Jump to content

My very own lab, version 1


fearnothing
 Share

Recommended Posts

Morning all,

I've been lucky enough to get myself a spot in a top-notch SOC. While I'm a smart kid, I'm still a long way from being an expert, and one of the steps on the road to becoming a security zen master is a way to learn all the stuff I won't learn on the job. Hence, personal lab is required. I've had some ideas, and some advice from a good friend who knows what he's talking about, and some of his advice was to ask you guys for thoughts.

My main goals for a lab are:

- Proxy server

- Firewall

- VPN

- Some sort of basic NIDS/NIPS

Additional goals, but these are stretch goals:

- DHCP

- Start learning about AD

- Pen testing

- Malware analysis

My budget isn't huge but I can probably stretch to close to €1,000 at the minute.

I'm still working on the details, which is where I hope you can come in with some thoughts. Firstly, hardware. I'm thinking that I can get a shuttle/HTPC box and max out the RAM (16GB or even 32), then virtualize most of the functions with ESXi. Should I plan for more than one physical box or is one enough for now?

For OS, I want to do as much with Linux as possible because although I've used it, I'm still pretty green. Are there distros you would recommend for this? Bonus points for the less dependency headaches I have with installing the various software packages.

I've only done a very small amount of exploration on applications, enough to suggest that squid might be a good place to start for a proxy but no more than that really.

Walkthroughs, guidance, instructions - I know what it's like to be constantly pestered by newbies on really basic questions so if you can point me at resources that will help to save me from asking them, that would be great. I have a couple of books that I'm sure will have some relevant stuff in, but they're not exactly tailored to this specific task - if you know of more that will be a good idea for me to read for this purpose, please say so.

Finally, if I also plan on setting up a media server, could this be done on the same machine or should I avoid that?

Thanks for your time,

fearnothing

Edited by fearnothing
Link to comment
Share on other sites

ESXi version is completly free. it got some minor things you need to do manualy. Like taking backups and such.

Also they limit the memory to 32GB per cpu. But for small businesses and own use its perfect :)

for small clients we use i7 with a decent mobo. ( also if you need usb pass-through your cpu needs a special visualization option )

You could also go for something like this:

http://thehomeserverblog.com/esxi/esxi-5-0-amd-whitebox-server-for-500-with-passthrough-iommu-build-2/

If you really want it to be fast trow in a SSD for storage.

For AD learning. maybe you can start of with a old server 2003 license ( they still got 2015 support, DONT TAKE SBS )

other option are buying a real cheap ass server or 2nd hand server that supports ESXi

You could run like a network share server on this. But media server isn't really a option. ( esxi doesn't give a screen output ) So your better off using something like a pi or odroid or ... for media server and maybe use the esxi as a storage. Or if your tv supports DLNA you could try that.

Link to comment
Share on other sites

The free product is vsphere hypervisor http://www.vmware.com/products/vsphere-hypervisor I think.

I'd suggest reading this from Carlos, very good write up on his lab http://www.darkoperator.com/blog/2014/1/10/my-new-home-lab-setup and search for Joe McCray and his lab build. He did a video on it last year, not sure if it was made public as it was a webinar for people who registered. I got a copy but as a mate and don't know if I can share it or not.

You've mentioned some goals for the lab but what is your overall goal, learning to install, configure, hack, secure, bypass? It makes a difference to a degree.

You say you want to learn Linux so pick a distro and start there but when you've got it how you want shut that one down and pick a different one. I'd definitely look at Ubuntu, Debian and CentOS, the first two very similar but different enough to justify doing both.

Link to comment
Share on other sites

For looking at hardening and Linux I'd definitely look at installing multiple distros. I'm a Debian user as I like the minimal amount of stuff it installs by default compared to the amount of bloat that Ubuntu, even the server version, installs. I'd install these two along with CentOS and maybe Suse and compare them out of the box. Most admins make very limited changes, usually just enough to get things running, then leave alone. If you can find things you can leverage in a default install then that is the start of hardening.

There are various guides, check out NIST checklist program http://web.nvd.nist.gov/view/ncp/repository .

If you can get access to a pro Nessus feed then look at the compliance checking that it does as well.

If you want to save some cash then you can easily run single Linux VMs on a quite low powered PC so don't need a big chunky server. It is nice to have one though.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...