Assuming that you have configured your router and built your Windows and Linux systems, it is time to put everything together. You have probably been
hooking things in on the fly as you went through the prior steps. So now it is time to tidy everything up and document it. Figure 1-3 should resemble your new lab network.
At this point, you need to follow a structured process to get everything connected together and hooked up. Here is a reasonable course to follow:
1. Shut everything down.
2. Find a good home for those pieces of equipment on your desk, work-bench, shelves, or what have you.
3. Get AC power where you need it. Consider getting a backup UPS.
4. Remember to think about where new things will go in the future. It is best to have an arrangement where you can easily get to the front and the back of your equipment.
5. Run your network and power cables neatly. Don’t go overboard here.
Concern yourself with the functionality of the cable routing — cosmetics are secondary.
6. Power everything back up, starting with the router.
7. Determine the IP addresses of your systems and ping back and forth to ensure connectivity.
8. Test you ability to get off your network, through your router, and even-tually to the Internet.
9. Resolve any problems that occur along the way.
Windows 192.168.123.11
Linux 192.168.123.10 Router Hub
192.168.123.254
Existing Net
Figure 1-3 Network configuration.
A few recommendations are in order. Dynamic Host Configuration Protocol (DHCP) is a great way to get things up and going quickly. And it makes it easy to add and subtract devices on the network. But some of your systems deserve static IP addresses because you always expect them to be there; in fact, you depend upon them being there. So if you haven’t done so already, then this is a good time to set static addresses for your Windows and Linux machines. A sample range was provided earlier in the chapter. Finally, update your documentation. As you continue to build your career in IT security, you will find the ability to document and notate actions and recommendations invaluable. Let’s now look at adding on additional items to our lab.
Adding On
You will inevitably add a variety of things to your network. Some additions are easy to accomplish, whereas others require quite a bit of planning. And the payback associated with these additions varies, too. Let’s consider the things that might be added and look at what will give you the greatest return or
‘‘bang for the buck.’’
First, if you have multiple monitors, keyboards, and mice, especially if the monitors are CRTs, you need a KVM switch. IOGEAR makes a great two-port USB PLUS KVM switch with built-in KVM cables and audio support for less than $70. You can check it out athttp://iogear.com/main.php?loc=
product&Item=GCS632U. This is a huge space saver and very convenient while experimenting. While we are on the subject of a single monitor, you may be able to go with an LCD. It has reached a point that LCDs are likely to be less expensive. Plus, the size, the power consumption, the whole equation favors using LCDs instead. If you opted for a switch initially, go get a hub, too. If you decided to go with a hub, add a decent switch that does VLANs and port mirroring to your toolbox.
Next on the list is some wireless gear. A wireless access point is a simple and economical addition. 802.11 g is probably the most sensible choice, in part due to the fact that it is new enough to include the newer encryption alternatives such as Wi-Fi Protected Access (WPA) and WPA2, not just plain old Wired Equivalent Privacy (WEP). Network-attached storage (NAS) is also relatively inexpensive. These days you can find 500GB for a couple of hundred dollars.
As you download things off the Internet and have to install them on various machines over the life of your network, NAS is a really handy place to keep that stuff.
If this seems beyond your budget, at least consider a removable hard drive.
These devices always seem to come in handy. Also, think about removable FireWire and USB hard drives. If you have some old hard drives lying around, you can look on the Internet or visit the local computer store to find external enclosures for them. These can typically be found for less than $50. This is a
handy way to save data off-system that might come in handy later. Also, the ever-versatile thumb drives, or flash drives, are also extremely useful. These devices have to a large degree replaced floppy disks and CDs for fast storage and retrieval.
Firewalls are a tough call. As a security professional, it is imperative that you have a sense of what firewalls are and what they do. The kind of firewall sold for the consumer market will give you a decent idea of firewall capabilities.
But you can mistakenly get the idea that real firewalls care about which web sites your kids are cruising. For that reason, it is probably better to stick with a product targeted for business customers. Hardware options such as the Cisco PIX (PIX 501) can be found used for about $200. Juniper and Sonicwall have some similar products. There are also some low-cost software alternatives.
I discuss these options more in later chapters.
Additional computers to attack and to be attacked may be needed. Although you will learn more in the next chapter about some software alternatives that might help you in this regard, VMware and similar products allow one physi-cal machine to host multiple operating systems simultaneously. As mentioned, this is discussed in greater detail in Chapter 2.
Summary
Building your own security lab to serve as a laboratory environment for network security experimentation is not difficult to do, and it need not be particularly expensive. By applying some effort and taking a little time, you can cut your costs and still build a good test bed. By using some of the things that are likely already available to you and adding a few additional components, you can build such a network in a couple of days.
The benefits are many. First, this provides a setting in which you can work with hacking tools without impacting other network users. If damage occurs, and you built the network intelligently, it will be relatively easy to restore systems to their previous state. If you are just starting your IT security career, you most likely lack advanced hands-on ability. Although certifications are great, employers also look for employees who have the skills needed to hit the ground running. Building your own network gives you a test platform to perform real-world tests and simulations. You can practice key skills and spend the time needed to find out how technology works to a much greater degree. Each of these skills will garner you higher wages from a prospective employer.
You don’t need a million dollars or to win the lottery to get started. You can start with a relatively small laboratory network and add to it as your needs dictate. You will be able to maintain complete control and complete understanding of the operating environment. Control is possible — not like on live networks where there are too many variables to manage. We continue
this quest in the next chapter as we begin our discussion of software and applications. Good luck with your security research.