temporary virtual machines
Problem
- exercises need certain scenarios
- preparations need time and might fail
- trouble before exercise even starts
Idea and Goal
- reduce setup time
- automate repetitive tasks
- one-click installer for scenarios
Challenges
- Automation
- Networking
- Monitoring
- Distribution
Technologies
Vagrant
software for automatically creating and configuring virtual machines
Vagrantfile
VAGRANTFILE_API_VERSION = "2"
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
config.vm.box = "ubuntu/xenial32"
# add a private network
config.vm.network "private_network"
# provider-specific settings
config.vm.provider :virtualbox do |vb|
vb.gui = true
vb.name = "Friendly Name"
end
# run a shell script
config.vm.provision "shell", path: "script.sh"
end
recipe for virtual machines
Box
snapshot of a virtual machine
Hypervisor
services used for creating and running virtual machines
(Providers)
- read Vagrantfile
- import box
- create VM on hypervisor
- configure network adapters
- boot VM
- apply customizations
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Importing base box 'ubuntu/xenial32'...
==> default: Matching MAC address for NAT networking...
==> default: Checking if box 'ubuntu/xenial32' is up to date...
==> default: Setting the name of the VM: ubuntu-xenial-16.04-cloudimg
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
default: Adapter 1: nat
==> default: Forwarding ports...
default: 22 (guest) => 2222 (host) (adapter 1)
==> default: Running 'pre-boot' VM customizations...
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
default: SSH address: 127.0.0.1:2222
default: SSH username: ubuntu
default: SSH auth method: password
default:
default: Inserting generated public key within guest...
default: Removing insecure key from the guest if it's present...
default: Key inserted! Disconnecting and reconnecting using new SSH key...
==> default: Machine booted and ready!
vagrant up
temporary virtual machines
for Networking Exercises
Creating Boxes
- pre-configure VMs once
- reduce download traffic on setup
- save time on VM creation
- one file for redistribution
Custom Boxes
fhhgb/headless
fhhgb/desktop
- user configuration
- localization
- web server
- desktop environment
- browser
- wireshark
router, server, etc ...
testing, monitoring
Networking
- Port Forwarding
- Private Network
- Public Network
- Custom via scripts
Monitoring
Distribution
Boxes
Exercises
- hosted in a repository
- preinstalled on workstations
- network share
- online platform
shared as archive via ...
Workflow
Test Scenario
- Honeypot: server running honeyd
- Attacker: desktop machine
Test Scenario
- Router
- External: webserver
- Internal: desktop with browser and wireshark
Test Scenario
- Router
- External: webserver
- Internal: desktop with browser and wireshark
- DMZ: server supposed to have limited access
- save time and other resources
- eliminate common pitfalls
- high flexibility in network design
- add hidden features for students to explore
Pro
- a lot of initial work
- new and unknown technologies
- confusion due to high level of abstraction
- bleeding edge technology, frequent system changes
Contra
Conclusion
temporary virtual machines
By doebi
temporary virtual machines
- 1,196