Building Virtual Machine Labs: A Hands-on Guide (Second Edition)
Free!
Minimum price
$30.00
Suggested price

Building Virtual Machine Labs: A Hands-on Guide (Second Edition)

Learn everything there is to know about building and maintaining your own home or workplace virtual lab environment on the most popular hypervisors today in this new and improved second edition release!

About the Book

Most Information Technology professionals agree that virtualization is vital, as it provides a safe and malleable work environment with which to learn and experiment. The only downside is that virtualization can be extremely daunting to learn, and even harder to set up with strong security controls. There is a plethora of knowledge on how to build home labs, but it can be difficult to find. The premise of this book is to provide students a hands-on, go-to resource for building a secure, customizable lab environment.

Within this text, readers will choose one of five hypervisors for building their baseline lab environment, and will be guided through performing all of the necessary setup tasks. This allows students to become more familiar with virtualization technologies, gain mastery over their chosen hypervisor, and design a safe and secure virtual lab environment for further endeavors.

The second edition of this work covers new technologies, and adds an additional 400 pages of guidance and extra content over the first edition.

About the Author

Tony Robinson
Tony Robinson

Tony Robinson is Security Engineer working for a midwestern MSSP. He has approximately 10 years of general experience in Systems Administration and Information Security roles, with his specialties being Network Security Monitoring, Threat Intelligence, and Malware Analysis

When he is not working, he can be found admiring good sushi, good mead, and fun video games.

Table of Contents

Foreword: Once More unto the breach… 17

Chapter 1 Patch Notes 19

Chapter 1: If you build it… 20

1.1 Who is this book for? 20

1.2 Getting the Most out of this Book 20

1.3 Notation 21

1.4 A Note About Software Versions, and The Three Rules of IT Disciplines 21

1.5 Software Recommendations 22

1.5.1 Windows Software Recommendations 24

1.5.2 MacOS Software Recommendations 24

1.5.3 Linux Software Recommendations 25

1.5.4 Operating System Installation Images 26

1.5.5 Register accounts on these websites 26

1.6 Linux users, MacOS users and the which command 27

1.7 Linux Users and Kernel Headers 28

1.7.1 How to Acquire Kernel Headers for Ubuntu/Debian-based Distributions 29

1.7.2 How to Acquire Kernel Headers for Redhat Enterprise/CentOS-based Distributions 30

1.8 Using Compression Tools 33

1.8.1 7-Zip on Windows 33

1.8.2 Finder on MacOS 34

1.8.3 zip/unzip and gzip/gunzip on Linux (and MacOS) 34

Chapter 2 Patch Notes 36

Chapter 2: Recommended Skills and Knowledge 37

2.1 TCP/IP Networking 37

2.2 Navigating Operating Systems, and their Installation Procedures 38

2.3 Recommended Training Resources 38

Chapter 3 Patch Notes 40

Chapter 3: Virtual Machines and Hypervisors 40

3.1 What is Virtualization? 40

3.2 What is a Hypervisor? 41

3.2.1 Hosted Hypervisors 41

3.2.2 Bare-metal Hypervisors 42

Chapter 4 Patch Notes 44

Chapter 4 – Introduction to Virtual Networks: Hosted vs. Bare-metal Hypervisor Networking 44

