• Day Cyberwox

Building a Cybersecurity Homelab: Part 1

Updated: May 8



As a college student or beginner with little to no experience in the Cybersecurity field, fully understanding and applying conceptual knowledge of certain tools, applications and methodologies without hands-on experience could be difficult.


In Cybersecurity, it could be a daunting task to apply and implement these concepts if there is an unavailability of practical and safe infrastructure to carry out these activities.


I approached this project with you in mind. Yes, you! We haven’t met but you are probably just starting out your college education or looking to break into the industry and you want to get hands-on experience. You want to be able to practice your skills and get better for that job/internship, certification, or maybe an interview. You’ve come to the right place!


This homelab will take you through the process of configuring, optimizing, and securing an I.T infrastructure. Although this will be at a relatively small scale, you will be able to apply the knowledge gained in a real-world large-scale/enterprise infrastructure.


What is a Homelab?


A Homelab, as the name implies, is an environment in your home that is used to practice and improve your skills in a specific field. This home lab has components and tools similar to large-scale infrastructures. It’s a safe environment to work with these components and learn how they work.


Pre-Requisites

  • Some knowledge of Networking

  • Familiarity with Operating Systems

  • Some knowledge of Virtualization

  • Time, Dedication & Resilience


CONTENT

  • Building Host PC

  • Installing VMware Workstation as hypervisor

  • Configuring pfsense firewall for Network Segmentation & Security

  • Configuring Security Onion as an all-in-one IDS, Security Monitoring, and Log Management solution

  • Configuring Kali Linux as an attack machine

  • Configuring a Windows Server as a Domain Controller

  • Configuring Windows desktops

  • Configuring Splunk

  • Configuring Nessus on Kali

  • Ubuntu/Centos/Metasploitable/DVWA/Vulnhub machines: All these are potential Linux machines that can be added to the network for exploitation, detection, or monitoring purposes.

HOMELAB NETWORK DESIGN & TOPOLOGY



Building The Host PC


For this lab, I'll be using a PC I built a while back specifically for this purpose. The hardware requirements are listed below:


CPU: AMD Ryzen 5 3600X 3.8 GHz 6-Core Processor

RAM: G.Skill Ripjaws V Series 32 GB (2 x 16 GB) DDR4 Memory

STORAGE: Crucial P1 1TB M.2-2280 NVME SSD

GRAPHICS CARD: MSI GeForce GT 710 2 GB Video Card

MOTHERBOARD: Asus TUF GAMING X570 ATX Motherboard

HOST OPERATING SYSTEM: Windows 10 Pro

FULL PC BUILD: PC Part Picker List


Here's a video tutorial for building the PC:


You can also buy a dedicated server or even use an old laptop as long as it is capable of running all the required VMs. Typically 8GB of RAM is okay but I recommend 16GB if you can.

Downloading & Installing VMware Workstation Pro


For the purpose of this lab, I'll be using VMware Workstation 16 Pro as my hypervisor. This license costs about $120 with a student discount but I assure you it is a very worthwhile investment.


Download VMware Workstation Player


Here's a video on how to install VMware Workstation:


VirtualBox is also a free and feature-rich alternative Hypervisor from Oracle. If you cannot afford the VMware license, VirtualBox is equally good.


Download Virtualbox


Configuring pfsense


pfsense will be configured as a firewall to segment our private homelab network and will be only accessible from our Kali Linux machine.


Download the pfsense ISO file from here: Download pfSense Community Edition



Click "Create a New Virtual Machine" on VMware Workstation Homescreen.

Make sure "Typical (recommended)" is selected and click Next.


Click "Browse" and navigate to the folder where your pfsense file is located.

Click Next.

Rename your Virtual Machine. Preferably "pfsense"

Click Next.

20GB disk size is sufficient for this VM.

Ensure that the "Split virtual disk into multiple files" option is selected.

Click Next.

Click "Customize Hardware".

Increase the memory to 2GB.

