How to Build Your Own Homelab for Cyber Security Testing

 Section I: Introduction

The convenient way for cyber security researcher is to build a home lab to conduct all the necessary testing. There are number of reasons why a student or cybersecurity researcher may want to hone his/her skills using this method.

  • Stay out of legal problems
  • Maintain isolated development environment
    • During the testing some techniques may cause damaging results which lead to breaking the computing machine (Hardware).
    • During the testing, if the researcher is using a tool that involve malware, it could spread to the other Internet-connected environment.

“Virtual Machine is a software equivalent of a physical computer…” – VMware, Inc.

Audience & Scope

The intended audience for this paper is security professionals and students who are leaning into sharpening their cyber security skills. It is recommended that you have basic foundation of networking terminology, computers, cybersecurity concepts and formidable research skills.

 

Other than that, everything will be lay out here to guide you on your journey to create, build your own home lab for security testing & development.

 

Due to the complexity of building Homelab, this paper goal is to provide the most simple and easy to follow instruction. Similarly, this paper addresses the problem “What if I cannot afford to buy multiple components such as computer?”

 

Moreover, throughout this paper I will be using the term “Homelab” which refers to the home computer to facilitate research and testing.

 

What is Homelab?

Homelab is a small-scale environment that is designed to simulate different components of a network. Most commonly known Homelab are run through a virtualize box called virtualization. Similarly, virtualization can be done through local host or cloud-based, however, for simplicity’s sake we will only cover local-host virtualization.

 

There are variety of VirtualBox available nowadays and each may have different feature from one another. We will go in-depth about virtualization capabilities later in the Installation section of this paper.

 

As of this writing the list of operating system can go on and on and if we narrow our list to category such as desktop, the top-most commonly use are:

 

  • Apple’s Mac OS with over 15 versions
  • Microsoft Windows with over 23 versions plus server version
  • Linux with more than 1,000 distro.

 

 

Now, seeing just the Operating Systems (OS) of the Linux Distribution, you may think that possessing them all may require you to spend 24 hours of your time. You’re right! Why? Like your daily operating system (the one you use for work, school or home), the operating system that you use for testing also require an updated version for security and feature enhancement reason.

 

This is why proper maintenance is highly encouraged to all security professionals. It not only keeps your computer safe from virus, but it also protects other connected machine to the network. This is the advantage of building your own home lab. It doesn’t need countless machines that you have to keep your eye on.

What you Need?

As stated earlier, we will be covering the simplistic way to create your own Homelab, keep in mind though that as you progress, the number of components to be added will also grow. The following requirements as follow:

  • Hardware
    • Virtualization server, Computer, router, UPS, wireless adapter (optional)
  • Software
    • Virtualization software (VirtualBox, VMware and Parallels and many more)
  • Maintenance

 

 

So, in a nutshell It all depends on the available resources that your host machine can handle such as the amount of memory allocated to each virtual machine. Also, there has been continuously dialogue on how much a host machine really needs. So, I will only use what works for me and incorporate some ideology shared by some cyber security professional online.

 

Hardware

To conduct your security testing, you need two things, the attacker and the victim. They can be either on the same computer or through virtualization. Chances are, if you are student and studying online you already have the computer (laptop or desktop).

 

There are various factors that could affect in deciding about the requirement of the hardware such as:

  • The number of operating system you are planning to use
  • The application you are planning to run
  • The anticipated workload

 

Hardware in technology context refers to the physical elements that make up a computer such as monitor, CPU, hard drive, and memory.

 

Keep in mind that I will only provide some of the important components in a hardware, but technically speaking, a computer hardware is consisting of more than 20 components which is out of the scope of this paper.

 

However, it is important to discuss the main components that do all the heavy lifting when start working with virtual machine.

 

System Requirements

For high performance it is recommended that your host machine have:

  • CPU
    • 4 cores, for basic testing
    • 8 cores, for running multiple virtual

  • RAM
    • 4GB minimum
    • 8GB for running multiple virtual machine (recommended for good speed)

 

The image is owned by the author of this paper

Storage – this is the main data storage device where the operating systems, software titles and other majority of files are stored. Some users may use external hard drives which look almost most the same as the components that came when you purchase a computer or laptop.

  • Processor
    • Intel or
    • AMD
  • Hard Disk
    • IDE,
    • SATA
    • SCCI
  • Optical CD-ROM and DVD

 

In addition, it is highly recommended to use uninterruptible power supply (UPS) to avoid distraction cause by power outage.

Note: Some computers, especially laptops, are using solid-state drive (SSD) instead of hard disk drive. While they are both designed to do the same job, SSD performs better and faster than traditional HDD.

 

Software

To emulate a complete computer system, it requires to have Software such as:

  • VMware
  • VMware Fusion
  • VirtualBox (Oracle)
  • VMware ESXi
  • Nutanix Hyperconverged infrastructure
  • vSphere etc
Software varies from system software, application software to operating system

I personally test VMware Workstation, Fusion, Parallel, and VirtualBox and base on my personal experience these platform varies, and it depends on the user’s preference to which one she or he end up using, however, I recommend not to lock yourself in one VirtualBox.

