Читать книгу CompTIA CSA+ Study Guide - Mike Chapple - Страница 8

You can practice many of the techniques found in this book using open source and free tools. This section provides a brief “how to” guide for setting up a Kali Linux, a Linux distribution built as a broad security toolkit, and Metasploitable, an intentionally vulnerable Linux virtual machine.

What You Need

To build a basic virtual security‐lab environment to run scenarios and to learn to use the applications and tools discussed in this book, you will need a virtualization program and virtual machines. There are many excellent security‐oriented distributions and tools beyond those in this example. As you gain experience, you may want to explore tools such as Security Onion, the SANS SIFT forensic distribution, and CAINE.

Running virtual machines can require a reasonably capable PC. We like to recommend an i5 or i7 (or equivalent) CPU, at least 8 GB of RAM, and 20 or more gigabytes of open space on your hard drive. If you have an SSD instead of a hard drive, you’ll be much happier with the performance of your VMs.

VirtualBox

VirtualBox is a virtualization software package for x86 computers, and it is available for Windows, MacOS, and Linux. You can download VirtualBox at https://www.virtualbox.org/wiki/VirtualBox.

If you are more familiar with another virtualization tool such as VMware or HyperV, you can also use those tools; however, you may have to adapt or modify these instructions to handle differences in how your preferred virtualization environment works.

Making It Portable

You can also build your lab so you can take it on the road by using a portable version of VirtualBox from www.vbox.me. Just follow the instructions on the site, and put your virtual machines on an external drive of your choice. Note that this is typically a bit slower if you don’t have a fast USB drive.

Kali Linux

Multiple versions of Kali Linux are available at https://www.kali.org/downloads/, and pre‐built Kali Linux virtual machines can be downloaded at https://www.offensive‐security.com/kali‐linux‐vmware‐virtualbox‐image‐download/. We suggest downloading the most recent version of the Kali Linux 64‐bit VBox virtual machine.

Metasploitable

You can download the Metasploitable virtual machine at

https://sourceforge.net/projects/metasploitable/.

Usernames and Passwords

Kali’s default username is root, and the password is toor.

The Metasploitable virtual machine username is msfadmin, and the password is msfadmin.

If either system will ever be exposed to a live network, or you don’t know if they will be, you should change the passwords immediately after booting the virtual machines for the first time.