394 CHAPTER 10 Building penetration test labs OSs connected to it. This would allow the virtual systems to communicate with each other, but nothing else. This is an important part of the security within a virtualized environment and is very applicable to your work with penetration testing. By creating a virtual network and keeping it isolated to the virtual machines running on the host, you can create an environment that simulates network communication without actually risking the possibility of those virtual machines connecting to your actual physical network. In addition, there is now an effort to create virtual networks that are not necessarily just for connecting virtual hosts together. We'll discuss some of the tools for this in the Open Source Tools section of this chapter, but for now you should be aware that developers are creating virtualization software which allows you to simulate entire networks within a virtual environment. This includes objects such as switches, routers, VPNs, etc. By virtualizing networks in this manner, you can create a safe, isolated envi- ronment for simulating all sorts of network behavior. From the penetration tester's point of view, this can give us a playground for testing network devices or per- forming attacks such as ARP poisoning without impacting actual physical networks. 10.4 OPEN SOURCE TOOLS There are a number of software packages which allow you to do virtualization, both commercial and open source. In addition, there are some free-to-use packages that are not open source, but are available at no cost. Examples of this are VMware ESXi and Microsoft Virtual PC. Since the focus of this book is open source tools, we will be looking at two of the most popular virtualization software options: Xen and VirtualBox. 10.4.1 Xen Xen is an open source hypervisor available at http://www.xen.org. Its architecture fits into the standard virtualization architectures that we discussed in the Core Technologies section of this chapter. The only exception to this is that on top of the hypervisor layer, Xen uses a "Domain 0" (Dom0) concept where Dom0 is a privi- leged guest within the hypervisor which allows for direct hardware access as well as management of the other unprivileged guests. Xen is able to be run either as a LiveCD or by installing it on your target system. This install can be done through an existing Linux install on the target or from the LiveCD. If you are planning on using Xen long term, it is always recommended that you install it on the target versus running with the LiveCD. The feature set of Xen is very robust and includes some very important func- tionality such as: High performing virtual machines Ability to migrate live virtual machines between hosts