4.1 Hosted Hypervisor Networking – Host-Only, Bridged, and NAT Network segments 44

4.1.1 Bridged Networking 45

4.1.2 NAT Networking (and Port Forwarding) 46

4.1.3 Host-Only Networking 48

4.1.3.4 Virtual Network Adapters 48

4.2 Bare-metal Hypervisors and Virtual Switches 50

Chapter 5 Patch Notes 51

Chapter 5: Hardware 51

5.1 RAM 51

5.2 Disk I/O 52

5.2.1 Hard Disk Drives 53

5.2.2 Solid-state drives 53

5.2.3 RAID arrays 53

5.3 CPU Cores and Features 54

5.4 Virtualization Extensions (AMD-V, Intel VT-x) 54

5.5 Performance as a Vicious Feedback Loop 56

Chapter 6 Patch Notes 57

Chapter 6: Virtual Lab Design and Overview 57

6.1 Lab Network Description – Virtual Machines 59

6.1.1 pfSense 59

6.1.2 SIEM 59

6.1.3 IPS 60

6.1.3.1 AFPACKET bridging, and Fail-Closed Networking 60

6.1.4 Kali 61

6.1.5 Metasploitable 2 62

6.2 Lab Network Description – Network Segments 63

6.2.1 Bridged (Physical) Network 63

6.2.2 Management Network 63

6.2.3 IPS 1 and IPS 2 Networks 63

6.3 Resource Allocations, and Hardware Requirements 64

Chapter 7 Patch Notes 67

Chapter 7: The Importance of a Password Manager 67

7.1 Benefits of Password Managers 67

7.2 Weaknesses of Password Managers 68

7.3 Mitigating the Weaknesses 68

7.4 Creating a Password Database File with KeePassXC 70

7.5 Creating Password Database Entries with KeePassXC 76

Chapter 8 Patch Notes: 79

Chapter 8: Time to Choose Your Destiny 80

8.1 Hypervisor Choices 80

8.2 Hypervisor Guide – Chapter Outline 82

Chapter 9 Patch Notes 84

Chapter 9: Client Hyper-V 86

9.1 Prerequisites 86

9.1.2 msinfo32 87

9.2 Installing Client Hyper-V 91

9.3 Customizing Client Hyper-V 92

9.3.1 Hyper-V Settings 92

9.3.2 Virtual Switch Manager 96

9.3.3 Configuring the Host-Only Network Interface (Management Virtual Switch) 100

9.4 Building the First VM, pfSense 102

9.4.1 VM Creation 102

9.4.2 pfSense Virtual Machine Settings (Part 1) 109

9.4.3 First Boot and OS Installation 112

9.4.4 pfSense Virtual Machine Settings (Part 2) 117

9.4.5 pfSense Command-Line and initial interface configuration 120

9.4.5.1 The Assign Interfaces Wizard 120

9.4.5.2 Setting IP Addresses for WAN, LAN, and OPT1 124

9.4.6 Testing Internet Connectivity using Shell commands 131

9.4.7 Finish setting up pfSense 134

9.5 Create the Remaining Virtual Machines 135

9.5.1 Virtual Machine Creation and Tuning – SIEM, IPS and Kali 135

9.5.2 Operating System Installation 141

9.5.2.1 Installing Ubuntu on the SIEM VM 141

9.5.2.2 Additional Virtual Machine Settings – SIEM VM 149

9.5.2.3 Booting the SIEM VM for the first time 149

9.5.2.4 Installing Ubuntu on the IPS VM 154

9.5.2.5 Additional Virtual Machine Settings – IPS VM 158

9.5.2.6 Booting the IPS VM for the first time 159

9.5.2.7 Installing Kali Linux on the kali VM 161

9.5.2.8 Additional Virtual Machine Settings – kali VM 173

9.5.2.9 Booting the kali VM for the first time 173

9.5.3 Metasploitable 2 177

9.5.3.1 Converting the Metasploitable.vmdk to VHDX 179

9.5.3.2 Creating the Metasploitable 2 VM 182

9.5.3.3 Adjusting Metasploitable 2 VM settings 184

9.5.3.4 Booting Metasploitable 2 186

9.6 Checkpoints 189

9.6.1 How to Create a Checkpoint 189

9.6.2 Restoring a Checkpoint 192

9.6.3 Create checkpoints for the SIEM, IPS, Kali and Metasploitable 2 virtual machines 193

