Home Lab Setup | Building an Effective Cybersecurity Learning Environment
Home or online labs are crucial for advancing your cybersecurity career as a SOC Analyst or Penetration Tester. It is also a great way to gain the hands-on experience and talking points needed to succeed in job interviews.
Disclaimer: This is only a guide and not inclusive of every single tool in the industry. It’s in your best interest to research via Google and YouTube as well for additional information..
Home Lab Setup
Having a home or online lab is crucial for advancing your career in cybersecurity. It is also a great way to gain the hands-on experience and talking points needed for succeeding at interviews and getting the job you want. You should be willing to try and break things in your lab; experiment! Troubleshooting errors and solving problems in your lab will help you to learn the ins and outs of hardware, software, and networking. Additionally, it will give you the ability to talk about tools, techniques, and procedures used in the real world. Although most of your tools may be free and have a different name, the concepts of network monitoring and defense will be the same.
Learning and understanding networks will give you a very valuable skillset for your cybersecurity journey. While it is not necessary, you should consider purchasing a separate router and connecting it to the one already given to you by your service provider. It helps keep your lab environment isolated from your home environment. Also, spend some time becoming familiar with the service provider’s router as well. Chances are, it has a default username and password that hasn’t changed. Login into the router’s console and take a look at the current settings and options. You may want to customize settings for IPv6, have static IP addresses for your devices, or customize the IP addressing schemes as a means of providing better security.
Hardware is crucial because it will contain most, if not all, of your processing power and memory. If you’re just starting, you should be just fine using your laptop. Today a typical laptop can host 2-3 virtual machines without any issues. If you want to step it up, you can use Mac minis, Zotac boxes, or similar portable servers. Feel free to customize your systems! Once you have some lab experience and you’re ready to take things to the next level, you can purchase refurbished servers. Just keep in mind that they may require additional power sources and cooling.
A hypervisor comes in two forms, Type I Type II. We will most likely start with a Type II. It is software that allows you to use the processing power of your hardware (laptop/CPU/server) to create and operate virtual machines (VMs). Think of it as having a computer inside a computer. Virtualization is great because it allows you to quickly create a VM and save the state of that VM so you can “revert” back to the point if you need to. It is excellent for testing and development environments. Examples of popular virtualization software include VirtualBox (Free), VMware Workstation Player (Free), VMWare Fusion ($79), VMWare Fusion Pro ($159), or Hyper-V (Free Install). All software can work on various operating systems. VMware also has available software called ESXi that allows you to install Virtual Server Software on a physical server. It is excellent for when the number of required VMs gets too high for your computer/laptop to manage.
I’m a fan of VMware due to its interface and ease of use on a Mac. VirtualBox has come a long way from its inception. Since I often create separate networks in my lab, VirtualBox easily allows me to create them and assign my VM interfaces to them. VirtualBox also will enable you to put your VMs into groups in case you need to start and stop multiple VMs at the same time. Because I like them both (VirtualBox and VMWare Fusion Pro), I use both of them at the same time. Yes, I footed the bill for the Pro version of VMWare.
As experience with your lab grows, you will notice that the ability to use virtualization will get addictive, and you will want more machines. It will require more space and processing power. Some leading cloud providers allow you to create VMs with the click of a button. Look into Digital Ocean, Amazon AWS, The Google Compute Engine, and Microsoft Azure. In case you want to scale later, it would help do some comparison shopping and interface familiarization to find the best service for your needs.
Network Monitoring and IDS/IPS
It is imperative to monitor your network so you can better understand the types of traffic and information that may flow through it. It is also good to understand “why” everything works the way it does. An excellent tool for the protocol analysis aspect of networking monitoring is Wireshark. Regardless of what area of cyber interests you, becoming familiar with Wireshark is the way to go. You can install it on any operating system.
Another great free option is Security Onion. Doug Burks and the Security Onion Solutions team consistently produce ISOs with updated builds, so be sure to keep your instance up to date. It runs on Linux, which you can get for free, and includes monitoring and log management tools. You can get it up and running in about 8 minutes, just remember to increase your processing cores (2) and RAM (40 GB), and add a new interface ;-).
