Monday, April 29, 2013

MACCDC 2013, A Blue Teamer's Lessons Learned: Part 2 - Staging a Lab

This is the second part of a series of blog posts I'm writing to relate the various things I learned from getting to experience the glory that is MACCDC.  Here is a "table of contents" which I'll update with relevant posts:

#2 - Preparation (staging a lab)

#4 - Game Time

Preparation: Staging a Lab

If possible, teams should stage ESXi servers with VMs emulating the systems they can expect to see at MACCDC.  These VMs are nothing more than basic installations including Windows 2000 (yes, really), Windows XP, Windows Server 2008, Ubuntu and more with web applications or other services.  These systems can be staged and a scenario could be executed similar to that for MACCDC to get an idea of what's involved in securing each system.

Speaking from experience, if the centralized lab cannot be easily worked out or it turns out to be unreliable, team members should fall back on using VM Workstation and working with the VMs one at a time.  The independent work can be performed between sessions where the main ESXi server is available or if there isn't an ESXi server at all.

Continue reading MACCDC 2013, Part 3