9.7 Chapter Review 194

Chapter 10 Patch Notes 195

Chapter 10: VirtualBox 196

10.1 Windows Installation Guide 197

10.2 MacOS Installation Guide 199

10.3 Linux Installation Guide 203

10.4 Customizing VirtualBox 208

10.5 Configuring the Host-Only Virtual Network Adapter 210

10.5.1 Setting the Host-Only Adapter's IP Address 212

10.5.1.1 Windows and ncpa.cpl 212

10.5.1.2 MacOS and ifconfig 214

10.5.1.3 Linux and ip addr 214

10.6 Building the first Virtual Machine, pfSense 216

10.6.1 VM Creation 216

10.6.2 pfSense Virtual Machine Settings (Part 1) 219

10.6.2.1 Virtual Machine Network Settings 224

10.6.3 First Boot and OS Installation 227

10.6.4 Virtual Machine Settings (Part 2) 231

10.6.5.1 The Assign Interfaces Wizard 234

10.6.5.2 Setting IP Addresses for WAN, LAN, and OPT1 238

10.6.6 Testing Internet Connectivity using Shell commands 245

10.6.7 Finish setting up pfSense 248

10.7 Create the Remaining Virtual Machines 249

10.7.1 Virtual Machine Creation and Tuning – SIEM, IPS and Kali 249

10.7.2 Operating System Installation 255

10.7.2.1 Installing Ubuntu on the SIEM VM 255

10.7.2.2 Additional Virtual Machine Settings – SIEM VM 263

10.7.2.3 Booting the SIEM VM for the first time 265

10.7.2.4 Installing Ubuntu on the IPS VM 270

10.7.2.5 Additional Virtual Machine Settings – IPS VM 274

10.7.2.6 Booting the IPS VM for the first time 275

10.7.2.7 Installing Kali Linux on the kali VM 277

10.7.2.8 Additional Virtual Machine Settings – kali VM 285

10.7.2.9 Booting the kali VM for the first time 286

10.7.3 Metasploitable 2 289

10.7.3.1 Importing Metasploitable 2 291

10.7.3.2 Adjusting Metasploitable 2 VM settings 294

10.7.3.3 Booting Metasploitable 2 297

10.8 Snapshots 299

10.8.1 How to Take a VM Snapshot 299

10.8.2 Restoring a Snapshot 300

10.8.3 Snapshot the SIEM, IPS, Kali and Metasploitable 2 virtual machines. 301

10.9 Chapter Review 302

Chapter 11 – Disclaimer for "M1" macs and macOS "Big Sur" 303

Chapter 11 Patch Notes 304

Chapter 11: VMware Fusion Pro 306

11.1 Installation 306

11.1.1 Permissions Dive 310

11.2 Virtual Network Editor 314

11.3 Configuring the vmnet2 Host Virtual Adapter 317

11.4 Building the first Virtual Machine, pfSense 318

11.4.1 VM Creation 318

11.4.2 Customizing the pfSense VM 322

11.4.3 First Boot and OS Installation 332

11.4.4 Virtual Machine Settings 336

11.4.5 pfSense Command-Line and initial interface configuration 337

11.4.5.1 The Assign Interfaces Wizard 337

11.4.5.2 Setting IP Addresses for WAN, LAN, and OPT1 341

11.4.6 Testing Internet Connectivity using Shell commands 348

11.4.7 Finish setting up pfSense 351

11.5 Create the Remaining Virtual Machines 352

11.5.1 Virtual Machine Creation and Tuning – SIEM, IPS and Kali 352

11.5.2 Creating Static DHCP Allocations for the SIEM, IPS and Kali VMs 357

11.5.3 Operating System Installation 358

11.5.3.1 Installing Ubuntu on the SIEM VM 358

11.5.3.2 Additional Virtual Machine Settings – SIEM VM 366

11.5.3.3 Booting the SIEM VM for the first time 366

11.5.3.4 Installing Ubuntu on the IPS VM 371

11.5.3.5 Additional Virtual Machine Settings – IPS VM 375

11.5.3.6 Booting the IPS VM for the first time 376

11.5.3.7 Installing Kali Linux on the kali VM 378