Being able to detect vulnerabilities is another crucial part of network defense and exploitation. Just like any other technology, there are many different tools available. Now, finding vulnerabilities is a little different than finding malware. For that, you can use any of the 60 or so antivirus engines out there. We’ll also save that for a later date.
An excellent place to start is with the Nmap Scripting Engine (NSE). It’s free, and it contains hundreds of scripts that you can use separately or chained together to serve as your vulnerability scanner. Additional options include:
- OpenVAS which comes preinstalled in Kali Linux
- Nessus which is free for the first 16 IP addresses
- Retina, which is free for the first 256 IPs
Oh, yes, the firewall. Just like signatures, the firewall is only as good as its access control list, and attackers will continuously try to work around both. No matter the operating system, you should familiarize yourself with your host-based firewall. It is always good to know what ports and services are allowed in and out of your host. For Ubuntu Linux users, you should learn about Iptables.
If you wanted to take it a step further, I’d invest some time and energy getting familiar with pfSense. Besides being free, pfSense can also serve as your router, VPN solution, and much more. The pfSense install and configuration are a bit advanced, so be sure to take your time, watch plenty of YouTube tutorials and practice, practice, practice!
Security Information and Event Management (SIEM) Tools
SIEM tools are perfect for analyzing various types of data inputs in near real-time. Also, because most are web-based, with the proper configuration, you can monitor your home or work environment from anywhere in the world. Yes, HTTPS is your friend! I’d recommend Splunk, which is free for the first 500MB a day. Depending on your setup, you may be able to get away with this. At a minimum, you send your security and application logs from your Windows 2012 Server to the Splunk box. You can also easily send over your Nessus results. Other options include QRadar, SolarWinds, NetWitness, and AlienVault, all of which I’m still evaluating and will report on very soon. Just keep in mind that as you go up in technological advancements, so does the price. Some tools may require additional information from the vendor.
Adding Virtual Machines
If you made it this far, then great, eventually, you’ll want some virtual machines to add to your lab to increase your testing and hands-on experience. Here’s a quick list of sites you can use to research, download, and add vulnerable machines to your lab:
- Kali Linux
- Metasploitable2 (Linux)
- Metasploitable3 (Windows)
- Windows Server Evaluation Center
- Microsoft Edge
- Security Onion
- OWASP Security Shepherd 3.0
- Damn Vulnerable Web Application (DVWA)
- Buscador Investigative Operating System
Wargames, CTFs, and more
If you don’t have the hardware just yet and you would still like to practice exploitation and web app testing, you can visit the following sites:
Here are a few books I feel every aspiring #InfoSec professional should have in their library:
- A Tribe of Hackers — List members
- TCP/IP For Dummies
- Wireshark 101 2nd, Troubleshooting with Wireshark, Practical Packet Analysis
- IPv6 Essentials, Practical IPv6 for Windows Administrators, IPv6 Security
- Penetration Testing: A Hands-On Introduction to Hacking
- The Hacker Playbook 1, The Hacker Playbook 2, and The Hacker Playbook 3
- The Web Application Hacker’s Handbook 2
- Practical Malware Analysis, The Art of Memory Forensics
- Learn PowerShell in a Month of Lunches
- Black Hat Python, Violent Python
Lastly, we’ve also created a video for this content. You can find more videos on our YouTube Channel.
Tool Repositories and Tutorials
There is a wide variety of tutorials and tool repositories with helpful links to benefit the community. Here are my favorites.
- Fuzzy Security – Windows Privilege Escalation Fundamentals
- G0t Mi1k – Basic Linux Privilege Escalation
- Marcelle’s Resources – Curated tips and tools
And there you have it! There’s enough here to keep you busy for quite some time. We’ll keep this updated as best we can.
Good luck to you on your journey! We look forward to hearing great things about you. Let us know if this post helped you in any way.