Welcome to my journey of continuous discovery. Enjoy your visit.
Network Switches
Because I am running VMware (ESXi) on a Laptop (Lenovo P51) all me hosts will need to use the single Ethernet port. I am not concerned about congestion using the single interface, because most of the traffic is between other VMware guests. But I do need to be able to isolate WAN, DMZ and LAN networks.
My primary switch is a HP Procurve 24-port managed switch that support VLANs. I like this switch because it also supports a broadcast or span port which makes it easy to test security software that requires a network sniffer or TAP.
VLAN Configuration
WAN includes 3 ports
-Cable Modem (includes 5 Public IPs)
-Firewall WAN or Internet
-open for sniffer or Tap
LAN includes 8 ports
-All system on 192.168.1.0/24
DMZ includes 8 ports
-All system on 192.168.2.0/24
LAN/DMZ/DMZ has 1 port (VLAN tagged )
-My ESXi host is VLAN enabled and uses this port.
Firewall Configuration
You need to have a good firewall. I don;t host anything private or business confidential in my lab, so I don't expect to be a target. Never the less, I don't want to worry about it. I good firewall will also have VPN support. Going back to Public IPs and Certificates, it makes it super convenient to be able to securely access any resource from any internet connection.
First thing to do is pick a firewall. I use a pfSense firewall. It isn't overly intuitive, I am willing to sacrifice ease-of-use for functionality. If you don't have firewall experience, I would recommend buying a business class firewall versus do it yourself.
Sense I selected pfSense, I nee a platform to run it. I recommend spending a few hundred dollars on a device like "Qotom Industrial PC Gateway Firewall Router". Simple copy the last phrase and paste it in Amazon. There are hundreds of sellers.
Firewall Appliance
-Qotom Q190G4-S01 Industrial PC Gateway Firewall Router for pfSense
-Intel Celeron J1900
-4G RAM
-32G SSD
-4 Gigabit LAN
In order to host internet facing systems you need a Public IP or IPs. You can use dynamic DNS and port-forwarding to a limited extent, but eventually you will want to access or host internet services for testing.
By combining Public IPs with Certificates you will be able to securely host services and be able to connect to those services from anywhere.
ESXi Host
My ESXi host is the heart-and-soul of my lab. I currently host between 15-18 systems on a single server.
See my post on Lab Hardware for recommendations.
Specifications:
-Intel(R) Xeon CPU E3-1505M v5 @ 2.80GHz
-64GB ECC RAM
-2 x 512GB PCIe SSD
- 1 TB SATA SSD
Active-Directory Instances
I currently have two separate Active-Directories. Locally I have a Windows 2012r2 directory with approximately 50 test accounts. I also have 5 accounts in a Microsoft Office 365 Azure directory.
Operating Systems
- Windows 7, 8, 10 and 2012r2
- Ubuntu v16