11.5.3.8 Additional Virtual Machine Settings – kali VM 386

11.5.3.9 Booting the kali VM for the first time 386

11.5.4 Metasploitable 2 390

11.5.4.1 Registering the Metasploitable 2 VM 390

11.5.4.2 Edit Metasploitable 2 Virtual Machine Settings 393

11.5.4.3 Metasploitable 2 Test Run 395

11.6 Snapshots 399

11.6.1 How to Create a Snapshot 399

11.6.2 Restoring a Snapshot 400

11.6.3 Create snapshots for the SIEM, IPS, Kali and Metasploitable 2 virtual machines 402

11.7 Chapter Review 403

Chapter 12 Patch Notes 404

Chapter 12: VMware Workstation Pro 405

12.1 Installation 405

12.1.1 Windows Installation Guide 406

12.1.2 Linux Installation Guide 409

12.2 Customizing VMware Workstation 413

12.3 Virtual Network Editor 416

12.4 Configuring the VMnet1 Host Virtual Adapter 423

12.4.1 Configure the VMnet1 Host Virtual Adapter on Windows 423

12.4.2 Configuring the vmnet1 Host Virtual Adapter on Linux 425

12.5 Building the first Virtual Machine, pfSense 426

12.5.1 VM Creation 427

12.5.2 First Boot and OS Installation 437

12.5.3 Virtual Machine Settings 441

12.5.4 pfSense Command-Line and initial interface configuration 442

12.5.4.1 The Assign Interfaces Wizard 442

12.5.4.2 Setting IP Addresses for WAN, LAN, and OPT1 446

12.5.5 Testing Internet Connectivity using Shell commands 453

12.5.6 Finish setting up pfSense 456

12.6 Create the Remaining Virtual Machines 457

12.6.1 Virtual Machine Creation and Tuning – SIEM, IPS and Kali 457

12.6.2 Creating Static DHCP Allocations for the SIEM, IPS and Kali VMs 462

12.6.3 Operating System Installation 464

12.6.3.1 Installing Ubuntu on the SIEM VM 464

12.6.3.2 Additional Virtual Machine Settings – SIEM VM 472

12.6.3.3 Booting the SIEM VM for the first time 472

12.6.3.4 Installing Ubuntu on the IPS VM 477

12.6.3.5 Additional Virtual Machine Settings – IPS VM 481

12.6.3.6 Booting the IPS VM for the first time 482

12.6.3.7 Installing Kali Linux on the kali VM 484

12.6.3.8 Additional Virtual Machine Settings – kali VM 492

12.6.3.9 Booting the kali VM for the first time 492

12.6.4 Metasploitable 2 496

12.6.4.1 Registering the Metasploitable 2 VM 496

12.6.4.1 Upgrading the Metasploitable 2 VM 501

12.6.4.2 Edit Metasploitable 2 Virtual Machine Settings 503

12.6.4.3 Metasploitable 2 Test Run 505

12.7 Snapshots 507

12.7.1 How to Create a Snapshot 507

12.7.2 Restoring a Snapshot 509

12.7.3 Create snapshots for the SIEM, IPS, Kali and Metasploitable 2 virtual machines 511

12.8 Chapter Review 512

Chapter 13 Patch Notes 513

Chapter 13: ESXi 515

13.1 Prerequisites 515

13.1.1 Installation Requirements 516

13.1.2 Hardware Compatibility 520

13.2 Installing ESXi 525

13.2.1 Acquiring the installation ISO 525

13.2.2 Downloading and Installing UNetbootin 528

13.2.2.1 Installing UNetbootin on Windows 529

13.2.2.2 Installing UNetbootin on MacOS 529

13.2.2.3 Installing UNetbootin on Linux 532

13.2.3 Using UNetbootin to create a bootable installer USB drive 536

13.3: Installing ESXi 539

13.4: Accessing the ESXi Web Interface 543

13.4.1: Configuring a Static DHCP Mapping for the ESXi Management Interface 543

13.4.2: Connecting to the ESXi Web Interface 548

13.5: Configuring ESXi 550

13.5.1 Assigning a License 552

13.5.2 Virtual Switches and Port Groups 553

