Building Virtual Machine Labs
Last updated on 2017-10-18
About the Book
Virtualization is a skill that most IT or security pros take for granted. The sheer number of choices and requirements can be a daunting challenge to face for beginners and veterans alike.
With this book, you'll learn how to build a robust, customizable virtual environment suitable for either a personal home lab, as well or a dedicated, shared lab environment. You will learn how to:
- Understand the mechanics of virtualization and how they influence the design of your lab
- Build an extensive baseline lab environment on any one of five commonly used hypervisors (VMware vSphere Hypervisor, VMware Fusion, VMware Workstation, Oracle Virtualbox, and Microsoft Client Hyper-V)
- Harden your lab environment against VM escapes and other security threats
- Configure the pfSense firewall distribution to provide security, segmentation, and network services to your virtual lab
- Deploy either Snort or Suricata open-source IDS platforms in IPS mode to further enhance the flexibility, segmentation and security of your lab network
- Deploy Splunk as a log management solution for your lab
- Reconfigure the provided baseline lab environment to better suit your individual needs
Easy to follow steps and illustrations throughout the book provide detailed, comprehensive guidance as you build your custom-tailored lab. Both IT and security professionals need practice environments to better hone their craft. Learn how to build and maintain your own today!
Table of Contents
1 Purpose of this Book. 13
1.1 A Note About Software Versions. 15
2 Prerequisite Knowledge. 16
3 Hypervisor and Hardware Considerations. 18
3.1 Introduction to Virtualization. 18
3.2 Introduction to Hypervisors. 20
3.3 What is a Hypervisor?. 20
3.4 Bare-metal Hypervisors. 20
3.5 Hosted Hypervisors. 22
4 Hardware Considerations. 23
4.1 RAM as a Performance Factor 23
4.2 Disk I/O as a Performance Factor 23
What is seek time?. 24
4.3 CPU Cores and Features as a performance Factor 24
4.4 Performance is a Vicious Cycle. 25
5 Understanding Virtual Networks - Hosted vs. Bare-metal Hypervisor Networking. 26
5.1 Hosted Hypervisor Networking - Host-Only, Bridged, and NAT Network Segments. 26
5.2 Bridged Networking. 26
5.3 NAT Networking. 26
5.4Host-Only Networking. 27
5.5 Virtual Network Adapters and You. 27
5.6 Bare-metal Hypervisor Networking - Virtual Switches. 27
6 Lab Overview.. 29
6.1 Design. 30
6.2 Lab Network Description. 31
6.3 Bridged Network. 31
6.4 Management Network. 31
6.5 IPS 1 and IPS 2 Networks. 31
6.6 AFPACKET Bridging between IPS 1 and IPS 2. 32
6.7 Why All The Trouble?. 32
7 VMs, Resource Allocations, and Minimum Hardware Requirements. 34
8 Hypervisor Guides. 35
9 Setup - Microsoft Client Hyper-V.. 37
9.1 Installation. 37
9.2 Hypervisor Preferences. 41
9.3 Server Settings. 42
9.4 User Settings. 46
9.5 Virtual Switches. 47
9.6 Virtual Switch Types. 47
9.7 Creating Virtual Switches Using the Virtual Switch Manager 48
9.8 Creating the First VM, pfSense. 52
9.9 Adding a New VM.. 52
9.10 Initial VM Settings. 60
9.11 Installing pfSense. 65
9.12 Final VM Settings. 70
9.13 Network Configuration. 73
9.14 webConfigurator - Initial Setup. 77
9.15 Making Checkpoints. 79
9.16 pfSense Summary. 81
9.17 What’s Next?. 82
9.18 Final Connectivity Checks and Troubleshooting. 82
9.20 Your Turn. 85
9.21 Kali Linux VM.. 86
9.22 SIEM VM.. 88
9.23 IPS VM.. 90
9.24 Metasploitable 2. 93
9.25 Port Mirroring and MAC spoofing. 98
9.26 Configuring the IPS VM as a Port Mirroring Destination. 100
9.27 Configuring the pfSense VM as a Port Mirroring Source. 101
9.28 Port Mirroring for the Remaining VMs. 102
9.29 Next Steps. 102
10 Setup - Oracle VirtualBox. 103
10.1 Installation. 103
10.2 Hypervisor Preferences. 103
10.3 Creating the first VM, pfSense. 106
10.4 Adding a New VM.. 107
10.5 Initial VM Settings. 113
10.6 Installing pfSense. 122
10.7 Final VM Settings. 123
