Tony Robinson, a.k.a. da_667 has created a guide you can use to set up your own Security Lab. He guides you through the setup with several different hypervisors. This is another post Kurt (kph) put me onto.
da_667 covers deploying a pretty comprehensive lab environment in detail for five different hypervisors.
- Microsoft Client Hyper-V
- Oracle VirtualBox
- VMware Fusion Pro
- VMware Workstation Pro
- VMware vSphere Hypervisor (ESXi)
Here's a screenshot of the Table of Contents for the VMware Workstation Pro setup:
A free copy of the guide is available from da_667 here. According to his "blahg", the free book was only supposed to be available until 23 January, 2017, so there's no telling when it will be taken down.
[Update] Sorry folks, the book is no longer free. I found this out on 7 June 2017. It is available for $35 on createspace, and I think is worth the money. It is also available on Amazon as an ebook (Kindle) or in print for the same price.
In the book, you'll be walked through the process of creating a virtual network using your hypervisor of choice that will contain the following network segments:
- External Bridged Network
- Management Network
- IPS 1 Network
- IPS 2 Network
Traffic between segments is primarily controlled with a PFSense Gateway Virtual Machine.
I have experience with PFSense and will be writing a future blog post about it. It's a full featured open source firewall worth looking into for home or work.
Installation of a Kali Linux VM is also covered. Kali's the premier Pen Tester tool kit.
Other key areas covered are:
- Configuring traffic flow between segments
- Configuring management systems
- Security Intrusion Events Manager (SIEM) configuration (a.k.a. Security Information Event Manager)
- Intrusion Prevention System (IPS) configuration
- Metasploitable 2 configuration
da_667 has put a lot of effort into this. His goal is to have a book you could hand to a new team member or intern and say "Spin us up a lab." and she would be able to do it. Cool stuff.
I'm anxious to see the finished product available for purchase so I can get me a copy and contribute a few $ to his coffers for his efforts.
[Update] I did order my hard copy of the book from Amazon today (7 June 2017).