Add 5 network adapters and correspond them with a VMnet interface as shown below. Then click Finish.

























The pfsense machine will power on and start with this screen. Accept all the defaults. pfsense will configure and reboot.

You should end up with a screen similar to this.


Enter option 1

Should VLANS be set up now [y:n]?: n

Enter em0, em1, em2, em3, em4 & em5 respectively for each consecutive question

Do you want to proceed [y:n]?: y


Enter option 2

We'll start with the LAN interface (2)

The ip address 192.168.1.1 is going to be used to access the pfsense WebGUI via the Kali Machine


Use the configuration below for the Lan interface.

Use the configuration below for the OPT1 interface.

Use the configuration below for the OPT2 interface


Leave the OPT3 interface without an IP as it is going to have the span port with traffic that Security Onion will be monitoring.


Use the configuration for the OPT4 interface


This ends the configuration of the pfsense VM. The rest of the configuration will be done via the kali machine through the WebConfigurator.


Configuring Security Onion


This will be the all-in-one IDS, Security Monitoring, and Log Management solution. I'll be using an older version of security onion for this lab (V 16.4.6.3), but in the near future, I'll be adding update instructions at the end of the lab.8


Download the Security Onion ISO file from here


You should already be familiar with the installation process now so I'll skip over to the third screen in the security onion setup.


Make sure the "Linux" is selected under the Guest operating system. Click Next

Rename the virtual machine based on your preference. Click Next

Increase the Maximum disk size to at least 100GB. Security Onion is going to contain a lot of logs and you'll need a lot of space for it.

Click "Customize Hardware" and do the following:

~ Change memory to 4-32GB

~ Add two Network Adapters and assign them Vmnet 4 & Vmnet 5 respectively

Click "Finish"

Power the virtual machine and click Enter when prompted:


Click on "Install Security Onion 16.04" on the home screen:

~ Accept all the defaults

~ Set a username & password


The installation will continue for a while:

Click "Restart Now" and click Enter when prompted:

After the Restart, sign in and click the "setup" icon

~Enter your password

~Select "Yes, Continue!"

~Select "Yes, configure /etc/network/interfaces!"


Select the first network interface for the management interface:

Set the addressing to DHCP:

~Select "Yes, configure sniffing interfaces."

Make sure only the bottom interface is selected as it's the span port I mentioned earlier:

~Select "Yes, make changes!"

~Select "Yes, reboot!"


After the reboot, click the "setup" icon again and enter your password

~ Select "Yes, Continue!"

~ Select "Yes, skip network configuration!"

~ Select "Evaluation Mode"


Ensure that the last interface is the one that is selected to be monitored:

~ Type in a username

~ Type in a password and confirm the password

~ Select "Yes, proceed with the changes!"


Select "OK" all through after the installation is complete.


You can sign in to Kibana with the previous username and password you configured in their previous step.


Click on Kibana on the desktop and select "Advanced":

Select "Proceed to localhost(unsafe)":

Sign in with the username and password you created previously:

Your Kibana dashboard should be ready:

You can also use the same credentials to sign in to sguil.


This ends the configuration of the Security Onion VM.


Configuring Kali Linux


Kali Linux will be used as an attack machine to propagate different forms of offensive actions against the Domain Controller and the other machines attached to it.


Download the Kali Linux ISO from here


Since you're downloading the VM file, all you'll need to do is to click on the .vmx file from the Kali Folder you downloaded and it will automatically load up the default Kali image in VMware.



Before powering on the Kali, change the Network Adapter to Vmnet2 and its Memory to 4GB, then power it on and use default credentials as specified.


After powering on, use this command to change the default password to a more secure one of your choice:

passwd

The Kali machine is ready for use.


pfsense Interfaces and Rules


Now that the Kali machine is set up, the pfsens WebConfigurator can be accessed in order to make some changes to the pfsense interface aanddn firewall rules.


