temporary virtual machines

Problem

  • exercises need certain scenarios
  • preparations need time and might fail
  • trouble before exercise even starts

Idea and Goal

  • reduce setup time
  • automate repetitive tasks
  • one-click installer for scenarios

Challenges

  • Automation
  • Networking
  • Monitoring
  • Distribution

Technologies

Vagrant

software for automatically creating and configuring virtual machines

Vagrantfile

VAGRANTFILE_API_VERSION = "2"

Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
    config.vm.box = "ubuntu/xenial32"
    
    # add a private network
    config.vm.network "private_network"
    
    # provider-specific settings
    config.vm.provider :virtualbox do |vb|
        vb.gui = true
        vb.name = "Friendly Name"
    end
    
    # run a shell script
    config.vm.provision "shell", path: "script.sh"
end

recipe for virtual machines

Box

snapshot of a virtual machine

Hypervisor

services used for creating and running virtual machines

(Providers)

  1. read Vagrantfile
  2. import box
  3. create VM on hypervisor
  4. configure network adapters
  5. boot VM
  6. apply customizations
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Importing base box 'ubuntu/xenial32'...
==> default: Matching MAC address for NAT networking...
==> default: Checking if box 'ubuntu/xenial32' is up to date...
==> default: Setting the name of the VM: ubuntu-xenial-16.04-cloudimg
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
    default: Adapter 1: nat
==> default: Forwarding ports...
    default: 22 (guest) => 2222 (host) (adapter 1)
==> default: Running 'pre-boot' VM customizations...
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
    default: SSH address: 127.0.0.1:2222
    default: SSH username: ubuntu
    default: SSH auth method: password
    default:
    default: Inserting generated public key within guest...
    default: Removing insecure key from the guest if it's present...
    default: Key inserted! Disconnecting and reconnecting using new SSH key...
==> default: Machine booted and ready!

vagrant up

temporary virtual machines

for Networking Exercises

Creating Boxes

  • pre-configure VMs once
  • reduce download traffic on setup
  • save time on VM creation
  • one file for redistribution

Custom Boxes

fhhgb/headless

fhhgb/desktop

  • user configuration
  • localization
  • web server
  • desktop environment
  • browser
  • wireshark

router, server, etc ...

testing, monitoring

Networking

  • Port Forwarding
  • Private Network
  • Public Network
  • Custom via scripts

Monitoring

Distribution

Boxes

Exercises

  • hosted in a repository
  • preinstalled on workstations
  • network share
  • online platform
  • mail

shared as archive via ...

Workflow

Test Scenario

  • Honeypot: server running honeyd
  • Attacker: desktop machine

Test Scenario

  • Router
  • External: webserver
  • Internal: desktop with browser and wireshark

Test Scenario

  • Router
  • External: webserver
  • Internal: desktop with browser and wireshark
  • DMZ: server supposed to have limited access
  • save time and other resources
  • eliminate common pitfalls
  • high flexibility in network design
  • add hidden features for students to explore

Pro

  • a lot of initial work
  • new and unknown technologies
  • confusion due to high level of abstraction
  • bleeding edge technology, frequent system changes

Contra

Conclusion

temporary virtual machines

By doebi

temporary virtual machines

  • 1,196