So to make things a bit easier as I wander along the path of self enlightenment (or in this case learning more about InfoSec) I thought it was about time I built some sort of “lab” at home, so I can get a better idea of what happens when I say run a nmap scan and to give me something to scan against.
Now it may come as a surprise to you but in the 15 years I’ve worked in IT I’ve never had a server at home.. nope never.. and to be honest I don’t think I need a server now to achieve the results I’m after. Now this is MY lab, its not huge, fancy or flash but it is portable and its low maintenance.
So what did I want from my lab:
- Simple to maintain
- Flexibility
- Performs the tasks I want (always good)
You see some people would (and are entitled to) say that the point of a lab is so you can break things (and learn how to break things) for me, the purpose of my lab was the opposite, well sort of. You see I know what firewall logs say during a port scan, but I don’t know what a port scan looks like in terms of the actual packets sent/received. I’ve got a lot to learn and rather than download a “exploitable” VM and well exploit it I wanted to start at the very beginning.
So my lab setup is very simple.
I have a HP Mini Note 2133 running Security Onion, this is for a mixture of packet captures and IDS alerts. It uses a wireless NIC for the management interface and it’s onboard LAN for the sensor. I have a Checkpoint Safe@Office 500 firewall which will have it’s WAN connection plugged into my home network and I will open ports/services as I need to. Then finally I have my laptop which I will use to either scan the firewall and/or write packets with scapy and run packet captures as I go.
My plan (it’s always good to have a plan) is that to start with the firewall blocking everything, I can review the packet captures and actually see the real responses back (as opposed to the script telling me), when I start working with scapy I can write custom packets and see what effect that has. Then I can slowly start to open ports and compare the results with my initial baseline.
This of course might be the completly wrong way to do things, but to me it makes sense. If I can understand what happens in relation to the packets I hope it will give me a more complete understanding of how things work.
Below is a quick and simple diagram of my lab, written by the way with DroidDia (yes there is a droid version of Dia).
Let me know what you think (if you want) and I will let you know how I get on.
Adam
The Cyber Nomad 
You setup seems clean and good 🙂
might be time to start looking at virtualizations for servers to have more targets =)
I have an old amd 2ghz machine with xubuntu and VirtualBox to make targets
Plus, You have a very good blog which i visit every now and then 🙂
Hi Fredrik, thank you for taking the time to read my blog and for posting a comment.. 🙂
My lab at home, is more for me to get my head around things like nmap, metasploit etc.. I’ve got another test lab at work which runs VMware and sits in a nice isolated environment so once I make some progress at home and get my head around some of the “basic” concepts I can progress to that. 🙂
Ahh sortof the same as me then, i have a few soho routers, a few 2514 ciscos and one 2600 and a bunch of switches (all is oLd) hehe but i tend to try doing it all right away, which seldom is a good plan =)
Gonna sneakpeak on your planning to see if I could be organized for once =) machinewise i have just old laptops and pc´s and one biga** dell server but firing that one up would kill all electricity i fear hehe =) at least drain my accounts when paying the bills.
You are part of the Metoring programme ?
I saw the link on your blog, and are looking into it as soon as I find the time 🙂
There are sites online which do allow scanning and such but mainly I always feel “out of control” when hitting stuff that I aint “admining” hehe
Hello,
I am DroidDia developer. I have an important information, unfortunately DroidDia is not DIA compatible. We want to add export/import to DIA format.
Now, DroidDia and Dia have only incommon DIA word.
Best regards
OJA