Have you tested your network using a breach and attack simulator? If not, Jack Wallen shows you how with Infection Monkey.
Your business probably uses quite a large number of systems on your network and you are probably the administrator who maintains those systems. One question you might often ask yourself is, “How secure are our servers and desktops?” Or maybe you’re the company cloud admin. How secure is that cloud? Have you found an answer to that question?
With the help of Infection Monkey, you might be able to finally have those answers. With Infection Monkey, you can simulate credential theft, compromised machines, and other security flaws, all from a user-friendly, web-based GUI.
Infection Monkey is free, open source and includes features like:
-
Continuous, in-depth testing
-
Report generation
-
Attack move visualization
-
Scalable to meet your needs
Infection Monkey can be deployed on premises or to your cloud platform (such as Azure, AWS, and Google Cloud). No matter where you deploy it, you can then use the tool to simulate attacks.
I’m going to walk you through the process of installing Infection Monkey on Debian Server, for LAN simulations.
SEE: Windows 10 security: A guide for business leaders (TechRepublic Premium)
What you’ll need
In order to deploy Infection Monkey on your network, you’ll need a running instance of Debian server and access to the root account on that machine. You’ll also need the .deb installer file, which you can access once you sign up on the Infection Monkey download page.
How to install Infection Monkey
The installation is actually quite simple. After you’ve downloaded the installer file, open a terminal window, su to the root user, change into the directory housing the .deb file, and issue the command:
dpkg -i monkey-island-debian.deb
The above command will error out. Fear not, we can fix that with the command:
apt install -f
The apt command will fix all of the dependencies and then finish up the installation.
How to access Infection MonkeyÂ
After the installation completes, open a web browser and point it to https://SERVER_IP:5000 (where SERVER_IP is the IP address of the hosting server). You will be greeted by a login window (Figure A).
Figure A
All you need to do here is type a username and a password. Enter those two bits of information and click Let’s Go! and you’ll be logged in to the Infection Monkey system, where you can configure and launch your first simulation (Figure B).
Figure B
Click Configure Monkey. In the resulting window, go through the tabs and enable/disable any of the attacks you want to simulate on your network or cloud (Figure C).
Figure C
After you’ve configured an attack, click Submit to save. Next, click Run Monkey in the left navigation and then click Run on a machine of your choice. In the resulting window, select the type of machine you’ll be testing (Figure D).
Figure D
Below the machine type selector, you will be presented with a command to run on the chosen machine. Copy that command and then paste it into a terminal on the machine to be tested. The test will run. As the test runs, click on the Infection Map entry in the left navigation to see the machine being tested (Figure E).
Figure E
The testing will take some time, so let Infection Monkey do it’s thing while you handle another admin task. The Monkey will traverse your network and start looking for connections that could lead to malicious behavior or are open to vulnerabilities. When the testing completes, you can view the Infection Map to see the results.Â
Note: If you’re curious, you can always view the interactive Infection Map as the test runs.
And that’s all there is to installing and using Infection Monkey to test your network for known vulnerabilities and exploits. Give this system a try and see what it reveals–you might be surprised at the results.
And not in the good way.