Building a home lab

GLaDOSGLaDOS Member Posts: 50 ■■□□□□□□□□
I'm trying to put together a home lab environment to start practicing with Kali Linux and some other security tools, as well as improve my networking and general tech knowledge. (Ultimately I'm trying to build additional skills to move myself out of desktop support and into a more security-focused role.)


I was thinking of getting one PC to run multiple VMs - at this time I'm thinking no more than 2-4 VMs at any one time. Basically I'm thinking I'd be running Kali Linux and one or two vulnerable distributions (i.e. Metasploitable, WebGoat, etc).

Right now, I'm looking between these two models on NewEgg and would appreciate any suggestions or thoughts.

ASUS Desktop PC M32AD-US025S Intel Core i5 4460 (3.2 GHz) 12 GB DDR3 2 TB HDD NVIDIA GeForce GT 740 4 GB Windows 8.1 64-bit - Newegg.com
Acer Desktop Computer Aspire T AT3-710-UR53 Intel Core i5 6th Gen 6400 (2.7 GHz) 16 GB DDR3 2 TB HDD Windows 10 Home - Newegg.com

I'm slightly leaning towards #1, only because of the better processor speed and I generally would pick Asus over Acer (that's just personal preference), even though it's 4GB less.

As always, I appreciate your time and feedback!
"Tahiti is not in Europe. I'm going to be sick."

Comments

  • DoubleNNsDoubleNNs Member Posts: 2,015 ■■■■■□□□□□
    I'm interested in what other people say as well. I'm trying to build a home lab this year too.
    Goals for 2018:
    Certs: RHCSA, LFCS: Ubuntu, CNCF CKA, CNCF CKAD | AWS Certified DevOps Engineer, AWS Solutions Architect Pro, AWS Certified Security Specialist, GCP Professional Cloud Architect
    Learn: Terraform, Kubernetes, Prometheus & Golang | Improve: Docker, Python Programming
    To-do | In Progress | Completed
  • alias454alias454 Member Posts: 648 ■■■■□□□□□□
    If it were me, I would go with an HP or Dell server from ebay, then install VMware on it
    HP DL380 G6 2X Xeon X5670 2 93GHz Hex Core 72GB 8x 146GB 2X 750W | eBay

    or a G7 with a little less storage for a hundred more
    HP DL380 G7 Server 2X X5670 2 93GHz 12 Core Total 24GB RAM 5X 72GB 3X 300GB SAS | eBay

    If a server chassis really isn't what you want then go with the acer since it has more ram and is cheaper overall.
    “I do not seek answers, but rather to understand the question.”
  • yoba222yoba222 Senior Member Member Posts: 1,237 ■■■■■■■■□□
    If you plan to do any gaming I'd skip choice 1, since that Geforce 740 is really underpowered. With choice 2 you'd using the built-in video and could add a video card later (and likely need to upgrade the power supply as well). RAM is cheap enough, but the 16GB in choice 2 would be a little better for VMs compared with 12GB.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • NetworkingStudentNetworkingStudent Member Posts: 1,407 ■■■■■■■■□□
    IR04 How To Build A Home Lab Timothy De Block
    https://youtu.be/ZECk8ulajG4

    Do you already have a desktop computer? if you do, what are the specs?
    When one door closes, another opens; but we often look so long and so regretfully upon the closed door that we do not see the one which has opened."

    --Alexander Graham Bell,
    American inventor
  • GLaDOSGLaDOS Member Posts: 50 ■■□□□□□□□□
    Thank you for all the feedback! I greatly appreciate it!

    alias454 wrote: »
    If it were me, I would go with an HP or Dell server from ebay, then install VMware on it
    HP DL380 G6 2X Xeon X5670 2 93GHz Hex Core 72GB 8x 146GB 2X 750W | eBay

    or a G7 with a little less storage for a hundred more
    HP DL380 G7 Server 2X X5670 2 93GHz 12 Core Total 24GB RAM 5X 72GB 3X 300GB SAS | eBay

    If a server chassis really isn't what you want then go with the acer since it has more ram and is cheaper overall.

    I thought a server might be a bit overkill just to run a few VMs to practice with some infosec tools?

    yoba222 wrote: »
    If you plan to do any gaming I'd skip choice 1, since that Geforce 740 is really underpowered. With choice 2 you'd using the built-in video and could add a video card later (and likely need to upgrade the power supply as well). RAM is cheap enough, but the 16GB in choice 2 would be a little better for VMs compared with 12GB.

    I wasn't too concerned with the graphics card, as I wasn't really planning on password-cracking now or in the future. I'm not sure if that was where you were going?

    IR04 How To Build A Home Lab Timothy De Block
    https://youtu.be/ZECk8ulajG4

    Do you already have a desktop computer? if you do, what are the specs?

