Our question this week comes from Lee:

Say you”re doing security research, what machines and OSes do you recommend for a home lab and why?

Great one.

This is something that tends to be pretty personal based on the kinds of research you’re doing, and your available funds. Let’s break it into a couple of pieces:

Network Equipment

One piece that’s hard to find, but really useful, is a dumb hub to simplify sniffing. I’ve got an old 3Com I pulled from an office that I use when I want to monitor traffic. Sure, you can also do it with wireless or with Ettercap on a (vulnerable) switch, but I like just being able to plug in and sniff.

A spare wireless access point with a few switched ports is nice when you want to isolate off a small network so you don’t inadvertently brick your TiVo while playing with a network fuzzer. They’re cheap and you can plug and go.

I do a fair bit of mucking with wireless so I have a few spare access points. I like Airport Expresses for something portable I can take on the road (Linksys has something similar, but I haven’t used it). They double up to stream music at home, making them a dual-use investment. I also have a WRT54GL for playing with OpenWRT, depending on the project.

Thus the basics are a dumb hub, an extra access point/router with ports (probably a WRT), and a couple spare travel access points if you like to play with wireless. Oh, and a lot of cables. You can never have enough cables.

Systems

I do most work on my primary system- a MacBook Pro. I maxed out the memory and use Parallels for virtualization. VMware Fusion might be a bit better since you can set up virtual networks. I even run Core Impact in a virtual machine on my Mac and it runs really well.

Ideally you want one dedicated laptop/desktop for each major OS- Windows and one flavor of Linux are good enough for most people. Just get a cheap desktop, max out the RAM, and configure as needed.

If you can’t afford a bunch of systems, go with virtualization and live distribution CD/DVDs. I used to use a basic Windows laptop (XP) with VMware on it. Then I built virtual machines for other OSes I commonly used- Fedora and Ubuntu. When I want to run Unix attack tools that don’t work well in a virtual machine (wireless and Bluetooth stuff) I just boot into BackTrack.

It’s also nice to have a couple dedicated target systems and virtual machines at various patch levels. I install a totally unpatched XP or Vista, then take snapshots at various levels of patching. I used to have a couple spare laptops at different Windows patch levels, but I had to give those back when I left my job.

Thus you have one primary machine with your favorite OS. That runs virtualization software with a couple virtual machines for testing. Then 1-2 other attack/tools systems, usually one Windows and one Linux. Then, it’s nice to have 2-4 target systems at various patch levels of various operating systems. At least one dedicated machine where you can run VMware or Parallels and a bunch of virtual images to attack or monitor suspected viruses and such. That system should be isolated from your main home network, and keep the host OS fully patched.

Most researchers I know use a lot of virtualization these days to keep the number of systems down and you can do a lot of good research with only 1-2 machines if your budget is limited. At work they might have dozens of boxes to play with, but far fewer at home. You want a good mix of operating systems since you want access to whatever tool gets the job done, no matter the platform.

I also have a bunch of random hardware- old cell phones, wireless cards, Bluetooth adapters, and such.

It all really comes down to personal taste and what you’re researching. Thanks to virtualization and live Linux distributions we have a lot more flexibility than in the past, even if you only have one beefy laptop or desktop.

As for tools… that’s another, much longer post that could be better written by plenty of other people…

Share: