hardware hacking tools worth mentioning is wireless

Wi-Fi detectors These devices are used to detect wireless networks These

devices can be used for both good and nefarious purposes Just imagine that,

as a security professional, you have been asked to assess an area for anyrogue access points These handheld devices allow you to easily search forwireless signals without carrying around a laptop and more antennas than alocal law-enforcement vehicle For the hacker, these devices make it easy tospot that a wireless signal is present The attacker can always return later withlaptop and gear to attempt a break in

As a security professional looking at hardware to add to your securitylab, this is one piece of equipment that is easy to use and can quickly beused to look for wireless signals where none is supposed to exist This type oftechnology can be used to potentially find rogue or unauthorized access points

I will talk more about this in Chapter 9, ‘‘Securing Wireless Systems,’’ butfor now just consider the effect of someone using your network to downloadmusic illegally, access child pornography, or even use up bandwidth that theorganization has paid for

The Essential Gear

Many things might be included in a network security laboratory Some ofthese items are mandatory (for example, cables), and some things can beadded according to your needs and as they become available or affordable.Here are some of the things that will likely end up in your mix:

Wireless access points

Keyboard, video, mouse (KVM) switches

Surge suppressors and power strips

Although it is possible to contain everything within one computer, youshould have at least two computers (for example, one to attack, and anotherfrom which to launch the attack and monitor network behavior) Your require-ments will vary from time to time based on the scenario that you are modeling.Having a fast processor, a lot of memory, and a bunch of disk space is a big

positive when selecting or building the computers Fast and big are relative

terms whose interpretation changes over time But to gauge these items, let’ssay that your systems need to be 1GHz or faster with 512MB of memory and

an 80GB disk drive Generally, you can get away with a little less memorywith Linux systems More is better

In your network lab, you need a wide variety of cables, as this will allow you

to configure your test network in many different ways Specific configurationsare needed for different scenarios You also want to have some tools that come

in handy for building and testing cables So things such as wire strippers,crimp tools, and punch-down tools might find their way into your toolbox.Crossover and loopback adapters can prove handy, too

a couple to choose from is good Cisco products are so prevalent it is a goodidea to make a point of including some of their equipment in the mix Theirequipment will be found at almost every worksite.

An Internet connection is a necessity You will need to research varioustopics and download software as you use the network in your lab Or youmight find yourself modeling the behavior of an Internet-based attacker Onthe slim chance that you are still using dialup, now is the time to go ahead andmake the upgrade

Having a firewall can prove very valuable, too As a security professional,

you are expected to have an appreciation for these devices and their ties Your firewall could prove to be an important component in some of yourexperiments Day to day, you can use your firewall to protect your primary(home or office) network from the unpleasant things that can occur on thenetwork in your lab If you cannot afford a hardware-based firewall, you canuse one of several good software-based products, such as Kerio Winroute Fire-wall, Netscreen, and Tiny Firewall You can read more about software-basedfirewalls atwww.pcworld.com/downloads/file/fid,8051-order,1-page,1-c, alldownloads/description.html These are discussed in greater detail in thenext chapter

capabili-If wireless networking may be within your security mandate, you need a

wireless access point (And since wireless network segments have become so

commonplace, this is pretty much a ‘‘must have’’ item.)

Don’t forget the logistical details of constructing a network like this Youwill need table space, shelving, power strips, and surge suppressors If youhave an old uninterrupted power supply (UPS) available, you might employ

it, too Plus, with several computers in close proximity, you will probably notwant to have to deal with a bunch of monitors, keyboards, and mice; a KVMswitching arrangement can save a lot of space and much aggravation

N O T E Commercial-quality equipment is much more capable than the products

targeted for the consumer or small office/home office (SOHO) market You will be better off with a real Cisco router, even if it is used and scratched up, than with a

little Linksys router.

Obtaining Requisite Hardware/Software

I hope by this point in the chapter that you are excited about the prospect

of building your network lab and that I have convinced you to proceed Asyou’ve learned, a network security lab could be a valuable asset So now, how

do you start building it? First, consider many of the sources that exist for theequipment that you need Some of these sources include the following:Stuff you already have

New-equipment purchases

Used-equipment purchases

I discuss each of these options in the following sections and provide anoverview of the advantages and disadvantages of each

