Beyond Building Virtual Machine Labs
Home labs are one of the best ways to develop practical technical skills in IT. Tony’s book is a fine primer on this subject. I recommend reading this first if you don’t have a lot of experience using virtual machines, installing OSes, or configuring server software. If you work through this book, you will end up building a virtual network consisting of a router, a SIEM, Kali Linux, Metasploitable, and an IPS. This is enough to keep someone busy for a long time.
This book is somewhat unique because it is like a choose your own adventure book; instructions are provided for setting this lab up using VMWare, Hyper-V, and VirtualBox. No matter which path you choose, I believe that setting up these types of labs is a fundamental skill that should be possessed by most IT workers. The quicker you can spin up labs to test out new theories, ideas, and software the better off you will be. Playing around in a lab can develop skills that can be applied at work. Reading about a subject isn’t enough for most people to retain knowledge; taking some time to be hands-on in the lab helps solidify your grasp of a subject.
After working through this book, you may be asking yourself what’s next? This all depends on you. Whatever your interests or current career objectives are, you can tailor your labs to reflect this. A good starting point no matter if you are a defender, red teamer, threat hunter, sysadmin, or whatever is to set up a network that mimics a small business.
Building a fake corporate network gives you experience administering, maintaining, and troubleshooting problems that may arise. You will also have a lot of the scaffolding in place already if some new exploit, tool, or technique surfaces that you want to test out. I feel that some of the best security practitioners I have met have strong sysadmin or development backgrounds (or both). Thinking like a sysadmin when attacking a system, a developer when attacking software, or a network engineer when attacking a network has been fruitful for me many times in the past. Thinking like an attacker helps defenders defend. If your day job isn’t maintaining systems, you can augment this gap in knowledge and practice with a lab.
You also don’t need to limit yourself to virtual machines. If you find some old hardware at yard sales, thrift shops, or eBay, it can be a lot of fun to tinker with and integrate into your lab. I feel that buying used stuff is more prone to problems, which is a good thing if you are trying to develop troubleshooting skills. Hybrid on-prem VMs and hardware and cloud labs can also be built if that is where your interests are.
What to build?
If you want to break into this field, it makes a lot of sense to learn what people are likely to be using in their enterprise. Based off of experience, most small to mid-size corporate networks will have at least:
- A domain controller
- A file server
- A switch or two
- A router
- Some endpoints (workstations, PoS systems, etc)
- Business/industry-specific software. This will introduce stuff like web applications, Tomcat servers, custom/proprietary software that does who knows what, databases, and collaboration tooling.
These are often mismatched operating systems at various patch levels, whatever switches and printers were on sale at Staples, and generally pretty terrible networks.
A larger or more technical focused business will probably have the previous list plus:
- Monitoring and alerting systems
- Remote management services (RDP, SSH, VNC, TFTP, VPN, …)
- Redundant servers, replication, master/slave setups, …
What about security?
If an IT team decides to take security more seriously, they may have:
- A SIEM or centralized logging repo.
- A proxy server
- A vulnerability scanner
- Configuration management
- Netflow data or something similar
- More robust GPOs, logging configurations, and hardened system settings.
- Network segmentation, port security, VLANs, and other network hardening techniques.
- Forensics workstations
- Malware sandboxes
- Honeypots or decoy hosts
If you are leaning towards learning offensive security, setting up defensive tools and learning how to use them effectively will make you a better analyst. The opposite is true for defenders; the more you know about offensive techniques, the more equipped you will be with detecting and preventing threats. Always be thinking of ways that your attacks can be thwarted and how you can launch attacks that aren’t likely to have sufficient visibility for detection.
There are also a lot of intentionally vulnerable VMs and software out there. Some of these are pretty great and can provide a lot of entertainment and opportunities to learn.
This shop may also have some developers or DevOps types on staff. This may introduce:
- Code repositories
- Development environments
- Continuous integration
I can keep going with these lists all day. There’s no way someone can master all of this, but as you gain more experience it becomes easier to adapt when faced with something new.
Home Labs on a Budget
I’m not going to lie. Labs can quickly become expensive. Look at r/homelab for examples of this. Some of these people have dropped some serious coin on their gear. I am not this guy, but if you have the means to do this and its what you want to do with your time, awesome. I have an average job, kids to feed, and bills to pay. I can’t afford to shell out top dollar to make high-end labs with the latest and greatest stuff. Most of what I have has been decommissioned from old jobs, bought used, donated, and collected over the span of several years. Although cheap/used/half broken/garbage hardware isn’t the most glamorous setup, this approach has served me well for a long time.
You don’t have to shell out thousands of dollars to build a great lab, but ultimately if you stick with it, you will end up paying for something. The whole point is to learn. If you want to buy expensive stuff, great. Most people reading this will likely already have a computer or two, a WiFi router, and a few random devices on the network already. This can be a great starting point provided that you actually own the equipment.
Depending on your budget, preferences, and other constraints, you may have to get creative with your lab. Sometimes you might not have much space. You may be offended by loud fans. Cooling the room where your equipment resides might be challenging. Your dwelling may be built out of material that is hostile to RF emissions, making WiFi a challenge. There is no one-size-fits-all solution for everyone’s situations.
Amazon Affiliate Disclosure
As an Amazon Associate I earn from qualifying purchases.