10.8 Network Configuration. 126
10.9 webConfigurator - Initial Setup. 131
10.10 Take a Snapshot 134
10.11 pfSense Summary. 139
10.12 What’s Next?. 140
10.13 Final Connectivity Checks and Troubleshooting. 140
10.14 Your turn. 143
10.15 Kali Linux VM.. 144
10.16 SIEM VM.. 146
10.17 IPS VM.. 148
10.18 Promiscuous Mode. 151
10.19 Metasploitable 2. 152
10.20 Next Steps. 159
11 Setup - VMware Fusion Pro. 160
11.1 Installation. 160
11.2 Hypervisor Preferences. 160
11.3 Creating the First VM, pfSense. 165
11.4 Adding a New VM.. 166
11.5 Installing pfSense. 183
11.6 Final VM Settings. 186
11.7 Network Configuration. 187
11.8 webConfigurator - Initial Setup. 190
11.9 Take a Snapshot 194
pfSense Summary. 197
11.10 What’s Next?. 198
11.11 Final Connectivity Checks and Troubleshooting. 198
11.12 Your Turn. 201
11.13 Kali Linux VM.. 202
11.14 SIEM VM.. 204
11.15 IPS VM.. 206
11.16 Metasploitable 2. 209
11.17 Next Steps. 210
12 Setup - VMware Workstation Pro. 211
12.1 Installation. 211
12.2 Hypervisor Preferences. 212
12.3 Virtual Networks. 214
Creating the First VM, pfSense. 218
12.4 Adding a New VM.. 219
12.5 Installing pfSense. 232
12.6 Final VM Settings. 236
12.7 Network Configuration. 238
12.8 webConfigurator - Initial Setup. 241
12.9 Take a Snapshot 244
12.10 pfSense Summary. 246
12.11 What’s Next?. 247
12.12 Final Connectivity Checks and Troubleshooting. 247
12.13 Your Turn. 250
12.14 Kali Linux VM.. 251
12.15 SIEM VM.. 253
12.16 IPS VM.. 256
12.17 Metasploitable 2. 259
12.18 Next Steps. 261
13 Setup - VMware vSphere Hypervisor (ESXi) 262
13.1 Installation. 262
13.2 Accessing ESXi 265
13.3 Hypervisor Setup. 268
13.4 Licensing. 268
13.5 Networking and Virtual Switches. 268
13.6 Creating Virtual Switches. 269
13.7 Port Groups. 273
13.8 Adding Port Groups via the ESX Web Interface. 274
13.9 Resolving Some Web Interface Bugs. 275
13.10 VMware Flings. 275
13.11 What if I don’t want to use experimental software?. 281
13.12 Final Flight Check. 287
13.13 Creating the First VM, pfSense. 289
13.14 Adding a New VM.. 293
13.15 Installing pfSense. 301
13.16 Final VM Settings. 305
13.17 Network Configuration. 307
13.18 webConfigurator - Initial Setup. 311
13.19 Take a Snapshot 314
13.20 pfSense Summary. 316
13.21 What’s Next?. 317
13.22 Final Connectivity Checks and Troubleshooting. 317
13.23 Your Turn. 320
13.24 Kali Linux VM.. 321
13.25 SIEM VM.. 323
13.26 IPS VM.. 325
13.27 Metasploitable 2. 327
13.28 Next Steps. 336
14 pfSense Firewall Rules and Network Services Guide. 337
14.1 Firewall Rule Configuration - Hosted Hypervisors. 337
14.2 Firewall Rules for the Bridged Network. 337
14.3 Firewall Rules for the Management Network. 338
14.4 Firewall Rules for the IPS Network. 340
14.5 Firewall Rule Configuration - Bare-metal Hypervisors. 342
14.6 Firewall rules for the Bridged Network. 342
14.7 Firewall Rules for the Management Network. 343
14.8 Firewall Rules for the IPS Network. 344
14.9 Network Configuration - Core Network Services. 346
14.10 NTP.. 346
14.11 DHCP.. 348
14.12 DNS Resolver 350
14.13 Squid Proxy. 352
15 Defense in Depth for Windows Hosted Hypervisors. 355
15.1 Unbinding Network Protocols on Windows Virtual Adapters. 356
15.2 Using Windows Firewall to Limit Exposure of Windows Hypervisor Hosts. 361
16 Automated Patching for Linux Lab VMs. 370
16.1 updater.sh. 370
17 Remote Lab Management 372
17.1 Windows Remote Access. 372
17.2 Persistent Static Routes. 372
17.3 Windows SSH and SCP Software. 375
17.4 Generating an SSH key in Windows using PuTTYgen. 376
17.5 Using mRemoteNG - Connection Files. 386
17.6 Using mRemoteNG - PuTTY Saved Sessions. 391
17.7 Enabling Key-Based Authentication on Linux/Unix systems. 396
17.8 Key Copy Method 1: echo append to authorized_keys. 397
17.9 Key Copy Method 2: using vi. 398
17.10 Key Copy Method 3: SCP.. 400
17.11 Making sure it worked. 404
17.12 How to use Key-Based Authentication with WinSCP.. 405
17.13 Linux, BSD, and OS X Remote Access. 409
