Jump to content

Penetration Testing in Safe Environment (Safe Internet Connection)


Recommended Posts


I am new to this forum so if this thread needs to be moved somewhere else, please let me know. Sorry in advance.

I have built a hacking lab for testing purposes. I have a target router which leads to a MitM device and a switch. The switch connects two target machines and a hacking machine.
I want to supply internet access to the two target machines by connecting the router to my main router, thus giving it internet access (currently the router is not supplying internet).

I have heard it is a bad idea to give labs internet access (for obvious reasons). Is there a safe and secure way of doing this that doesn't raise a high/moderate change of comprising the network outside of my hacking lab?
I have heard of people using VPNs to secure their network. I just haven't really seen it done in this aspect.

Any advice in doing this would be super great!

Link to comment
Share on other sites

It depends on what type of testing you are doing. The big thing you want to avoid is allowing the outside world get access to your machines so as long as you don't set up NAT or PAT pointing back in then that should be taken care of by default.

For a basic lab for testing things like MitM or exploitation then I don't see there being any problem with giving the lab connectivity. If you are playing with worms or testing malware then that is the type of thing that could get out and cause problems so obviously you want that in a locked down environment.

Link to comment
Share on other sites

  • 2 months later...

Like digininja stated there is nothing wrong with having your lab on the network.  I will say though that I have a second router connected to my main router that uses a hidden SSID.  This router then is the network which contains my lab network so they are on a separate subnet than my home subnet. I can then VPN into my server on my lab network and the only computers on that network are the lab computers.  This way should someone get into my VPN by some freak incident they are only exposed to my lab network and not my home network.  Then to top things off the only port open on my external router is my VPN port which is changed to an obscure port number to prevent anyone scanning the router from knowing what is on it.  Then my VPN server also hosts a web server which is not exposed to the outside network.  This web server contains various steps that one must take to then startup an SSH server or VNC or FTP server for my server computer when I am away.  If someone is able to figure out all of these steps and get into my lab network and then get figure out the steps to start my other servers on it I'm screwed anyway.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...