On the attack: setting up your own cyberlab

The testing of applications and hardware becomes easy with a virtual lab.

Managed service providers (MSPs) or IT departments wanting to research and provide security services and solutions should seriously consider setting up their own cyberwarfare research lab that replicates their small business servers and workstations. The idea is to then ‘virtually’ infect the servers, break workstations and experiment with configurations, vulnerabilities and features. It’s a bit of an undertaking, but it can be invaluable in understanding all the complex layers of the modern network while providing the MSP or IT department the opportunity to plan and document security best practices.

With customers and security professionals demanding more integrated solutions, security features are increasingly being built into network printers, UPSes, wireless access points, switches and, of course, actual firewalls. These features are switched off by default, which has given rise to some interesting internal vulnerabilities - such as lockouts, bricks or denial of service of devices and networks.

From a practical learning perspective, the SME network looks the same no matter what sort of business it is. Every business has some sort of server/file-share set-up, with workstations and firewall/router and core switch - even if that switch is the four ports on the back of a router. Most SMEs also have wireless of some sort, possibly built into the router or firewall. Today, it would also be a pretty rare scenario where the business did not have at least one network-attached printer.

As an example of what you can find with your own cyberlab, I spent the past month assembling some typical SME hardware devices and examining their security features, and found that not a single device demanded a change from the default password. As a basic payment card industry (PCI)-compliance requirement, all of these devices fail out of the box unless you spend some time changing defaults. These features all ‘work’, but what they don’t do is work securely.

SME IT departments and MSPs are going to be successful only if they can provide secure, predictable and reliable systems for their customers. The opportunity to experiment with configurations and system changes with no risk to production networks is a huge value-add. So simply being able to understand what typical network activity looks like between a domain controller and workstations can help troubleshoot the most difficult customer support calls.

The ability to test back-up and disaster recovery plans, new or updated applications and new hardware becomes very easy with a small investment in a virtual lab. It is important to replicate the environment that you’re likely to encounter so you can observe the consequences of dangerous configurations, hostile infections and malicious activity. The key here is to look at the mitigations against those threats and understand how the environment might be secured.

Ian Trump is Security Lead at LogicNow, a global provider of cloud-based IT security and solutions for the managed services provider community.