So to make things a bit easier as I wander along the path of self enlightenment (or in this case learning more about InfoSec) I thought it was about time I built some sort of “lab” at home, so I can get a better idea of what happens when I say run a nmap scan and to give me something to scan against.
Now it may come as a surprise to you but in the 15 years I’ve worked in IT I’ve never had a server at home.. nope never.. and to be honest I don’t think I need a server now to achieve the results I’m after. Now this is MY lab, its not huge, fancy or flash but it is portable and its low maintenance.
So what did I want from my lab:
- Simple to maintain
- Performs the tasks I want (always good)
You see some people would (and are entitled to) say that the point of a lab is so you can break things (and learn how to break things) for me, the purpose of my lab was the opposite, well sort of. You see I know what firewall logs say during a port scan, but I don’t know what a port scan looks like in terms of the actual packets sent/received. I’ve got a lot to learn and rather than download a “exploitable” VM and well exploit it I wanted to start at the very beginning.
So my lab setup is very simple.
I have a HP Mini Note 2133 running Security Onion, this is for a mixture of packet captures and IDS alerts. It uses a wireless NIC for the management interface and it’s onboard LAN for the sensor. I have a Checkpoint Safe@Office 500 firewall which will have it’s WAN connection plugged into my home network and I will open ports/services as I need to. Then finally I have my laptop which I will use to either scan the firewall and/or write packets with scapy and run packet captures as I go.
My plan (it’s always good to have a plan) is that to start with the firewall blocking everything, I can review the packet captures and actually see the real responses back (as opposed to the script telling me), when I start working with scapy I can write custom packets and see what effect that has. Then I can slowly start to open ports and compare the results with my initial baseline.
This of course might be the completly wrong way to do things, but to me it makes sense. If I can understand what happens in relation to the packets I hope it will give me a more complete understanding of how things work.
Below is a quick and simple diagram of my lab, written by the way with DroidDia (yes there is a droid version of Dia).
Let me know what you think (if you want) and I will let you know how I get on.