Hi all, new to forums, not to Backtrack and wanted to share some experiments with running virtual labs for practice. I have tried a few. I'll list the el cheapo to some elite setups. All lab setups listed will use some sort of virtualization hypervisor/application as it saves tremendous amounts of time when "resetting" the labs or for tweaking the lab machines in any way.

Lab setup A: El Cheapo

Any machine that can run virtualbox (free). I used to use a Macbook pro I had, 8GB RAM, i7 processor.

IDS/Firewall = PFSENSE with Snort plugin, default snort rules (need to at least register with www.snort.org to obtain some constantly updated default rules), some well known ports open depending how you want to set up the lab. I like to have a DMZ to simulate a close to real enterprise environment.

FIREWALL = M0n0wall works well if you want to change it up and deploy a DMZ with PFSENSE and use M0n0wall for a different firewall guarding the "internal" network of your lab.

DMZ vulnerable machine = Any web vulnerable solution would work here. Pwn0s, de-ice.net, Metasploitable or Metasploitable 2, OWASP vulnerable web-app etc... OR create your own (insert Linux distro of choice here) web server with a vulnerable custom coded application and have it connect to a (insert Linux distro of choice here) database behind the internal Firewall.

The more physical memory you have on a system, the more you can put into this setup. There are a ton of great tutorials on how to set this up in Virtual Box with multiple virtual NICs, VLANs etc...

Attacker Machine: BT 5, R2, or R3, or if you still love BT4 go for it...


Lab setup B: A little more time consuming but can still be free for the most part. This is my current lab environment, or close to it as I'm not done setting it up.

computer hardware: Macbook pro (this is what I have available, will work with other hardware obviously), 16GB RAM, i7 processor (I think mine's 2.4Ghz.), i also replaced my optical drive with a second 1TB HDD (http://macsales.com for instructions and hardware)

VM Application: VmWare Fusion (not free), VirtualBox will work too
VM Hypervisor: ESXi 5.1 (free) running as a Guest in VMWare Fusion (or VirtualBox) - 8GB RAM and 4 cores dedicated to ESXi Guest 2 NICs; 1 for Management network, 1 for Host only network (or NAT if you need to update anything in the lab such as firewalls etc..)

FIREWALL/IDS: PFSENSE with 3 NICs. 1. for WAN (this will be connected to your physical NIC set in either host only mode or NAT (updates only)). 2nd NIC for LAN (no physical NIC, sole purpose is to connect other clients within ESXi), 3rd for DMZ if so desired (again, no physical NIC).
OPTION 1: WINDOWS - Requires subscription to Technet ($199/yr) for software license(s) but gives you a TON of different software types/versions to download. $199 is cheapest and does not include enterprise products (still, you can do quite a bit with what you are allowed to obtain).

Clients: Be creative! Set up a fully operational virtual Domain with Active Directory, DNS servers, an IIS web server serving several vulnerable web applications, a SQL server or a SQL server cluster, make it as real as possible with XP clients or windows 7 clients and by all means throw some linux distros in there with holes in them too.


OPTION 2: LINUX - same as above, deploy a full Linux enterprise type of network complete with a directory server, DNS servers, a web server, a DB server, along with some vulnerable clients. Be creative! And by all means Learn!

OPTION 3: LINUX & WINDOWS - deploy a full linux/windows mix complete with web servers (Apache and IIS), DB servers (SQL and MySQL), Active Directory that both windows clients and linux clients use for authentication, sysadmin type of client with sys admin set of tools (wireshark, Netcat, etc..). Go nuts! have fun! Learn!

I'm currently working through this set up myself. It does go a bit slower if you are still learning/have never set up some of the operating systems or features from an admin point of view but the learning you get from doing all of this is incredible.

LAB SETUP 3: THE (insert expensive sports car here)

Hardware: 2 identical servers connected to the same SAN capable of running ESXi 5.1, a Managed Network Switch, 2 or 3 Wireless Access points
VM Hypervisor: ESXi 5.1

FIREWALL/IDS: PFSENSE, 3 NICs (WAN, LAN, DMZ), don't forget snort!
FIREWALL 2: PFSENSE ( or M0n0wall)

Lab machines: Go nuts. windows servers, Linux servers, multiple network segments, again, the key here is to learn as much as possible, some of us are required to do remediation too! This is a great way to dig into that side of things too, OR the forensic side. I would also recommend downloading some vulnerable applications from www.exploit-db.com and putting those on random machines. Have your friends test their skills on your lab, have them deploy some machines and test you as well.

Obviously this isn't the cheap option but is a good option, in my opinion. To add to the challenge, you can then also use the wireless AP's for wireless testing as a vector into the network.

Post your thoughts and as I get Lab 2 set up completely, I'll share some of the vulnerable linux distros or vm's I create as time allows. I'm still setting up lab setup 2 and plan to use a mix of Windows and Linux until a time I can setup Lab setup 3 and introduce the wireless attacks into the mix.

Anyone else have a really sweet lab setup? I'm curious what others have done.