Is it ok to set up and run a private pen testing machine?

May 16, 2017 454 views
Security
2 Answers

Hi @tech662076

We cannot give you an official answer, since this is the community forum (user-to-user support).
You need to contact support by creating a ticket in the control panel.

@tech662076

From my previous tickets on stress testing, generally it's ok as long as it's not detrimental to service in terms of thrashing the disk or completely overloading the CPU to the point it begins to affect others.

As far as pen testing, normally I keep things like that local -- such as a dual boot w/ Kali Linux. I'm not sure on DigitalOcean's stance as far as running such on their network, so that one you'd want to get in touch with them on.

  • Thanks for the response. The machines being tested won't be DO machines. I am looking to do pen/stress (most importantly pen tests) against machines and IP addresses we control. The idea is to do the tests from the outside. We are a current DO customer, if that matters. We wouldn't need to hit those machines or at least stress test them.

    • @tech662076

      The note about stress testing would still apply if you're using software that spawns multiple processes to do said testing. As long as what you're doing doesn't impact service, then I'd say you'll be fine.

      Some software does indeed spawn multiple child processes, span across multiple threads, and has the ability to really load up the host node, even when the target node is where you would think the load would result.

      ...

      In regards to the pen testing, I'd still go through support on that one as that's not something I've inquired about before. My initial thought would that as long as the intent is not to do damage, you'd be fine, though you'd also need to ensure that security is properly managed on those nodes as if they are broken in to (hacked), it's your account and you're going to be the one that's responsible -- whether you used the tools or not.

      That said, that's not just with DigitalOcean, that'd be the case with any provider.

Have another answer? Share your knowledge.