Disclaimer: This is only a guide and not inclusive of every single tool in the industry. It’s in your best interest to research via Google and YouTube as well for additional information..
Home Lab Setup
Having a home or online lab is crucial for career advancement in information security (#infosec). It is a great way to gain the hands-on experience and crucial talking points necessary for obtaining a job. You should be willing to try and even break things in your lab. Constantly troubleshooting errors and mitigating problems in your lab is a sure way to learn the ins and outs of hardware, software, and networking. Additionally, it will give you the ability to speak to tools, techniques, and procedures that are being used in the real world. Although most of your tools may be free and have a different name, the concepts of network monitoring and defense will be the same.
Understanding networking is a very valuable skill and over time it will be something you may not have to think about much. It is not a necessity but it is highly recommended to purchase a router and connect that router to the one already given to you by your service provider. This “helps” keep your original home environment separate from your lab environment. By all means, it is highly suggested to get familiar with the service provider’s router. Chances are, you have a default username and password that hasn’t been changed. It is also good to take a look around and view the current settings and options. You may want to customize settings for IPv6, have static IP addresses for your personal devices, or customize the IP addressing schemes as a means of providing better security.
The hardware is important because it will contain most if not all of your processing power and memory. To start, you can just use your laptop. Nowadays a normal laptop can host 2-3 virtual machines without any issues. If you want to step it up you can use Mac minis, Zotac boxes, or similar portable servers. As always feel free to customize your systems. If you really want to step it up then you can purchase refurbished servers, just keep in mind that they may require additional power sources and/or cooling.
Virtualization, often referred to as a Hypervisor, it is software that allows you to use the processing power of your hardware (laptop/CPU/server) to create and operate virtual machines (VMs). Think of it as having a computer inside a computer. Virtualization is great because it allows you to quickly create a VM and save the state of that VM so you can “revert” back to the point if you need to. The is great for testing and/or development environments. The top virtualization software is Virtual Box (Free), VMware Workstation Player (Free), VMWare Fusion ($79), VMWare Fusion Pro ($159), or Hyper-V (Free Install). All software is created to work on various operating systems. VMware also has available software called ESXi that allows you to install Virtual Server Software on a physical server. This is great for when the number of required VMs gets too high for your computer/laptop to manage.
Personally, I’m a fan of VMware due to its interface and ease of use on a Mac. Virtual Box has come a long way from what I’m used to and since I often create separate networks in my lab, Virtual Box easily allows me to create them and assign my VM interfaces to them. Virtual Box also allows you to put your VMs into groups in case you need to start and stop multiple VMs at the same time. So… because I like them both (Virtual Box & VMWare Fusion Pro) I use both of them at the same time. Yes, I footed the bill for the Pro version of VMWare.
Over time, you will notice that the ability to use virtualization will get addictive and you will want more machines. This will require more space and processing power. There are some really good cloud providers that allow you to create VMs with the click of a button. The next steps would be to check out Digital Ocean, Amazon AWS, The Google Compute Engine, and Microsoft Azure. In case you want to scale later, it would help do some comparison shopping and interface familiarization to find the best service for your needs.
Network Monitoring and IDS/IPS
It is very important to monitor your network to better understand the types of traffic and information that may flow through it. It is also good to understand “why” everything works the way it does. A really good tool for the protocol analysis aspect of networking monitoring is Wireshark. If you’re into network forensics then Wireshark is the way to go. It can be installed on any operating system.
Another great free option is Security Onion. Doug Burks and the Security Onion Solutions team consistently produce ISOs with updated builds so be sure keep your instance up to date. It runs on Linux, which you can get for free, and includes monitoring and log management tools. You can literally get it up and running in about 8 minutes, just remember to increase your processing cores (2) and RAM (40 GB), and add an extra interface ;-).
Being able to detect vulnerabilities is another crucial part of network defense and exploitation. Just like any other technology, there are many tools to choose from. Now, finding vulnerabilities is a little different than finding malware. For that you can use any of the 60 or so antivirus engines out there, we’ll also save that for a later date.
A good place to start is with the Nmap Scripting Engine (NSE). It’s free and it contains hundreds of scripts that you can use separately or chained together to serve as your vulnerability scanner. Additional options include:
- OpenVAS which comes preinstalled in Kali Linux
- Nessus which is free for the first 16 IP addresses
- Retina, which is free for the first 256 IPs
Oh yes … the firewall. Just like signatures, the firewall is only as good as its access control list and attackers will constantly try to work around both. No matter the operating system you should familiarize yourself with your host-based firewall. It is always good to know what ports and services are allowed in and out of your host. For Ubuntu Linux users there’s Iptables.
If you wanted to take it a step further I’d invest some time and energy getting familiar with pfSense. Besides being free, pfSense can also serve as your router, VPN solution and much much more. The pfSense install and configuration is a bit advanced so be sure to take your time, watch plenty of YouTube tutorials and practice practice practice.
Security Information and Event Management (SIEM) Tools
SIEM tools are perfect for analyzing various types of data inputs in near real time. Also, because most are web-based, with the proper configuration you can monitor your home or work environment from anywhere in the world. Yes, HTTPS is your friend! I’d recommend Splunk, which is free for the first 500MB a day. Depending on your setup, you may be able to get away with this. At a minimum, you send your security and application logs from your Windows 2012 Server to the Splunk box. You can also easily send over your Nessus results. Other options include QRadar, SolarWinds, NetWitness, and AlienVault … all of which I’m still evaluating and will report on very soon.
Just keep in mind that as you go up in technological advancements, so does the price. Some tools may require additional information from the vendor.
If you made it this far then great, now you’ll need some virtual machines to add to your lab to increase your testing and hands-on experience.[block id=”67544″]
Virtual Machine (Downloads)
Here’s a quick list of sites you can use to research, download, and add vulnerable machines to your lab:
- Kali Linux
- Metasploitable2 (Linux)
- Metasploitable3 (Windows)
- Windows Server Evaluation Center
- Microsoft Edge
- Security Onion
- OWASP Security Shepherd 3.0
- Damn Vulnerable Web Application (DVWA)
- Buscador Investigative Operating System
Wargames, CTFs, and more
If you don’t have the hardware just yet and you would still like to practice exploitation and web app testing, you can visit the following sites:
Here are few books I feel every aspiring #InfoSec professional should have in their library:
- A Tribe of Hackers — List members
- TCP/IP For Dummies
- Wireshark 101 2nd, Troubleshooting with Wireshark, Practical Packet Analysis
- IPv6 Essentials, Practical IPv6 for Windows Administrators, IPv6 Security
- Penetration Testing: A Hands-On Introduction to Hacking
- The Hacker Playbook 1, The Hacker Playbook 2, and The Hacker Playbook 3
- The Web Application Hacker’s Handbook 2
- Practical Malware Analysis, The Art of Memory Forensics
- Learn PowerShell in a Month of Lunches
- Black Hat Python, Violent Python
Lastly, we’ve also created a video for this content. You can find more videos on our YouTube Channel.
Tool Repositories and Tutorials
There are those that put in the time and effort to put together tutorials, tool repositories with helpful links to benefit the community. Here are my favorites.
- Fuzzy Security – Windows Privilege Escalation Fundamentals
- G0t Mi1k – Basic Linux Privilege Escalation
- Marcelle’s Resources – Curated tips and tools
And there you have it! There’s enough here to keep you busy for quite some time. We’ll keep this updated as best we can.
Good luck to you on your journey! We look forward to hearing great things about you. Let us know if this post helped you in any way.[gap height=”26px”] [ux_video url=”https://youtu.be/ffE7arGQ91U”]