With DerbyCon three weeks away, I’ve started ramping up by reading books on security and getting a laptop setup for the training. It’ll be 12 hour days of veterans and noobs showing off their black and white hat stuff.
The training requires a laptop with 2 virtual machines setup; one for XP and one for BackTrack Linux (Ubuntu). When it comes to virtualization, my inclination was to use Microsoft’s Hyper-V. The internet quickly informed me that my Windows 7 laptop isn’t able to support Hyper-V… It also informed me that Oracle’s VirtualBox has no problem running on Windows 7 and doing what I need and is free. I do enjoy eating out of Microsoft’s dog bowl, but they often do things like this that “force” me to leave their nest. Sort of like when they dragged their feet on getting a good ORM so we “had” to use SubSonic (which I heard rumors that it was mostly created by MS or ex-MS eployees) because it was so elegant and efficient at generating all that ADO nonsense 🙂 Anyway…
Virtual Box comes with many OS flavors ready to go.
Setting up a VM with BackTrack Linux was as easy as following the instructions here: : http://www.backtrack-linux.org/wiki/index.php/VirtualBox_Install
The goal of the preparation will be to have a virtual network with 1 server running XP (or whatever you want to run security checks against) and one running Linux where you simulate attacks against the XP box. My goal in learning this is more to teach myself about Web and WinForms Application security. There are a lot of people that know the networking side and it appears that the industry thinks it has a good handle on that side with firewalls and patch management and tripwire type programs to watch the perimeters. I’m more interested in how nations full of growing computer scientists might dismantle my humble web applications and how to stop them from embarrassing me.
Look forward to more technical posts in the coming month.