1️⃣Design
Design Approaches
There are 3 ways I think you can host a cyber lab with pros and cons for each solution.
Advantages | Disadvantages | Solutions | |
---|---|---|---|
Cloud Hosted | Scalable, convenient, control, steeper learning curve (a con to some). | (Probably) More expensive, internet connection | AWS, GCP, Azure. |
Type 1 Virtualisation (Bare Metal Hypervisor) | Performance, efficiency, scalable (middle ground) | (Probably) More expensive, physical space, compatibility. | Esxi, Proxmox, Microsoft Hyper-V Server, Xen |
Type 2 Virtualisation (Hosted Hypervisor) | Ease of use, compatibility, flexibility. | Performance, resources, scalability. | Virtualbox, VMWare Workstation |
Just to be clear, it's all virtualisation - cloud providers use type 1 hypervisors. By "Type 1 Virtualisation", I mean owning your own physical hypervisor server and installing something like Proxmox on it.
I'll be doing an "on prem" approach, using VritualBox as my hypervisor software.
Architecture
Opting for bare metal hypervisor would just mean having this infrastructure on a physical server and using the correct virtualisation software. The architecture shouldn't be significantly different from cloud. Just that managing it would be on the hypervisor user interface, usually web based, and cloud would mean you'd have to VPN and VNC / RDP into a machine if you want to access the GUI of the OS.
Solutions
Choose your solutions. These can always change in the future which is the nice thing about virtualisation.
I understand that things take a while to download, like .iso files so better to come prepared. For this project I will be using these:
Solution | Description |
---|---|
Kali Linux | Penetration testing OS |
OPNsense | Firewall / security platform. Can also use products like pfSense |
Wazuh | SIEM for ingesting network and endpoint logs |
VirtualBox | Virtualisation Framework |
Windows 11 | For our test subject |
I've chosen Wazuh because of recent popularity, it's free, open-source, and an XDR solution.
Last updated