Choosing appropriate components

Under this topic, we are going to decide which lab components can fulfill the tasks determined in the previous topic.

As it is not always easy to get enough budget and hardware to build a penetration testing lab in an enterprise environment and even harder to do it at home, we are going to use virtualization and free software as much as possible in this book. That decision influences the next topics significantly, because it sets additional requirements for a lab.

Virtualization has also another significant advantage—flexibility to quickly modify the lab environment content according to current tasks by simply turning virtual hosts on and off.

For a virtual lab, you will need a computer powerful enough to run three to four virtual machines at the same time. We would recommend having at least four cores CPU and 8 GB of RAM. Additionally, you will need at least 150 GB of free space on a hard drive. Of course, if you have a bigger hard drive and if it is an SSD drive, your lab will work much better.

If you are going to build the lab on hardware network devices, it is better to have a couple of computers (probably less powerful, than the one described in the previous paragraph) to connect them to various switch ports and run VMs in different VLANs at the same time. But you will need them for a limited number of lab tasks only. If you have an opportunity to deploy a hardware virtualization platform based on a hypervisor such as ESXi or Xen with enough resources to run five to six virtual machines at once, it would be even better.

Network devices

As a basis for every network environment, we are going to start by choosing network devices for our lab. There are several options depending on an amount of budget that you are ready to spend on a lab and we will provide manuals for two of them:

• Option 1 (0 budget): Installing and configuring virtual network devices
• Option 2 (budget 50-55 € or above): Buying and configuring old Cisco devices

Note

You can always find old and relatively cheap network devices at your local advertisement boards and online shops such as eBay or Amazon. We recommend you to check shops and delivery options available in your country and city to assess price options and make the best choice from the options mentioned above.

For example, our three Cisco devices cost us 15€ each on eBay.

In the next chapter, we are going to implement both the options so you can choose which one is more suitable for you. Of course, each of the options has its own advantages and disadvantages.

The main advantage of using hardware devices is getting very good performance, but the disadvantages are obvious: usually you need to pay for them, they are pretty noisy and they consume additional electricity.

The advantage of virtual network devices is their price and flexibility, but you can experience a lack of performance.

In our examples, we will use an old Cisco 1700 Series router and a Cisco 2900 Series switch for a hardware option (see the following image) and GNS3 as a free solution for virtual network devices.

The Cisco switch and router

Tip

Alternatively, you can use virtual network devices from the company Brocade, but they are not free and we have not tried them.

We will also employ two Wi-Fi access points: a simple and cheap SOHO Wi-Fi router for a guest WLAN, Internet connection, and a Cisco AIR-AP521G-E-K9 access point for a trusted WLAN. You can see what it looks like at the following image:

The Cisco switch and router

Tip

As an alternative to a simple SOHO Wi-Fi router, you can get a Wi-Fi router that supports open-source firmware images such as OpenWRT or DD-WRT. It will allow you to extend Wi-Fi security capabilities and play with a greater number of wireless attack types. For example, some Linksys routers support it.

If your budget permits, you can buy newer devices and a separated network firewall with an IPS module to provide higher security for our internal lab network, but we will not cover these topics in this book.

Server and workstation components

Servers and workstations are actually the end-attack points in almost every scenario, because they perform most of network communications, generate and process data and network traffic, and store information and server users. In other words, enterprise networks are being hacked mainly because of them.

Therefore, we should pay enough attention to planning the most important lab part as it will determine what we will actually be able to practice in a lab environment.

Our lab will consist of about a dozen hosts, but to simulate real-world conditions, we need a centralized administrative system to manage user accounts and hosts as one of the most important lab components. Solutions usually used for such purposes are based on directory services serving via a client-server interconnection model based on Lightweight Directory Access Protocol (LDAP). In our case, we are going to implement Microsoft Active Directory solution for such a centralized infrastructure management imitation.

Other lab components will serve certain application and representation-level tasks and we want to provide our readers with a certain level of flexibility during the lab building process in order to be able to customize the lab environment according to your own tasks and requirements.

A very comfortable and fast way to plan such customization is to create a self-explanatory table that will allow us to quickly define the correspondence between lab components and the certain tasks they allow us to fulfill:

In the following chapters, we will create virtual machines with certain parameters for the chosen lab components depending on their expected functionality.