13.5.3: Datastores 561

13.5.3.1: Staging 567

13.6 Building the first Virtual Machine, pfSense 569

13.6.1 VM Creation 569

13.6.2 First Boot and OS Installation 575

13.6.3 pfSense Virtual Machine Settings 579

13.6.3.1 Static IP Address/DHCP Reservation for the Bridged/WAN MAC Address 582

13.6.4 pfSense Command-Line and initial interface configuration 583

13.6.4.1 The Assign Interfaces Wizard 583

13.6.4.2 Setting IP Addresses for WAN, LAN, and OPT1 587

13.6.5 Testing Internet Connectivity using Shell commands 594

13.6.5.1 One Last Detail (enableallowallWAN) 597

13.7 Create the Remaining Virtual Machines 599

13.7.1 Virtual Machine Creation and Tuning – SIEM, IPS and Kali 599

13.7.2 Operating System Installation 603

13.7.2.1 Installing Ubuntu on the SIEM VM 603

13.7.2.2 Additional Virtual Machine Settings – SIEM VM 611

13.7.2.3 Booting the SIEM VM for the first time 611

13.7.2.4 Installing Ubuntu on the IPS VM 616

13.7.2.5 Additional Virtual Machine Settings – IPS VM 620

13.7.2.6 Booting the IPS VM for the first time 621

13.7.2.7 Installing Kali Linux on the kali VM 623

13.7.2.8 Additional Virtual Machine Settings – kali VM 631

13.7.2.9 Booting the kali VM for the first time 631

13.7.3 Metasploitable 2 635

13.7.3.1 Acquiring the vCenter Converter Application 635

13.7.3.2 Converting and Uploading Metasploitable 2 638

13.7.3.3 Additional Adjustments 642

13.7.3.4 Uploading and Converting the Metasploitable VM without vCenter Converter Standalone 643

13.7.3.5 Final touches 647

13.7.3.6 Metasploitable 2 Test Run 655

13.8 Snapshots 658

13.8.1 How to Create a Snapshot 658

13.8.2 Restoring a Snapshot 659

13.8.3 Create snapshots for the SIEM, IPS, Kali and Metasploitable 2 virtual machines 661

13.9 Chapter Review 663

Chapter 14 Patch Notes 664

Chapter 14: pfSense Firewall Policy and Network Services 664

14.1 The webConfigurator, and pfSense Setup Wizard 665

14.2 Checking for System Updates 671

14.3 Enabling Network Services 675

14.3.1 DNS Forwarding 675

14.3.2 NTP 682

14.3.3 Squid HTTP Proxy 685

14.3.4 DHCP 688

14.3.4.1 How to Create a Static DHCP Mapping 690

14.4 Firewall Policy 693

14.4.1 Firewall basics – Stateful Firewalls, Rule Order, and Implicit Deny Any 693

14.4.2 Firewall Aliases 696

14.4.3 Creating Firewall Rules 698

14.4.4 Firewall Rule Policy – Hosted Hypervisors 702

14.4.4.1 – WAN Interface 702

14.4.4.2 – LAN Interface 703

14.4.4.3 OPT1 Interface 705

14.4.4.4 Removing the Default Anti-Lockout Rule 708

14.4.5 Firewall Rule Policy – Bare-metal Hypervisors 711

14.4.5.1 WAN Interface 711

14.4.5.2 LAN Interface 713

14.4.5.3 OPT1 Interface 714

14.4.5.4 Removing the Default Anti-Lockout Rule 717

14.4.5.5 Removing the allow all pfSsh.php firewall rule 719

14.5 Chapter Review 724

Chapter 15 Patch Notes 725

Chapter 15: Routing and Remote Access for Hosted Hypervisors 727

15.1 Routing Tables and Static Routes 727

15.1.1 Persistent Static Routes on Windows 732

15.1.2 Static routes on Linux 733

15.1.3 Static Routes on MacOS 734

15.1.3.1 flightcheck-Linux and flightcheck-OSX 735

15.1.4 Enabling SSH access on Kali Linux 742

15.2 Remote Access for Windows Hypervisor Hosts 743

15.2.1 mRemoteNG 743

15.2.2 Creating Connection Profiles 745

15.2.3 Enabling Key-Based Authentication 750