Stuff You Already Have

Either at home or at work, you are likely to already have a variety of the thingsthat will prove useful in building your own security lab This could rangefrom something as trivial as a handful of Ethernet cables in your desk drawer

to shelves full of spare or retired PCs, switches, and routers

If you are doing this on the job, there are a couple of possible scenarios Isthe spare equipment under your control? If not, you will have to work thingsout with the appropriate supervisors and make sure that use of the equipment

is approved Next, you want to take stock of what is available and make a list

of the things that look like they could prove useful Don’t worry about thedetails at this point You will likely remember the minor gizmos and gadgetslater if you need them Focus on the important items that were mentionedearlier in this chapter Finally, prioritize your list and pick out the things thatyou think will be most useful Keep lists; you will quite likely refer to themlater Remember to start with a small collection of obviously needed items,such as a PC or two, a router, a hub or switch, and a handful of cables It will

be easy to add things later, so try not to get carried away and include two ofeverything in your initial efforts

New-Equipment Purchases

Naturally, you have the option of buying new equipment Sometimes thismight be the easiest way to go as far as getting the job done quickly Theonly problem is that buying retail is most likely the most expensive option

If you don’t have much in the way of retired or spare equipment available,you might have to take this route If you see your lab as a more or lesspermanent addition to the workplace, something that you plan to use on an

Of all the items that we have discussed including in the lab, which one isbest bought new? Many people would agree that the PCs will most impactthe usefulness of the lab Older PCs tend to be somewhat slower and lacking

in important resources, notably memory and video capabilities The prices ofPCs have fallen considerably over the past few years As an example, you canbuy a new Dell ‘‘open source’’ desktop machine starting at about $320 If youare going to put Linux on it anyway, you don’t care that the machine doesnot come with an operating system And if you intend to share one keyboard,display, and mouse with a KVM switch, again, who cares that the price doesnot include a display?

N O T E Watch the prices of memory and hard drives Be careful with regard to

memory prices if you decide to buy new computers It is often cheaper to buy your own memory and stuff it in the machine yourself And when it comes to hard

drives, look for the breakpoint in the pricing where there seems to be an

extraordinary price jump relative to the increase in drive size That is the ‘‘sweet

spot’’ in the market.

Used-Equipment Purchases

If you are building your own security lab for home use, this may be the mostviable option for obtaining some of the needed equipment Although thisroute does require a bit more work, you can save a substantial amount ofmoney It also spurs creativity, and that is a valuable skill in the networkingand IT security field Employ a bit of imagination Who sells used computers,networking equipment, and pieces and parts? You will find no shortage offolks who sell used stuff Independent computer stores might have odds andends that they would love to clear out of the way You might encounterdemonstration items or things that fall into the ‘‘open box’’ category In retail,this is sometimes called B-stock Some companies specialize in exactly thiskind of thing With a little web browsing, you are likely to discover sev-eral of them, such as www.liquidation.com and www.gordonbrothers.com

And don’t overlook the obvious; the yellow pages may lead you to discoversources like this.

In addition, some ‘‘flea market’’ vendors specialize in used computer ment As an example, in my hometown of Dallas, they hold a computerflea market twice a month This is a paradise for computer nerds, who canlikely find almost everything they need at a substantial discount Check out

equip-www.sidewalksale.comif you’re going to be in the north Texas area Otherareas also set up such events; just ask around and check local resources Whoknows — you might find some useful items

Computer companies often sell refurbished systems and components times these items are returned by those challenged by a simple software orhardware problem, such as a missing software driver, or they have comeback on a lease, or maybe there was a minor cosmetic defect or a trivial partwas missing Whatever the reason that motivates the seller, you can oftenfind systems or significant components at very low prices, well below retail.Some manufacturers outsource refurbished equipment that is returned Often,the affected products are sold through various channels such as the Internet.Although the risk is higher than with new equipment, the savings can besubstantial Just do your homework first Check out the reviews for variousitems and determine whether others are reporting them as error prone orhigh quality Sites such as www.epinions.comand http://reviews.cnet.com

Some-report on specific products and hardware

Online Auctions

eBay pioneered the online auction segment of the market back in the mid 1990s.Online auctions are a little different from the bidding process that many of youmay be familiar with Online auctions award the winning bid to the high bidder.This bid may have been placed three days before the auction’s closing or mayhave been made three seconds before the auction’s close Some individualsactually enjoy watching the last few seconds of the bidding process so thatthey can snipe the bid from another potential buyer just seconds before theauction ends For the seller, there are usually seller fees, a portion of the profitsthat goes to the auction site Buyers will want to look closely at any additionalfees or charges that are placed on the final bid There is also the issue that someindividuals may be running scam auctions in which they have no intention ofever sending you the goods purchased or may even misrepresent the goods asusable when they are in fact damaged Here are some common tips for buyers:Bid low so that you don’t end up overpaying for the goods or services.Ask questions of the seller if you want to know more about the itembeing sold