Navigate to the web browser and search for 192.168.1.1

Select "Advanced..." at this screen:

Accept the risk and continue:

Sign in to pfsense using default credentials "admin" & "pfsense"

You'll be greeted with a "Wizard/pfSense Setup/" page.

Click Next till you get to Step 2 of 9.

Add 8.8.8.8 as your Primary DNS Server

Add 4.4.4.4 as your Secondary DNS Server

Click Next.

At Step 3 of 9, Choose your Timezone

Click Next.

At Step 4 of 9, untick the last two options

At Step 5 of 9, Click Next

At Step 6 of 9, Set a new Admin Password

Click Next.

At Step 7 of 9, Click Reload

Finish


At this point, pfsense Wizard is complete and changes can now be made to the Interfaces.


Click on Interfaces.

Select LAN

For "Description", Change LAN to Kali as this is the Kali interface

Scroll all the way down and Click Save


If you get this error, use this Article to troubleshoot and fix it

Then do this for the rest of the Interfaces as shown below

For OPT3 Be sure to Enable Interface as shown below


Back at Interfaces Assignment select Bridges

Click Add

Select VictimNetwork as the Member Interface


Then select Display Advanced

Under Advanced Configuration for Span Port, select "SPANPORT"

Scroll all the way down and Click Save


Click Firewall >> Rules

Select the Add button with the arrow pointed downward

~ Under "edit Firewall Rule" for Protocol select ANY

~ Scroll all the way down and SAVE


This is the majority of the firewall configuration needed for pfsense.


Configuring Windows Server as a Domain Controller


The goal of this portion of the lab is to set up an Active Directory domain with a Windows 2019 Server as the Domain Controller and 2 Windows 10 machines. This portion of the lab is very easy to set up and I'll be using The Cyber Mentor's youtube guide for an Active Directory Hacking Lab.


Download the Windows 2019 Server Evaluation Copy

Download the Windows 10 Evaluation Copy


~ Important Details for Windows Server Installation

(Please read the below before installing the Windows Server on VMware)

* Install in VMware as usual with defaults

* Do not worry about a product key, simply click Next

* At the end of the installation, be sure to change the Network Adapter to Vmnet3

* Make sure to UNCHECK "Power on this virtual machine after creation".

* After the VM has been installed, click "Edit virtual machine settings" and remove the Floppy drive.

Power on the Virtual Machine and immediately click any key.

Click Next

Click Install Now

Select the Windows Server 2019 standard Evaluation (Desktop Experience)

Accept the License Terms

Click Next

Select the Custom Install

Click New

Click Apply

Click OK

Click Next

You should have this screen now

When that is complete, create a password

After the installation, you should end up with this screen

Rename the Domain Controller

~ Navigate to Settings in the search bar

~ Search for settings in the search bar

~ Search for "pc name" in the settings search

~ Select Rename PC and rename the PC your choice name

~ Select Restart Now

After the reboot, on the Server Manager Dashboard, Click Manage >> Add Roles and Features

Keep clicking Next till you get to the Server Roles menu

Select Active Directory Domain Services

Select "Add Features"

Click on Next till you get to the Confirmation menu, then click Install

After the Install, Click Close

Click on the flag with the yellow caution triangle

* Select "Promote this server to a domain controller"

* Select Add a new forest

* Specify a domain name

* Click Next

* Set a Password

Click Next till you get to the Prerequisites Check Menu

Click Install

Wait for the Reboot

After the Reboot, Log back in

Select Manage >> Add Roles & Features again on the Server Manager

Click Next till you get to Server Roles

Select Active Directory Certificate Services

Select Add Features

Click Next till you get to the "Confirmation" menu

Check "Restart the destination server automatically if required"

Select Yes

Select Install

After the Installation, Click Close

Click on the flag with the yellow caution triangle

Select "Configure Active Directory Certificate Services on the destination server"

Click Next on Credentials

On the Role Services menu, check Certification Authority

Click Next till you get to the Validity period menu and change it to 99 years

Click Next till you get to the Confirmation menu

Then select Configure

Manually restart the server in order for all the settings to take effect.

