Appendix A

Building a Virtual Attack Test Lab

The space within becomes the reality of the building.

— Frank Lloyd Wright

We all live every day in virtual environments, defined by our ideas.

— Michael Crichton

After reading this book, you probably have an idea of how vast the set of technologies involved in virtualized and cloud environments is. It contains numerous hypervisors, dozens of management tools, and almost countless overall configurations.

This appendix describes setting up a lab environment for testing and experimentation, for both the virtualization components and virtualized servers. As an example of using the environment, this appendix further describes setting up the Backtrack Linux penetration testing virtual machine (VM) and some intentionally vulnerable VMs available from The lab environment basically is divided into three tiers:

  • One gateway host that does NAT but does not allow inbound connections
  • Three hypervisors (Xen, ESXi, KVM)
  • Various VMs

Every part of this setup is optional. For example, you can eschew setting up the gateway host and connect your hypervisors directly to your network. You can opt to use only one of the three hypervisors. You can set up all, some, or none of the virtual machines that are described.

Components of the Virtual Penetration Testing Lab

Before you dig into the thick of installing components, you can read through some general architectural considerations. It may be worthwhile to read through this appendix once ...

Get Securing the Virtual Environment: How to Defend the Enterprise Against Attack, Included DVD now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.