17.14 Static Routes in Linux and OS X.. 409
17.15 Adding Routes to Linux with the ip Command. 409
17.16 Adding Routes to OS X/BSD with the route command. 410
17.17 Making Static Routes Persistent 411
17.18 Linux and BSD Route Persistence via /etc/rc.local. 411
17.19 OS X Route Persistence with Hosted Hypervisors. 413
17.20 flightcheck.sh. 414
17.21 OS X route persistence for Bare-metal Hypervisors. 417
17.22 flightcheckBM.sh. 417
17.23 The ssh and scp terminal Applications. 419
17.24 iTerm2 and Terminator 420
17.25 Generating ssh keys using ssh-keygen. 422
17.26 The alias Command. 424
17.27 Enabling Key-Based Authentication in Unix/Linux Systems. 428
17.28 Key Copy Method 1: echo append to authorized_keys. 429
17.29 Key Copy Method 2: using vi. 432
17.30 Key Copy Method 3: SCP.. 435
17.31 Making Sure it worked. 437
17.32 Using key-based authentication with the SCP command. 440
17.33 How to Enable SSH on Kali Linux. 442
17.34 Enabling, and securing root SSH.. 448
17.35 Adding your SSH public key to root’s authorized_keys file. 449
17.36 Disabling password authentication entirely via sshd_config. 453
18 Network Design Factors When Working with bare-metal Hypervisors. 456
18.1 Prereqs. 458
18.2 Creating Static Routes. 459
18.3 Creating Firewall Rules. 460
18.4 Dealing with DHCP.. 464
18.5 Jump Boxing. 465
18.6 Using a Raspberry Pi as a Jump Box. 467
18.7 Installing the Raspbian Image to your Raspberry Pi 467
18.8 Configuring Raspbian. 473
18.9 Creating a Jump Box VM.. 478
18.10 Other Physical Jump Boxes. 484
18.11 Preparing Your Jump Box for Service. 485
18.12 Configuring Static DHCP Address Allocations. 485
18.13 Enabling Key-Based Authentication for your Jump Box. 486
18.14 Windows. 486
18.15 Linux/OS X/BSD.. 489
18.16 Adding Static Routes to your Jump Box. 491
18.17 Adding Firewall Rules and SSH tunnels to allow access to the VM lab networks. 492
18.18 I Can Still Access the pfSense webConfigurator with my Management Workstation 493
18.19 I Have Lost Access to the pfSense webConfigurator UI 495
18.20 TCP Forwarding and You. 499
18.21 Windows SSH Tunnels. 500
18.22 Linux/BSD/OS X SSH Tunnels. 507
18.23 Testing your Dynamic Tunnels with FoxyProxy. 510
18.24 Troubleshooting Dynamic Tunnels. 516
18.25 Testing Your Forward Tunnels. 520
18.26 Windows. 520
18.27 Linux/OS X/BSD.. 524
18.28 Understanding SSH Tunnels. 527
18.29 Closing Notes on Jump Boxing. 528
18.30 Key-Based Authentication: Managing SSH Keys for Tunneled Connections. 528
19 IPS Installation Guide. 530
19.1 Installing and configuring Snort (via Autosnort) 530
19.2 Installing and configuring Suricata (via Autosuricata) 536
19.3 Testing your IPS Bridge. 541
20 Splunk Installation Guide. 544
20.1 Initial Setup (Server Installation) 545
20.2 (Optional) Requesting and Implementing a Splunk Dev License. 556
20.3 Universal Forwarder Setup. 560
20.4 Splunk TA for Suricata. 563
20.5 Hurricane Labs Add-On for Unified2. 568
20.6 Starting The Forwarder + Persistence. 572
20.7 Testing Splunk and the Universal Forwarder 575
20.8 Generating The Test Battery. 576
20.9 Verifying Results with Snort 584
20.10 Verifying Results with Suricata. 587
21 In Your Own Image. 590
21.1 Visions of What Might Be. 590
21.2 Malware Analysis Lab. 591
21.3 Penetration Testing Lab. 594
21.4 IT/OPs Lab. 596
22 Summary. 598
22.1 What Have We Learned Today?. 598
23 Epilogue: We Need You (Now More than Ever) 600
About the Author
Tony Robinson is Security Engineer working for a midwestern MSSP. He has approximately 10 years of general experience in Systems Administration and Information Security roles, with his specialties being Network Security Monitoring, Threat Intelligence, and Malware Analysis
When he is not working, he can be found admiring good sushi, good mead, and fun video games.
The Leanpub 45-day 100% Happiness Guarantee
Within 45 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
See full terms...
