Building a Cybersecurity Homelab
Updated: Jun 18
In Cybersecurity, it could be a daunting task to apply and implement security concepts if there is an unavailability of practical and safe infrastructure to carry out these activities.
I approached this project with that in mind. This homelab walks through the process of configuring, optimizing, and securing an I.T infrastructure. Although this will be at a relatively small scale, you will be able to apply the knowledge gained in a real-world large-scale/enterprise infrastructure.
What is a Homelab?
A Homelab, as the name implies, is an environment in your home that is used to practice and improve your skills in a specific field. This home lab has components and tools similar to large-scale infrastructures. It’s a safe environment to work with these components and learn how they work.
Building Host PC
Installing VMware Workstation as hypervisor
Configuring pfsense firewall for Network Segmentation & Security
Configuring Security Onion as an all-in-one IDS, Security Monitoring, and Log Management solution
Configuring Kali Linux as an attack machine
Configuring a Windows Server as a Domain Controller
Configuring Windows desktops
Configuring Nessus on Kali
Ubuntu/Centos/Metasploitable/DVWA/Vulnhub machines: All these are potential Linux machines that can be added to the network for exploitation, detection, or monitoring purposes.
HOMELAB NETWORK DESIGN & TOPOLOGY
Building The Host PC
For this lab, I'll be using a PC I built a while back specifically for this purpose. The hardware requirements are listed below:
CPU: AMD Ryzen 5 3600X 3.8 GHz 6-Core Processor
RAM: G.Skill Ripjaws V Series 32 GB (2 x 16 GB) DDR4 Memory
STORAGE: Crucial P1 1TB M.2-2280 NVME SSD
GRAPHICS CARD: MSI GeForce GT 710 2 GB Video Card
MOTHERBOARD: Asus TUF GAMING X570 ATX Motherboard
HOST OPERATING SYSTEM: Windows 10 Pro
FULL PC BUILD: PC Part Picker List
Here's a video tutorial for building the PC:
You can also buy a dedicated server or even use an old laptop as long as it is capable of running all the required VMs. Typically 8GB of RAM is okay but I recommend 16GB if you can.
Downloading & Installing VMware Workstation Pro
For the purpose of this lab, I'll be using VMware Workstation 16 Pro as my hypervisor. This license costs about $120 with a student discount but I assure you it is a very worthwhile investment.
Here's a video on how to install VMware Workstation:
VirtualBox is also a free and feature-rich alternative Hypervisor from Oracle. If you cannot afford the VMware license, VirtualBox is equally good.
pfsense will be configured as a firewall to segment our private homelab network and will be only accessible from our Kali Linux machine.
Download the pfsense ISO file from here: Download pfSense Community Edition
Click "Create a New Virtual Machine" on VMware Workstation Homescreen.
Make sure "Typical (recommended)" is selected and click Next.
Click "Browse" and navigate to the folder where your pfsense file is located.
Rename your Virtual Machine. Preferably "pfsense"
20GB disk size is sufficient for this VM.
Ensure that the "Split virtual disk into multiple files" option is selected.
Click "Customize Hardware".
Increase the memory to 2GB.
Add 5 network adapters and correspond them with a VMnet interface as shown below. Then click Finish.
The pfsense machine will power on and start with this screen. Accept all the defaults. pfsense will configure and reboot.
You should end up with a screen similar to this.
Enter option 1
Should VLANS be set up now [y:n]?: n
Enter em0, em1, em2, em3, em4 & em5 respectively for each consecutive question
Do you want to proceed [y:n]?: y
Enter option 2
We'll start with the LAN interface (2)
The ip address 192.168.1.1 is going to be used to access the pfsense WebGUI via the Kali Machine
Use the configuration below for the Lan interface.
Use the configuration below for the OPT1 interface.
Use the configuration below for the OPT2 interface
Leave the OPT3 interface without an IP as it is going to have the span port with traffic that Security Onion will be monitoring.
Use the configuration for the OPT4 interface
This ends the configuration of the pfsense VM. The rest of the configuration will be done via the kali machine through the WebConfigurator.
Configuring Security Onion
This will be the all-in-one IDS, Security Monitoring, and Log Management solution.
Select Typical installation >> Click Next
Installer disc image file >> SO ISO file path >> Click Next
Choose Linux, CentOS 7 64-Bit and click Next.
Specify virtual machine name and click Next.
Specify disk size (minimum 200GB), store as single file, click Next.