    Thanks for the link! I only have an old Lenovo T450 with 4GB of RAM. I initially set up some VMs there but the performance was underwhelming...
    "Tahiti is not in Europe. I'm going to be sick."
  • DoubleNNsDoubleNNs Member Posts: 2,015 ■■■■■□□□□□
    GLaDOS wrote: »
    Thanks for the link! I only have an old Lenovo T450 with 4GB of RAM. I initially set up some VMs there but the performance was underwhelming...

    Do you have an SSD in your T450? If you do, the bottleneck might have been the low memory.
    Not to discourage you from buying a new lab computer, but your laptop maxes out at 16 GB of RAM, and the upgrade is fairly cheap..
    Goals for 2018:
    Certs: RHCSA, LFCS: Ubuntu, CNCF CKA, CNCF CKAD | AWS Certified DevOps Engineer, AWS Solutions Architect Pro, AWS Certified Security Specialist, GCP Professional Cloud Architect
    Learn: Terraform, Kubernetes, Prometheus & Golang | Improve: Docker, Python Programming
    To-do | In Progress | Completed
  • MitechniqMitechniq Member Posts: 286 ■■■■□□□□□□
    Currently, I do not have any recommendations for hardware but this semester I decided to use Ravello to develop a Security Lab for my students with the following Software/OS:

    Kali Linux
    PF Sense (Firewall)
    OpenDLP
    Nessus Home Edition (Vulnerability, Compliance, and Auditing)
    AlienVault OSSIM
    Darn Vulnerable Linux
    OWASP Bricks (SQL Injection)
    Security Onion
    Windows 2008r2 (PEView, Sysinternals, Dependency Walker, PEID) using Practical Malware Analysis Book
    Windows 7

    Some of my labs are based on NISGTC Security + Labs which are free if you sign up for it.
  • CSCOnoobCSCOnoob Member Posts: 120
    I'd say go for Intel NUC Skull Canyon and install ESXi on it.
  • tedjamestedjames Scruffy-looking nerfherdr Member Posts: 1,179 ■■■■■■■■□□
    A few months ago, I bought a refurbished HP Pavilion with an A10 processor on Woot.com for a little over $300. I just had to upgrade the RAM. Otherwise, it has served me well as an entry level lab machine.
  • OctalDumpOctalDump Member Posts: 1,722
    For virtualisation you want Virtualisation features in the CPU, lots of cores (and ideally hyperthreaded), and loads of RAM. SSDs are useful. More than one physical network port is useful to have, as well. Graphics and clockspeeds are not very important.

    If you have somewhere to rack gear and can deal with the noise, then 5500 or 5600 xeon based servers are good options. The Dell T610, R610, R710 are all currently on the hardware compatibility list for VMware 6. You can usually pick one or two up for under $1000.

    The E5500/E5600 based Mac Pros are also good. Some (2010 and 2012 models) are on the VMWare 6 hardware compatibility list. They are workstations, so much, much quieter.

    But rolling your own is a good option, too. Just make sure you know what you want to do with it, and what software you might require and what is definitely compatible.
    2017 Goals - Something Cisco, Something Linux, Agile PM
  • GLaDOSGLaDOS Member Posts: 50 ■■□□□□□□□□
    Went with the Acer PC. Thanks so much for all of your help!
    "Tahiti is not in Europe. I'm going to be sick."
  • reload@[email protected] Member Posts: 44 ■■□□□□□□□□
    It's probably too late but I would have still went with a server. I bought a PC before for the same reason, and I was able to use it for a while until I needed it for more than just a few VMs. I wish I went with a server to begin with. I bought an HP server recently with 64 gigs of ram. Cost me around $240 for everything. Loaded vSphere 6.0 on it, and I currently have 10 CSR1000vs, 10 IOS-XRvs, 8 vSRXs, 1 Windows Server 2012, and 1 CentOS VM. It may be overkill for what you need right now, but it will scale to your future needs.
  • blargoeblargoe Self-Described Huguenot NC, USAMember Posts: 4,174 ■■■■■■■■■□
    If you're wanting to learn Linux, Linux/security tools, and more about networking in general, why not run it in the cloud? Then you can also get some experience operating in a cloud environment such as AWS, and you won't be tied to an up-front investment in specialized hardware. Wouldn't work for every scenario (like a lab for learning vSphere for example), though.
    IT guy since 12/00

    Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
    Working on: RHCE/Ansible
    Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
  • ChinookChinook Member Posts: 206
    blargoe wrote: »
    If you're wanting to learn Linux, Linux/security tools, and more about networking in general, why not run it in the cloud? Then you can also get some experience operating in a cloud environment such as AWS, and you won't be tied to an up-front investment in specialized hardware. Wouldn't work for every scenario (like a lab for learning vSphere for example), though.