Maintenance

There is nothing more frustrating than starting your virtual machine and it takes forever to boot, or even when you get in it is super slow. You can fix that problem by:

 

In addition, security is vital to ensure that you protect the environment you are working. The following practice may give you a few head start on how to properly maintain your virtual machine to enhance your productivity

 

  • Creating two different types of virtual disks
  • Installing the Virtual Machine’s Software Tools
  • Exclude the Virtual Machine’s Directories in the Antivirus
  • Allocate more memory
  • Allocate more CPU
  • Put your Virtual machines on a solid-state drive
  • Suspend instead of shutting down
  • Update to the latest version

 

While virtual machines have a solid dependable stability, proper maintenance must be part of each user’s best practices and cleanup.

 

Section II: How to Set Up Homelab?

Installation

This paper will utilize two of the most used virtual machines nowadays, VirtualBox by Oracle and VMware (as of this writing, the current version is 12).

 

Installing VMware Fusion

To install VMware Fusion:

  1. Navigate to https://www.vmware.com/nl/products/fusion/fusion-evaluation.html
  2. Choose which package you wish to install
    1. Fusion 12 Player, or
    2. Fusion 12 Pro
      An image of application that a user will choose when downloading a Fusion application

       

  3. Click the Download Link and save the application to your preferred directory.
    VMware Fusion 12.x Pro is ready to be download in a Mac OS computer

     

  4. on the VMware-Fusion-12.0.0-16880131.dmg (your file name may look different, which depends on when you download the application)
    DMG file downloaded from the website with 612 MB

    DMG file extension is an Apple Disk Image file

  5. Double-click the Install VMware Fusion icon to start the installation Assistant and follow the instruction.
  6. Save the file or application to your desired folder or directory (Please note that due to storage capability, I have mine save in an External Hard Drive).

    Saving the downloaded file to a directory or folder that a user can easily remember is a good practice
  7. Double click the icon where the file is saved.
    A Fusion in a DMG file that requires a user to double-click to start the installation procedure

    DMG files are intended for Mac which support compression, file spanning and encryption

  8. Click Next.
  9. Click Open.
  10. This may vary, based on your security settings.
    This may vary depends on the security setting a user may have, but this serves as a reminder. Just click on “Show Web Page”

     

  11. The next step may differ, but if you are asked to type your password, type it in the Password: box and click OK.

    A user need to input his/her password in order to proceed with the installation procedure.
  12. If there’s available update, you will be informed by a box that indicates an update is available.
    A new update is ready.

     

  13. In case you choose to update while installing the application, a box will pop up to remind you to Shut Down or Suspend any activity in order for the updates to take effect.
    Should a user opt to the new update; this box includes a reminder to shut down or suspend the user’s virtual machines currently running.

     

  14. Once the installation is complete, a box will appear as shown on the image.

    An option to install an image.

Note:

College students, if you are eligible, you can obtain a product key through your University. This is important in order to enjoy the benefit of the virtual machine. However, there is also free trial version.

ISO is an archive file that contains an identical copy or image of data

Installing Oracle VirtualBox in MacOS

As stated earlier, VirtualBox dominated the virtual world, not because it’s an open source but most cybersecurity professional “just” preferred it than the other. I personally like it than others that I have license to use during to its good visualization.

 

The installation of VirtualBox is similar to VMware therefore, you can refer to the walk through above.

 

  1. Navigate to https://www.virtualbox.org/
  2. Click on Downloads and choose the operating system that you like to use (Windows, OS X, Linux distributions, Solaris hosts or Solaris 11 IPS hosts)
  3. Save the .dmg file to your preferred locations (ex: download folder)
  4. Navigate to the folder where you save the .dmg file and double-click
  5. Open the pkg
  6. Click Continue
  7. Again, click Continue
  8. Click on Install
  9. Enter your Mac password once prompted to do so
  10. Installation is successful is you see an image similar to the screenshot below.
A box will show that the installation is completed.

Section III: Running a Test

 

Now you have virtual machine running, it’s time to put it on test. Let’s say for example you want to try Windows 10 as a guest.  So, to install windows, you need .iso image or disc image.

 

  1. Navigate to microsoft.com
  2. Read the “Before you begin” to ensure you have the needed requirements.
  3. Select edition.
  4. Then Confirmed.
  5. Open your newly installed virtual machine. For this tutorial I will be using VMware Fusion.
  6. On a box Install from disc or image you can either drag your ISO or image file. Alternatively, you can double-click inside the box.
  7. You will be prompt to enter your credentials such as:
    Installation of Windows 10 in Mac OS ask a user to prove your credentials such as name and password including the product key.
    1. Account name
    2. Password
    3. Windows Product Key
    4. Choose your Windows version
  8. Click Finish.
    An image of a complete virtual machine installation showing a windows 10 x 64 and other information is provided.

     

  9. The Set-Up Wizard will take it from here. Once the installation is done you need to click Now you have working Windows in a Linux or Mac computer or desktop.

 

Summary

This paper is divided into three sections.

 

Section 1 focuses on introducing tools as well as provided what they are designed for. I could think of it as refresher as well as it highlights some important concept of virtualization.

 

Section 2 introduce the installation of the tools to create a Homelab as well as give you some alternative.

 

Section 3 provide a quick instruction on how to effectively install your guest operating system.

 

Hopefully, this paper helps you get a good grip on where to start in building your own Homelab.