cybersecurity homelab for dectection & monitoring

[linkstandalone]

Building a cyberscurity homelab for detection & monitoring

This homelab will help you apply concepets used in real-world large-scale/enterprise infrastructe

What is a homelab

A homelab is a place where you can safely do experiments without messing anything up

Content

network topology

Downloading & installing vmware workstation pro

VMware workstation pro

Configuring Pfsense

pfsense will be configured as a firewall to segment our private homelab network and will be only accessible from our Kali Linux VM

Click "Create a new Virtual Machine" on VMware Workstation homescreen

Make sure "Typical (recommened)" is selected and click Next.

network topology

click browser and navigate to the folder where your pfsense file is located.

Click Next.

iso

Rename your Virtual Machine. Preferably "pf-l1"

Click next

20GB disk size is sufficient for this VM

Ensure that the "Split virtual disk into multiple files" option is selected

Click next.

disk

Click "Customize Hardware".

Increase the memory to 2GB

Add 5 network adapters and corresponf them with VMnet interface as shown below. Then click finsh

network

The pfsense machine will power on and start with this screen. Accept all the defaults.Pfsense will configure and reboot. pfsense

Ones you are in the home screen of pfsense we will get start setting up network adapters.

Enter option 1

Should VLANS be set up now [y:n]?:n

enter em0, em1, em2, em3, em4 & em5 respectively for each consecutive question

Do you want to proceed [y:n]?:y

em em2

Enter option 2 We'll start with the LAN interface (2) The ip address 192.168.1.1 is going to be used to access the pfsense WebGUI via the Kali Machine use the configuration below for the LAN interface.

opt1

Use the configuration below for the OPT1 interface.

opt1-1

Use the configuration below for the OPT2 interface

opt2

Leave the OPT3 interface without an IP as it is going to have the span port with traffic that Security Onion will be monitoring. Use the configuration for the OPT4 interface.

opt4

Configuring Security Onion

This will be the all-in-one IDS,Security Monitoring, and Log Management solution Download the Security Onion ISO file from here

Select Typical installation and click next.

Installer disc image file, SO ISO file path and Click Next.

On the next screen chose Linux, CentOS 7 64-Bit and click Next.

Name the VM l1-sec and click next.

minimum 200GB but if you can use 400GB

Then click "Customize Hardware" and do the following

~Change memory to 4-32GB

~ Add two Network Adapters and assign them Vmnet4 & Vmnet5 respectively.

sec

power on the virtual machine and click enter when prompted

After the intial stages of loading, type "yes" when prompted

sec1

~Set a username & password

After Security Onion reboots, we will finsh up the install.

Enter the Username & password.

Select "Yes"

sec2.png

Select the EVAL option

sec3.png

Type "AGREE"

sec4

Select "Standard" sec5

Set a homename

Click the spacebar to select ens33 as the managment interface

sec6

Set the addressing to DHCP.

sec7

Select "YES" at the next prompt

Select "OK" at the next prompt.

Select "Direct" for the next prompt.

Select "ens35" as the monitor Interface.

sec8

Select "Automatic" for the OS patch schedule.

Accept the default home network IP.

Accept all the defaults.

Enter an email address and password for the admin account.

Select "IP"

sec9.png

Select "Yes" for the NTP server & accept the defaults

Take note of your final settings before proceeding! if possiable take a screenshot

Most important detail is the IP address for web access

Select "YES"

SecOnionMgmt/Analyst Machine

After installing Security Onion, having access to the web interface will be done from an external Ubuntu Desktop simulating a SOC/Security Analyst accessing a SIEM or any other tool from their device.

In order to this, you’ll first have to configure an Ubuntu Desktop. This is a very easy process and I’ll not be covering it in this write-up but it is covered in the video. Be sure to use all the default settings for the Ubuntu Desktop configuration.

Download Ubuntu Desktop Install Ubuntu Desktop

After this installation, run the ifconfig command on the Ubuntu Machine and take note of its IP Address.

Go back to your SO instance and run the following command

	
		sudo so-allow
	

Enter your password

type a and wait for the process to complete

Type in the IP addrss of your Ubuntu desktop

Navigate to the SO IP on your ubuntu desktop

Configuring Kali Linux

Kali Linux will be used as a attcker machine

Download the Kali Linux ISO

before power on on the VM, change the Network Adapter to Vmnet2 and set the memory to 4GB, then power it on

go throught the install

Pfsense interfaces and Rules

We will use the Kali VM to setup pfsense

Navigate to the web browser and search for 192.168.1.1

The default creds are "admin" & "pfsense"

You'll be greeted with a "Wizard/pfsense setup/" page.

Set the DNS server as 8.8.8.8 and 4.4.4.4

Then chose your timezone

At step 4 of 9, untick the last two options.

at step 6 of 9, set a new admin password.

Set up Interface

Click on interface

select LAN

For "Description", Change LAN to KALI as this is the Kali Interface

Scroll all the way down and Click Save

Then do this for the rest of the interfaces as show below

pfsense

For OPT3 be sure to Enable interfacce.

Back at Interfaces assigment select bridges

Click add

pfsense1

Select VictimNetwork as the Member Interface

pfsense3

Then select Display Advanced

Under Advanced Configuration for Span Port, select "SPANPORT"

Scroll all the way down and Click Save

pfsense3

Click Firewall >> Rules

pfsense4

Select the add button with arrow pointed downward

~Under "edit firewall rule" for Protocol select ANY

~ Scroll all the down and click save

This is most of what we need to do in pfsense

Configing Windows server as a domain controller

You can follow The Cyber Mentor guide to set up Active Directory and Windows 10 VM. We just need to set up the network stuff.

The Cyber Mentor's youtube guide server1

Navigate to Control Panel > Network and Internet > Network Connections

server19

Windows 10 host networking

Naviage to Network Adapter settings

Right-click on Ethernet0 and select properties

Select IPv4 and set the ip address 192.168.2.21, use 192.168.2.1 as the default gateway, and use 192.168.2.10 as the DNS server.