Much Thanks to all who have replied, both on & off list. Giving the students root access & imaging their workstation drives is by far the most popular answer, and is the way we will proceed. Now for one more question, any suggestions for a good open source disk imaging package? I've identified several possible choices, but have not had time to evaluate them yet:
CloneIt - http://www.ferzkopp.net/Software/CloneIt/index.html G4U - http://www.feyrer.de/g4u/ Partition Image - http://www.partimage.org/ WebClone - http://sourceforge.net/projects/webclone/ Again, any comments/recommendations will be greatly appreciated. Please answer off list, unless others express interest in this matter. Coral -----Original Message----- From: Coral J. Cook [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 29, 2002 1:16 PM To: [EMAIL PROTECTED] Subject: Training Lab Question This may be a bit off-topic, but I'd like some feedback on the following issue: I'm in the process of setting up a Pen Testing training lab. The lab consists of a network of target hosts and a network of attack hosts (student workstations). The student workstations running Slackware 8.x (current). Here's my question? What is the best/safest way to allow the students to run the tools (mostly nmap and various sniffers) that need root privileges for full functionality? Should I just make those tools suid root or should I use sudo? Are there any other alternatives? Thanks in advance. Coral ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
