Time for a home lab (network security) - suggestions

UnixGuy

So I think running Virtualbox on my laptop is not gonna be enough to study for my new goal. To make this post short and to the point, I want to build a home network to study the following topics:

1. Firewalls (Checkpoint), I need to pass the CCSA and potentially the CCSE but let's focus on the CCSA.

2. WireShark (or analysing network traffic in general). I need to analyse pcap files outside of work. I need to do it in a home network repeatedly until I'm comfortable enough.

3. Pentesting, with the possibility of CEH/CHFI in the near future, and maybe (who knows) OSCP.

4. Digital forensics (as a broad term), and this is next year, but I need my lab to be ready for at least some basic Network Forensics.




So what's the recommendation here? Should I buy a standalone server, and run VMware ESxi on it? Any idea how much the VMWare license would cost me?

Do you recommend I buy a switch/router?


I need a good lab, I need to use comfrotably for the next 3 years. I want to be competent enough to reach a point where I can do the SANS courses (classes and exams), and have real hands-on exposure. My background is servers/storage/backups so I'm new to networking, I need to step it up but the short term focus has to be CheckPoint firewalls.


Appreciate your help

ramrunner800

I'm not personally familiar with Checkpoint firewalls or their hardware requirements, but I do network security labbing with VirtualBox/VMWare Workstation on my regular desktop and laptop. Both are i7's w/ 4 physical cores and hyperthreading, and 16+ gigs of RAM. My coworker was able to run 14 VMS at one time on a laptop with those specs.

I run a Kali VM that I use for attacking, a Security Onion VM that monitors the network, and several vulnerable VM's that I got from VulnHub. You can also use things like GNS3 to introduce virtualized routers if you want to increase the level of complexity, or you can use a hardware router if that strikes your fancy.

As long as the firewalls don't require exotic hardware, the rest of your requirements can be met through modest consumer level hardware.

Chard26

Hi UnixGuy,

If you have a ISO of Checkpoint R75 or higher you can run this in a VM no problem. I have had 2 clusters of Checkpoint Firewalls running in VBox on a laptop with no issues.

If you have the resources to do all of your labbing on your machine i wouldn't pay out for a server.


Thanks
Chard

discount81

UnixGuy wrote: »

So what's the recommendation here? Should I buy a standalone server, and run VMware ESxi on it? Any idea how much the VMWare license would cost me?

Do you recommend I buy a switch/router?


I need a good lab, I need to use comfrotably for the next 3 years. I want to be competent enough to reach a point where I can do the SANS courses (classes and exams), and have real hands-on exposure. My background is servers/storage/backups so I'm new to networking, I need to step it up but the short term focus has to be CheckPoint firewalls.


Appreciate your help

VMWare ESXi is free, unless you plan on studying more complex virtualization topics and need other VMWare products, ESXi on a server will do everything you mentioned.

Do you need a L3 switch, probably not, but it'd help for wireshark.

Zoovash

You can run Checkpoint Gaia in VirtualBox without issues. I think the CBT Nuggets videos about Checkpoint covers the installation. For analyzing network traffic you can use Security Onion or SIFT Workstation from SANS, or both All these can then be integrated nicely with GNS3. For strictly network analyzing/forensics you can just download sample pcap files and work on them. You can find an impressive collection of such files on sites below:
Public PCAP files for download
https://wiki.wireshark.org/SampleCaptures
contagio: Collection of Pcap files from malware analysis

An i7 with 16/32GB RAM will probably serve all your lab needs for the next 5 years

Have fun !

UnixGuy

Great suggestions.

Well yes, I haven't thought of that, I can simply download pcap files and analyse them, so no need for switches, unless I want to become a network ninja, but I'm more interested in forensics/incident response than actual routing and switch, but I still need to step up my networking knowledge somehow, probably up to the CCNA level (for now).



So the verdict is, I can do with my laptop. I can get VMware workstation for free? so far I have VMplayer, that's the free I found on the website (I recently migrated my laptop from Linux to Winwdows after 12 yrs so I'm kinda out of touch of windows tools...)



@Chard: how did you manage to run a CheckPoint cluster on laptop? what about the license? checkpoint gives you 15 days free usage...

ramrunner800

VMWare Workstation is a paid product. I find for lab purposes that VBox is just as good and free. The main advantage of these two over VMWare Player is that Player lacks the ability to take snapshots of your VM's. I purchased my workstation license through school for $200ish, I'm not sure how much it retails for. I have to admit for my purposes VBox would have done just as well.

UnixGuy

Thanks Ram

VMware in Education

the student price in Australia is similar 165 AUD ~...not the cheapest but not too bad.

I used VBox a lot on Ubuntu, it was good but it wasn't great. It did the job but it wasn't rock solid stable. Probably lacked few features when it comes to networking....now that I'm Windows laptop users, i'd rather go for the near option VMware Workstation with full features I think. I wanna test proper networking and firewall stuff. Possibly proxy stuff too.

Deathmage

UnixGuy wrote: »

Thanks Ram

VMware in Education

the student price in Australia is similar 165 AUD ~...not the cheapest but not too bad.

I used VBox a lot on Ubuntu, it was good but it wasn't great. It did the job but it wasn't rock solid stable. Probably lacked few features when it comes to networking....now that I'm Windows laptop users, i'd rather go for the near option VMware Workstation with full features I think. I wanna test proper networking and firewall stuff. Possibly proxy stuff too.

VMUG offers a Enterprise-grade suite for a year for $200 USD.

UnixGuy

Deathmage wrote: »

VMUG offers a Enterprise-grade suite for a year for $200 USD.

Link please?

Chard26

Unixguy,

My laptop was core i7 with 8gb ram. Gave each firewall a core and half a gb of ram each. Granted there was hardly any traffic running though the firewalls as it was a lab but it did the trick. You can get 30-day eval licenses for all blades from Checkpoint if you create an account and user centre (for free of course)

Thanks
Chard

IIIMaster

I end buying the whole set up a server with 4 switches and routers as I would like to do some, virtualization, network traffic analyst and mapping. You may have luck using GNS3 but you need actual ios images and os image for the vbox. Also the switch functions will be basic. If you going to run the esxi I believe your laptop has to have at the LEAST dual core proc. Mine had a Celeron so I had a choice buy a new computer for like 500-600 or buy an actual lab $300. Took me some time bargain hunting but I got it. The server is about 5-6 years old but it can handle virtualization, dual quad core procs and it was a high end model for it's time. Its just noisy as heck so I will probably end up upgrading its fans to a more quiet efficient model.