6

I'm a new member making my first post here. I had a very quick, and admittedly basic, question. I'm setting up an info sec lab for the first time at home. I'm trying to build some more technical skills with things like Kali linux, pfsense, etc to help me transition from help desk/desktop support to a security analyst (or similar) role.

Just wanted to see if it was reasonably safe to put my host OS on my home wifi network? My understanding of VMs is that I can network them directly to each other and not expose them to the Internet. If that is the case, is it still necessary to put the host OS on its own network as well, or am I safe to leave it on the home network?

I was trying to see if my router (Verizon Actiontec) would allow for VLANs, but as far as I can tell, that is not the case. From what I've read so far, if I wanted to segregate my lab PC from my home wifi network, I'd need to purchase a second router. But if that's not necessary, and its safe to leave the host OS on my home network, I'll do so.

I very appreciate your time and feedback on this question and helping me to better understand. Thank you!

MK_09
  • 61
  • 2
  • For many starting-level things (for eg., running Metasploitable OS in a VM and using Kali in another VM to take some shots at it) using pVMs on a machine that sits on your home network should be just fine. Now, if/when you start turning to things like practicing pen test attacks against remote hosts accross the Internet (for instance), that's a very different story. In any case, the most vital thing to be very mindful about is not exposing any services (for eg., a listener/handler) on any machines that are on your home network to arbitrary inbound traffic from the Internet. – mostlyinformed Sep 24 '16 at 09:06

4 Answers4

1

It sounds like you are trying to setup something of a cyber-range for learning. If this is the case you simply need to understand what risks are and are not being added to your network. Are you trying to make these systems available to the Internet as a whole ? If so, then you are adding very different risks than if they can only be accessed internally.

Likewise are you using this to test malware or play with botnets ? Systems for experimenting with these will have entirely different risks.

In any of these situations you are increasing the level of risk to your other home systems but if you are just setting up a cyber-range that cannot be accessed from the Internet it seems like it may be a reasonable risk for the amount of experience you will gain.

Your question doesn't have enough detail for anyone to really help you evaluate the risks but I think this also makes for a great learning experience for you too. What do you think of the risks and how would you learn to evaluate them. Evaluating risks is a big part of helping organizations with their security so maybe this is a great time to consider all aspects of what risks you are changing in your home network and also think about other things you can do to mitigate those risks. Maybe consider increasing the security of the other devices, backing up more often, and setup some type of network monitoring if you can. Again it depends on what your concerns are.

As a side note many security professionals do have two or more networks at home for this type thing and there are a lot of ways to do it. Likewise VM's can be very useful for creating cyber-ranges and cloud computing resources can be a helpful inexpensive solution for many types of tests (especially something like Amazon AWS where you can use a resource for just a few hours as needed).

My suggestion is if you're not dealing with malware or anything explicitly malicious go ahead and dive in. Some of the mistakes you will make will provide your best learning experiences and the faster you make those mistakes the quicker you'll learn their lessons.

Trey Blalock
  • 14,099
  • 6
  • 43
  • 49
  • I appreciate the feedback and apologies for the lack of detail! That is correct, I'm just trying to get some experience with a range of common security tools and procedures to help build my resume. I don't plan to do any type of malware analysis yet (and would certainly want a 2nd network if I did.) I appreciate your advise to take this question as a learning opportunity, and I think you're right. My gut was that having the host OS on the same network was safe, as I was just practicing with security tools in VMs, but wanted to see if there was something I may be overlooking. – MK_09 Jun 25 '16 at 19:40
0

It ultimately depends on your threat model and what exactly you will be doing, but I see no problem having the host machine on your home network, especially if the VMs are on their own, isolated network. Even then, unless you are releasing malware into this network, I can't imagine the existence your test environment would pose much of a threat to your home network.

You may even want to provide some internet access to the environment for installing/updating packages and such.

multithr3at3d
  • 12,355
  • 3
  • 29
  • 42
  • Thanks korockingout13! I appreciate the feedback! I don't plan on doing any type of malware testing/analysis...yet. I'm more just trying to get exposure to different security tools and platforms as a resume builder (and because playing with security tools is more fun than just reading about them in a book!) – MK_09 Jun 25 '16 at 19:32
  • Complementary to Trey and korockinout13's suggestion, avoid setting up shared folders kind of things between the VM and the host machines, and disable clipboard or avoid copying files between the VM and the host machines. I am sure this will be a good learning experience overall. – yetdot Aug 24 '16 at 21:02
0

Its easy buddy. Get yourself a new standalone PC that you aren't using for anything else (craigslist comes highly recommended).

From there, get software that will run your virtual machines, e.g. qemu, virtualbox, VMWare Player, etc.

For your attacking machine, Kali Linux comes highly recommended. For the VM to attack, you should download preloaded VM images such as DVWA, anything from Vulnhub, etc.

grepNstepN
  • 610
  • 4
  • 15
0

I've got the same situation. I'm currently running Window 7 as my main OS. So what i did is that i installed Windows 2012 R2 trial on another HDD - low RAM usage, free Hyper-V etc.

Then i created my "SecLab" how i call it in Hyper-V.

I am running 5 VMs in Hyper-V:

  1. Kali Linux
  2. Windows 7(Trial)
  3. Windows 8.1(Trial)
  4. Windows 2012 R2(Trial)
  5. Windows 2008 R2(Trial)

It is really important to hook them to virtual switch(virtual network where VMs can communicate with each other but not really outside the network - only VM with VM. Nothing else outside this network) to prevent possible damage.

Now you've got OSes to try your hacks on and pretty much secure lab.

TL;DR You've got your second OS(Win 2012) which has connection to internet and so, and is running 5 VMs which are encapsulated within its own network. Everything is safe and the only damage is possible on VMs.

ShinobiUltra
  • 782
  • 7
  • 16