SOC Home Lab -Part 1
Hey! Building a cybersecurity home lab has been a project close to my heart since the beginning of my learning journey. In this blog, I would be sharing my experience and guide you through setting up your own cybersecurity home lab. Creating this lab not only allowed me to refresh my networking and virtualization skills but also emphasized the importance of understanding your network to effectively secure and monitor for threats. It’s a project I’ve been eager to share, detailing step-by-step configurations for each system in the simulated home network.
If you are familiar with computer networking, virtualization and basics of operating systems you can easily follow with this blog and build your own lab.
Lab Environment:
- Having a network diagram helps while setting it up, to avoid confusion. Having a blueprint is indeed a good practice.
- Below is the network diagram I came up with when building up my home network.
3. Networks:
a. Target Lan ( 192.168.10.x/24):
→ This would include the Metasploitable and Ubuntu Desktop machines.
→ Also, One of the interface of the monitoring device running suricata will be in target lan and configured to run in promisc mode, this helps the interface to capture all the traffic in the target lan.
b. Security Lan ( 192.168.20.x/24):
→ All the machines for monitoring traffic and threats will have their interface in this subnet, I will have a Ubuntu Machine running suricata and splunk, with one interface in this subnet and other in the target-lan for monitoring.
c. Attacker Lan (192.168.30.x/24):
→ I have kept a kali machine connected to this lan which will simulate the attacks on to my target lan.
Installation:
I assume, you understood the lab environment. I have given the resources on how to install ubuntu and kali linux in virtualbox. I will be demonstrating on how to setup pfsense and splunk cloud.
- Virtualbox.
- Ubuntu Desktop.
- Kali Linux.
- Pfsense ( Just install the file , the configurations for this are described in the below sections).
5. Metasploitable.
Installation and configuring pfsense:
Create a new machine, I have named it Pfsense gateway.
- Ram:- 2 gb (recommended).
- CPU- 2 (recommended).
- Storage:- 20–25 (Default recommended).
LAN setup:
I have created 4 adapters on the machine running pfsense:
- Adapter 1 — NAT.
- Adapter 2 — Security Lan.
- Adapter 3 — Target Lan.
- Adapter 4 — Attacker Lan.
check the below screenshots:
Now start the machine and wait for the copyright section to appear:
Select Install → Auto UFS → BR DOS Partition → Finish → Commit and wait for it to install and then reboot. After rebooting if it prompts for the Copyright page again like above, change the boot order of the virtual machine.
Then start the machine again:
I have set the first adapter to NAT, hence the WAN interface is indeed em0 so enter em0 and then click [Enter].
Then you will be shown the below screen
Assigning Interfaces
Enter 1 → Should vlan be set up : y → Enter parent interface : [Click Enter] → then set the interface as below image → then proceed with “y”.
Adapter 1(NAT): — em0…(this will be facing the internet).
Adapter 2(Security-Lan):-vtnet0.
Adapter 3(Target-Lan):-vtnet1.
Adapter 4(Attacker Lan):- vtnet2.
Configuring IP addresses
em0 : Adapter 1 (NAT)
Enter 2 → Enter 1 (for wan interface) → DHCP (ipv4): “y” → DHCP(ipv6):”n” → [Enter]
vtnet0 : Adapter 2 (Security Lan)
Enter 2 → DHCP(v4):”n” → 192.168.20.1 → Subnet Mask : 24 → [ENTER] → DHCP(v6):”n” → [Enter] → Enable DHCP on LAN:”y” → Start:192.168.20.2 → End:192.168.20.254.
What the above configuration does is, it sets the ip 192.168.20.1 for the vtnet0 interface and subnet 24 (255.255.255.0) which is associated with the Adapter 1 which we named it as Security-Lan in the internal network section in beginning. Then we tell that this interface will act as dhcp through which our machines connected to this network will get the ip.
Since this is a /24 subnet it will consist of 254 usable address , one is used by the vtnet0 interface i.e 192.168.20.1 and remaining addresses will be leased by the connected machines later.
Repeat the above processes for:
vtnet1: Adapter 3(target-lan)
IPv4 addres: 192.168.10.1.
subnet:/24.
dhcp range:192.168.10.2–254.
vtnet2: Adapter 4 (attacker-lan)
IPv4 addres: 192.168.30.1
subnet:/24
dhcp range:192.168.30.2–254.
After setting up the ip addresses, the screen should display the interfaces with their ip address same as above.
Connect Machine to their respective LAN:
I hope you installed all the machines.
- Connecting Ubuntu to the Target-Lan:
After installation → Go to machine settings → Set Adapter to Internal Network and target-lan → Save and restart the machine.
To verify if the machine got its ip address from the pfsense dhcp run the below command:
ip addr
We can see that the interface got its ip as the configured network range for target-lan.
NOTE:- Incase you don’t see any ip address ,run “sudo dhclient [interface name]” from the terminal.
Similarly add the metasploitable machine to target lan and kali linux to attacker lan.
Configuring Ubuntu Server running suricata and splunk:
I have named it SOC ANALYST, set 1 adapter of the this machine to the security-lan and other in the target lan in promisc mode.
We need to keep the interface enp0s8 which has the ip 192.168.10.7 in promisc mode, run the below command :
sudo ip link set enp0s8 promisc on
Phew ! We are done with connecting the machines to the local network.
Summary:
- Ubuntu → Lan: Target , Ip:192.168.10.5 .
- Metasploitable → Lan:Target , Ip:192.168.10.6
- Kali Linux → Lan:Attacker , Ip:192.168.30.2
- SOC Analyst→ Lan:Security , Ip:192.168.20.5
- Pfsense Wan → Lan:NAT , Ip:10.0.2.15/24
- PFsense vtnet1 → Lan:Security , Ip:192.168.20.1
- Pfsense vtnet2 → Lan:Target , Ip:192.168.10.1
- Pfsense vtnet3 → Lan:Attacker, Ip:192.168.30.1
Next we have to give some of the machines the internet access by configuring firewall rules on pfsense and spin up suricata on the ubuntu machine in the security lan, check part 2 for this.