15.2.3.1 Generating Public and Private SSH keys using PuTTYgen 750

15.2.3.2 Copying the SSH public key to lab VMs 760

15.2.3.3 Reconfiguring mRemoteNG to Use SSH keys 775

15.3 Remote Access for Linux/MacOS Hypervisor Hosts 784

15.3.1 The ssh command 784

15.3.2 Connection profiles and ~/.ssh/config 788

15.3.3 Enabling Key-Based Authentication 798

15.3.3.1 ssh-keygen 798

15.3.3.2 Copying the SSH public key to lab VMs 799

15.3.3.3 Testing Key-Based Authentication 808

15.4 Troubleshooting SSH Connectivity and Key-Based Authentication 809

15.5 (Optional Content) Remote Access Enhancements 813

15.5.1 Enabling SSH Access as the root User 813

15.5.1.1 Testing root SSH for Linux/MacOS Hypervisor Hosts 816

15.5.1.2 Testing root SSH for Windows Hypervisor Hosts 819

15.5.1.3 Remember, This isn't Strictly Necessary 821

15.5.2 Disabling password authentication over SSH 821

15.5.2.1 Backing Up (and Restoring) the /etc/ssh/sshd_config file 821

15.5.2.2 Modifying the PasswordAuthentication, ChallengeResponseAuthentication, and AuthenticationMethods directives 823

15.5.2.3 Verifying Password Authentication over SSH is disabled 826

15.6 Chapter Review 831

Chapter 16 Patch Notes 833

Chapter 16: Routing and Remote Access for Bare-metal Hypervisors 835

16.1 A Brief Review: Bare-metal Hypervisors vs. Hosted Hypervisors 835

16.1.1 Lab Network Design on Hosted Hypervisors 836

16.1.2 Lab Network Design on Bare-Metal Hypervisors 836

16.2 Introduction to Bastion Hosts 837

16.3 Creating A Bastion Host 839

16.3.1 Creating a Bastion Host Virtual Machine on VMware ESXi 840

16.3.2 Creating a Raspberry Pi Bastion Host 850

16.3.2.1 Prerequisites 850

16.3.2.2 Raspberry Pi Imager 853

16.3.2.2.1 RPI Imager Installation Instructions: Windows 853

16.3.2.2.2 RPI Imager Installation Instructions: MacOS 855

16.3.2.2.3 RPI Imager Installation Instructions: Ubuntu Desktop 20.04 856

16.3.2.3 Installing Raspbian using Raspberry Pi Imager 857

16.3.2.4 Booting the Raspberry Pi and Configuring Raspbian 861

16.3.3 Configuring Static Routes on the Bastion Host 867

16.3.3.1 Persistent Static Routes on Ubuntu, using netplan 867

16.3.3.2 Persistent Static Routes on Raspbian, using dhcpcd 873

16.3.4 Configuring the pfSense Firewall 878

16.4 SSH, SSH Tunnels, and You 882

16.4.1 SSH Tunneling Explained 882

16.4.1.1 Forward Tunnels, Illustrated 883

16.4.1.2 Reverse Tunnels, Illustrated 884

16.4.1.3 Dynamic Tunnels, Illustrated 886

16.4.2 Enabling the SSH service on the Kali Linux VM 888

16.5 Establishing SSH Connectivity to the Bastion Host and Lab VMs (Windows) 889

16.5.1 Connecting to the Bastion Host with mRemoteNG 889

16.5.2 Enabling SSH Tunneling via PuTTY Session 891

16.5.3 Connecting to the SIEM, IPS and Kali VMs using Forward Tunnels 896

16.5.4 Generating SSH Keys for Key-Based Authentication (Optional) 898

16.5.5 Copying The authorized_keys File to the Bastion Host, and Lab VMs 903

16.5.5.1: Method 1 – WinSCP 903

16.5.5.2: Method 2 – Copy, Paste, echo, and file redirection 907

16.5.5.3: Method 3 – Copy and Paste, using vi 908

16.5.6: Creating and Modifying PuTTY Sessions to Enable Key-Based Authentication 910

16.5.7: Reconfiguring Connection Profiles, and Testing Key-Based Authentication 914

