Building a Cyber Security Lab
The biggest fallback in my journey so far is having very limited hands-on experience. I worked in the financial industry in a tech support role for online banking applications before I joined the military so I have a few years of helpdesk/troubleshooting experience in a technical sector. But since starting my journey into the world of Cyber hands-on experience has been there but in a limited way.
CompTIA has some excellent labs built into its online training platform.
I have spent hours and hours on https://immersivelabs.online which I’ve enjoyed and learned so much. UK military personnel can get free access to this as well! Have a look on DLE or ping them an e-mail.
I was also lucky enough to get a place on the CTP (Career Transition Partnership) Net+/Sec+ course. Being sat in a lab and having hands-on access whilst having a tutor was a really valuable learning experience.
Having identified a lack of hands-on experience and via some advice from a session with a mentor from https://cybermentordojo.com/, I have recently set about building my first PC and setting up a home security lab.
To build the physical host PC I have shared the components I’ve used from Ebuyer below. I had some help from a good friend and fellow Vet in building this but I was surprised how easily and quickly we got it built and running. Some content from A+ must have stuck! To build the lab I’ve used VMware Workstation Pro. I had a play around with Virtual Box as well but found it easier to configure the boxes on VMware, especially when adding more than a handful of interfaces.
Before I go much further I have 100% followed a guide in building all this. I used a build guide from Day at CyberWox Academy:
His guides and videos were amazing to follow and to handrail from. Being such a kinaesthetic learner I felt so at home watching then doing myself. There were a couple of firewall rules I changed just to allow some web traffic on the domain controller but other than that this is how I’ve done my build.
Looking back, with what I’m doing now in writing some reflective pieces, I should have been writing after installing and configuring each VM instance. So I am going to make an effort to write as soon as I’ve completed one section of learning.
The Lab
I’ll not go into any great detail regarding the lab but rather just give a brief overview of the setup. If anybody needs any more information please follow the above link to cyberwoxacademy.com.
- The first box was created and the central point of the lab was a box with PFSense installed on it to act as the gateway and main firewall which can be configured via a web management page once initially installed and all the interfaces are configured.
- Secondly, Security Onion was installed on its own instance to act as the SIEM for the network, and a separate Ubuntu machine was installed to act as the management/analyst machine for Security Onion.
- A Kali box then as the attacker’s machine.
- Then I moved on to installing windows server 2019 to act as a domain controller for the victim network and two further windows 10 machines linked to the domain controller.
- The last box to be created was a Splunk server which has an Ubuntu GUI installed on it as well. This is used to visualize and analyse data sent via a forwarder from the domain controller.
Final Thoughts
I’ve learned so much from setting up this lab and wish I’d have been doing this since started Net+ or even Core2 of A+! My main takeaways have been configuring and setting some basic policies on the domain controller. It’s given me invaluable, be it basic, insight into how things like a SIEM are placed in a network and how tools like Splunk will collate data.
My biggest thing now is I am eager to start playing around with what I’ve created. I do, however, feel like this has opened more questions so to speak. I feel like to benefit from what I’ve put together I need to be looking at some courses or training in Splunk and Security Onion and doing some more learning around Active Directory. I am acutely aware though that I need to balance this around the fact I am starting a job in a week and I know they don’t use any of the platforms I’ve mentioned so I’m hesitant to start learning the ones I’ve installed knowing I have weeks of training to come anyway. I feel like for the moment I need to knuckle down, get my Sec+ exam booked, find my feet in my new role and then really dig into some learning geared towards the lab that I’ve built.
One of my biggest faults is I want to do everything now and jump down every rabbit warren. When in fact I need to write down my long-term goals and objectives of all I want to achieve and then write down my one or two short-term goals so I have them firmly established. I have this set in my head but a physical reminder, pinned above my monitor, might not go a miss. If only to stop me sitting here with a CompTIA tab, Immersive Labs tab, a Splunk user course in a tab, Code Academy tab and a tab for PortSwigger haha! One at a time old boy! Stop juggling too many tabs!!
Once again; thank you if you’ve taken the time to read. I’m not a writer it makes me sweaty under the collar. I went back to College aged 30 to retake my English GCSE and worked my butt off to get a decent pass. So please any advice on style, content, formatting or my horrid grammar and spelling please send me a message!
Till next time!
