There's a little and not well-known jewel available from Microsoft that can help put an end to the "I don't have a good test environment" syndrome and take your security skills to the next level. It's called the Microsoft Action Pack.
@45127 The Action Pack is for Microsoft consultants, systems integrators, VARs, developers and others who are part of the Microsoft Partner Program. I was turned on to the Action Pack by a colleague of mine last year and I must say that the $299 I invested was well worth it. Why do I like it so much? All of the Microsoft software you get comes for such a small price. Many of the programs even come with a 10-user Microsoft license. Just about everything Microsoft puts out is in the package -- from client applications to server databases, including:
- Windows Server 2003
- Small Business Server
- Windows Vista Business
- SharePoint Server
- ISA Server
- Exchange Server
- SQL Server
- Virtual PC
With this package, you can set up an environment and scan for vulnerabilities, exploit missing patches, crack passwords, practice your system hardening techniques, whatever -- all on a shoestring budget.
The Microsoft Action Pack is updated quarterly so you can keep up with the latest and greatest -- including certain beta software like Windows Server 2008 Enterprise. As of November 30, 2007, Microsoft requires Action Pack subscribers to sit through an online course and pass an associated test with a score of 70% or better and maintain their partner status. This is an effort to weed out people trying to obtain "cheap" software for business purposes that should otherwise be purchased through normal channels. Be sure to read Microsoft's licensing and eligibility requirements to make sure the type of business you have and what you want to do with the software is permitted.
If you qualify for the Microsoft Partner Program, the Action Pack provides a very cost-effective way of setting up a lab environment to learn about security. You can create a non-production network and bang away at Microsoft-based systems to your heart's content. This type of hands-on learning in a non-critical test environment builds a foundation for gaining and maintaining information security knowledge. Plus you'll get the added benefit of learning about all the ins and outs of Microsoft's software, which will not only enhance your career but also add value to your organization and to your customers as a whole. Sounds like a good investment to me.
About the author: Kevin Beaver is an independent information security consultant, keynote speaker and expert witness with Atlanta-based Principle Logic, LLC, where he specializes in performing independent security assessments. Kevin has authored/co-authored seven books on information security, including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley) as well as The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He's also the creator of the Security On Wheels information security audio books providing security learning for IT professionals on the go. Kevin can be reached at firstname.lastname@example.org.