16.6 Establishing SSH Connectivity to the Bastion Host and Lab VMs (Linux/MacOS) 919

16.6.1 The ssh command 919

16.6.2 Enabling and Testing SSH tunnels 920

16.6.3 Creating SSH connection profiles via ~/.ssh/config 925

16.6.4 Generating SSH Keys for Key-Based Authentication (Optional) 932

16.6.5 Copying The authorized_keys File to the Bastion Host, and Lab VMs 933

16.6.5.1 Method 1: ssh-copy-id 933

16.6.5.2 Method 2: scp 936

16.6.5.3 Method 3: Copy, Paste, and Output Redirection 938

16.6.6 Testing Key-Based Authentication 940

16.7 Troubleshooting SSH connectivity and Key-Based Authentication 942

16.8 Using the Bastion Host as a Web Proxy, using Dynamic Tunnels and FoxyProxy 946

16.8.1 Installation Instructions 946

16.8.2 Configuration Instructions 949

16.8.3 Adding a new proxy, enabling the proxy, and testing connectivity 951

16.9 (Optional Content) Remote Access Enhancements 959

16.9.1 Enabling SSH Access as the root User 959

16.9.1.1 Testing root SSH for Linux/MacOS Users 960

16.9.1.2 Testing root SSH for Windows Hypervisor Hosts 966

16.9.1.3 Remember, This isn't Strictly Necessary 969

16.9.2 Disabling password authentication over SSH 969

16.9.2.1 Backing Up (and Restoring) the /etc/ssh/sshd_config file 969

16.9.2.2 Modifying the PasswordAuthentication, ChallengeResponseAuthentication, and AuthenticationMethods directives 970

16.9.2.3 Verifying Password Authentication over SSH is disabled 973

16.10 Chapter Review 977

Chapter 17 Patch Notes 979

Chapter 17: Network Intrusion Detection 980

17.1 Making a Choice 981

17.2 Installing Snort3 (via Autosnort3) 982

17.2.1 Confirming Autosnort3 success 986

17.3 Installing Suricata (via Autosuricata) 988

17.3.1 Confirming Autosuricata success 990

17.4 Troubleshooting Snort and Suricata problems 992

17.5 Chapter Review 994

Chapter 18 Patch Notes 995

Chapter 18: Setting up Splunk 996

18.1 Installing Splunk on the SIEM VM 996

18.1.1 Downloading Splunk Enterprise 996

18.1.2 Installing and Configuring Splunk (Part 1) 1000

18.1.3 Installing and Configuring Splunk Enterprise (Part 2) 1002

18.1.3.1 Enabling SSL on Splunk Web 1002

18.1.3.2 Configuring a Receiver 1005

18.1.3.3 Switching to Splunk Free Licensing 1007

18.2 Installing and Configuring the Universal Forwarder on the IPS VM 1016

18.2.1 Downloading and Installing the Universal Forwarder package for the IPS VM 1016

18.2.2 Installing the Suricata TA 1020

18.2.3 Installing the Snort3 JSON Alerts App 1024

18.2.3.1 Installing Snort3 JSON Alerts on the SIEM VM 1024

18.2.3.2 Installing Snort 3 JSON Alerts on the IPS VM 1026

18.3 Restarting the Splunk Forwarder, and Testing Functionality 1029

18.4 Troubleshooting Recommendations 1032

18.5 Chapter Review 1035

Chapter 19 Patch Notes 1036

Chapter 19: End of the Beginning 1037

19.1 Chapter Review 1037

19.2 Remodeling and Expansion 1039

19.2.3 Outfitting a Malware Analysis Lab 1040

19.2.4 Outfitting an Offensive Security/Penetration testing lab 1044

19.2.5 Outfitting an Ops-Centric lab 1047

19.3 Final Words 1052

Chapter 20 Patch Notes 1053

Chapter 20: Extra Credit 1054

20.1 Hardening Hypervisor Security 1055

20.2 Update automation with the updater script 1073

20.3 Setting up ntpd on Linux lab VMs 1080

The Leanpub 60 Day 100% Happiness Guarantee

Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.

You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!

So, there's no reason not to click the Add to Cart button, is there?

See full terms...

Earn $8 on a $10 Purchase, and $16 on a $20 Purchase

We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.

(Yes, some authors have already earned much more than that on Leanpub.)

In fact, authors have earnedover $13 millionwriting, publishing and selling on Leanpub.

Learn more about writing on Leanpub

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!

Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.

Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.

Learn more about writing on Leanpub