Now add some Users:

~ Back at the Server Manager Select Tools > Active Directory Users and Computers

Select your Domain Name (CYBERWOX.local) > Users, Right Click & Select New > User

~ Enter a First, Last & User logon name for the user (Disregard the "WIN10" and just set a preferred logon name).

Set a password that never expires. Select Finish.

Right Click on the previous user you created, Select Copy, and create another User.

Disregard the "WIN7" and set a preferred logon name.

After this, add a password that never expires.


Search for "Windows Defender Firewall" > Turn Windows Defender Firewall on or off.

Turn off the firewall for all Networks

Now Use pfsense as the default gateway for the Domain Controller

~ Navigate to Control Panel > Network and Internet > Network Connections

~ Enter the following configuration


You can ping the gateway (192.168.2.1) to test connectivity.



This is the end of the Domain Controller configuration. If you're looking to do a more comprehensive configuration, you should check out The Cyber Mentor's Video and follow it in accordance with this lab.



Configuring Windows 10 Desktops

The goal of this portion of the lab is to add 2 Windows 10 desktops to the Domain and complete the active directory lab. This portion of the lab is very easy to set up and I'll be using The Cyber Mentor's youtube guide for an Active Directory Hacking Lab.


Note that having 2 desktops is not a hard requirement for this lab as ONE desktop is sufficient.


~ Important Details for Windows Server Installation

(Please read the below before installing the Windows Desktops)

* Install in VMware as usual with defaults

* Do not worry about a product key, simply click Next

* Name the virtual machine the first user you set in your DC

* At the end of the installation, be sure to change the Network Adapter to Vmnet3

* Make sure to UNCHECK "Power on this virtual machine after creation".

* After the VM has been installed, click "Edit virtual machine settings" and remove the Floppy drive.


Repeat this process, but this time for the second user.


Use the same configuration steps as the Domain controller:

#Install

#Accept license terms

#Use Custom Install

#Select New > Apply > OK > Next


Configure windows 10 as usual and when you get to this point select "I don't have internet"

Continue with limited setup

Set the first user and the password (Remember from the DC configuration)

Set the security answers

Uncheck ALL the privacy settings then select Accept

Choose "Not Now" for Cortana

While you wait set up the second desktop with the second user account credentials but the same configurations.


Search "pc name" and change the PC Name according to the designated users

Restart the PC


JOINING THE PCs TO THE DOMAIN

~ Navigate to Network Adpater settings

~ Right click on Ethernet0 and select properties

~ Select IPV4

~ Add an IP Address(192.168.2.21) & Use 192.168.2.1 as the default gateway

~ Use 192.168.2.10(VictimsNetwork) as the DNS Server

Search "domain" and select Access work or school

Select Connect > Join this device to local Active Directory Domain

Enter your domain name.local (CYBERWOX.local for me)


YOU WILL GET AN ERROR. THIS IS EXPECTED, DON'T PANIC LOL.

Head over to pfsense:


At Services > DHCP Server > VICTIMSNETWORK> DNS Server ---- This should be the IP of your domain controller(192.168.2.10)

At Services > DHCP Server> VICTIMSNETWORK > Other Options > Domain Name ----- This should be the domain name ( CYBERWOX.local )



Now try again, you should get this:

Enter the Username: Administrator and the password of your DC

Select Skip

Restart


Repeat this process for the second machine.


At this point, your lab is ready and you can go ahead and start having fun with it. I intend on working on the Splunk portion in the near future but with the ELK stack in Security Onion, you already have a SIEM solution implemented. Please also note that I set up a much older version of Security Onion in this lab but very soon, I'll be updating it to the latest version. I'll also update this lab with the Splunk part as soon as I get it done.


I hope you find it helpful! For troubleshooting/help with this lab, please join my discord server (see homepage) and I'll be glad to help!


2,668 views0 comments