    You need explicit permission to do pen-testing on Amazon Cloud infrastructure. The information is in the link below. #DontLearnTheHardWay

    https://aws.amazon.com/security/penetration-testing/

    As for building a lab, don't waste your money buying a bunch of monster machines. At best, get a bare bones box that holds a lot of RAM, build some VM's and hit them.

    What would be better is getting a second internet connection, picking up some old cheap routers (SonicWALL, CISCO, Fortinet) and attempting to penetrate them, then breach the network behind it. Some of the courses you can take give you a lab environment to work with. I believe hackthissite offers something like that.
  • tedjamestedjames Scruffy-looking nerfherdr Member Posts: 1,179 ■■■■■■■■□□
    Chinook wrote: »
    You need explicit permission to do pen-testing on Amazon Cloud infrastructure. The information is in the link below. #DontLearnTheHardWay

    https://aws.amazon.com/security/penetration-testing/

    YES! It's legal to test your own home network, and it's legal to test your work network with permission from exec management. But it's highly illegal to test anyone else without written permission. You need that Get Out of Jail Free card. Otherwise, you risk jail time. Amazon has deep pockets and lots of lawyers.
  • BlackBeretBlackBeret Member Posts: 683 ■■■■■□□□□□
    For what you're wanting to do ANY modern computer can handle a few VM's. Keep in mind that the exploitable VM's you mentioned, like Metasploitable 2, Webgoat (I recommend OWASP BWA in place of this), do not require a lot of resources. The typical recommendations for VM's is 2 cores/VM. A 6 core processor has no issues handling the host and 2-3 lightweight VM's. RAM is cheap and easy for setup like this as well.

    To simplify it even more, install a single Kali VM on whatever computer you want, then sign up for a free account at CTF365 (https://ctf365.com). With the free account you wont get your own sever to defend or be able to play in the scored system, but you can attack a lot of various targets, including a metasploitable, some Webgoat similar targets, fake banks, etc.

    Now, if you want to build a full on lab your budget is the only limit. I built one, used it for a while for a lot of things, and it hasn't been powered on in a year because I find myself getting more and more granular. No need for a full lab to work on small details little by little. My recommendation if you do go for a full lab setup would be to check VMware for esxi supported hardware lists and try to find a used server with dual NIC's and a lot of RAM (or at least upgradeable). VMware isn't everywhere, but learning the basics will be useful in a lot of places. The network configurations alone on it can become interesting when you're doing a lot.
  • ITSpectreITSpectre Member Posts: 1,040 ■■■■□□□□□□
    BlackBeret wrote: »
    To simplify it even more, install a single Kali VM on whatever computer you want, then sign up for a free account at CTF365 (https://ctf365.com). With the free account you wont get your own sever to defend or be able to play in the scored system, but you can attack a lot of various targets, including a metasploitable, some Webgoat similar targets, fake banks, etc.

    Kudos for that find! I created a free account. I am going to play with it when I get home this evening (If my SO doesn't bug the heck outta me) icon_thumright.gif
    In the darkest hour, there is always a way out - Eve ME3 :cool:
    “The measure of an individual can be difficult to discern by actions alone.” – Thane Krios
  • CSCOnoobCSCOnoob Member Posts: 120
    It's amazing how many people would love to get used servers. You guys have space and tolerance for the loudness of those beasts? Call me crazy but I like my computers quiet. That being said, give me Supermicro based build and/or Intel NUC for vSphere.
  • OctalDumpOctalDump Member Posts: 1,722
    CSCOnoob wrote: »
    It's amazing how many people would love to get used servers. You guys have space and tolerance for the loudness of those beasts? Call me crazy but I like my computers quiet. That being said, give me Supermicro based build and/or Intel NUC for vSphere.

    It depends on what you want to do. If you want to replicate a server environment, because you want to understand servers and server hardware, then used servers are a reasonable choice. If you want something on the official VMware compatibility list, then it is mostly servers. If you need server features (hot swap redundant power supply, or rack mountable, or lights out management etc) then you might need a server.

    If you have a garage or basement or shed or spare room or whatever, then the noise issue can be not so big a deal.

    But if you are more interested in the hypervisor, OS and services, then you have much greater flexibility in what hardware you choose. It's perfectly feasible to run an ESXi lab good enough to lab for VCP-DCV on a beefy desktop. Same is true for MCSA Server 2012.

    Think about what your needs are, and are likely to be, and then get something that fits. Do your research before spending.
    2017 Goals - Something Cisco, Something Linux, Agile PM
Sign In or Register to comment.