Click "Customize Hardware" and do the following:
~ Change memory to 4-32GB
~ Add two Network Adapters and assign them Vmnet 4 & Vmnet 5 respectively
Power the virtual machine and click Enter when prompted:
After the initial stages of loading, type "yes" when prompted
~ Set a username & password:
After Security Onion Reboots, proceed with the following:
Enter the username & password
Select the EVAL option
Set a hostname, and a short description
Click the spacebar to select ens33 as the management interface
Set the addressing to DHCP:
Select "YES" at the next prompt
Select "OK" at the next prompt
Select "Direct" for the next prompt
Select "ens35" as the Monitor Interface
Select "Automatic" for the OS patch schedule"
Accept the default home network ip
Accept all the defaults
Enter an email address and password for the admin account
Select "Yes" for the NTP server & accept the defaults
Take note of your final settings before proceeding! If possible take a screenshot.
Most important detail is the IP address for web access.
SecOnionMgmt/ Analyst Machine
After installing Security Onion, having access to the web interface will be done from an external Ubuntu Desktop simulating a SOC/Security Analyst accessing a SIEM or any other tool from their device.
In order to this, you'll first have to configure an Ubuntu Desktop. This is a very easy process and I'll not be covering it in this write-up but it is covered in the video. Be sure to use all the default settings for the Ubuntu Desktop configuration.
After this installation, run the ifconfig command on the Ubuntu Machine and take note of its IP Address.
Head back to your Security Onion instance and run the following command
Enter your password
Type a and wait for the process to complete
Type in the IP Address from the Ubuntu Desktop
This will create a firewall rule on Security Onion that will allow you web access from your Ubuntu Desktop
Navigate to the Security Onion IP Address on your Ubuntu Desktop:
This ends the configuration of the Security Onion VM.
Configuring Kali Linux
Kali Linux will be used as an attack machine to propagate different forms of offensive actions against the Domain Controller and the other machines attached to it.
Since you're downloading the VM file, all you'll need to do is to click on the .vmx file from the Kali Folder you downloaded and it will automatically load up the default Kali image in VMware.
Before powering on the Kali, change the Network Adapter to Vmnet2 and its Memory to 4GB, then power it on and use default credentials as specified.
After powering on, use this command to change the default password to a more secure one of your choice:
The Kali machine is ready for use.
pfsense Interfaces and Rules
Now that the Kali machine is set up, the pfsens WebConfigurator can be accessed in order to make some changes to the pfsense interface and firewall rules.
Navigate to the web browser and search for 192.168.1.1
Select "Advanced..." at this screen:
Accept the risk and continue:
Sign in to pfsense using default credentials "admin" & "pfsense"
You'll be greeted with a "Wizard/pfSense Setup/" page.
Click Next till you get to Step 2 of 9.
Add 188.8.131.52 as your Primary DNS Server
Add 184.108.40.206 as your Secondary DNS Server
At Step 3 of 9, Choose your Timezone
At Step 4 of 9, untick the last two options
At Step 5 of 9, Click Next
At Step 6 of 9, Set a new Admin Password
At Step 7 of 9, Click Reload
At this point, pfsense Wizard is complete and changes can now be made to the Interfaces.
Click on Interfaces.
For "Description", Change LAN to Kali as this is the Kali interface
Scroll all the way down and Click Save
If you get this error, use this Article to troubleshoot and fix it
Then do this for the rest of the Interfaces as shown below
For OPT3 Be sure to Enable Interface as shown below
Back at Interfaces Assignment select Bridges
Select VictimNetwork as the Member Interface
Then select Display Advanced
Under Advanced Configuration for Span Port, select "SPANPORT"
Scroll all the way down and Click Save
Click Firewall >> Rules
Select the Add button with the arrow pointed downward
~ Under "edit Firewall Rule" for Protocol select ANY
~ Scroll all the way down and SAVE
This is the majority of the firewall configuration needed for pfsense.
Configuring Windows Server as a Domain Controller
The goal of this portion of the lab is to set up an Active Directory domain with a Windows 2019 Server as the Domain Controller and 2 Windows 10 machines. This portion of the lab is very easy to set up and I'll be using The Cyber Mentor's youtube guide for an Active Directory Hacking Lab.
~ Important Details for Windows Server Installation
(Please read the below before installing the Windows Server on VMware)
* Install in VMware as usual with defaults
* Do not worry about a product key, simply click Next
* At the end of the installation, be sure to change the Network Adapter to Vmnet3
* Make sure to UNCHECK "Power on this virtual machine after creation".
* After the VM has been installed, click "Edit virtual machine settings" and remove the Floppy drive.
Power on the Virtual Machine and immediately click any key.
Click Install Now
Select the Windows Server 2019 standard Evaluation (Desktop Experience)
Accept the License Terms
Select the Custom Install