1️⃣Design
Last updated
Last updated
There are 3 ways I think you can host a cyber lab with pros and cons for each solution.
Cloud Hosted
Scalable, convenient, control, steeper learning curve (a con to some).
(Probably) More expensive, internet connection
AWS, GCP, Azure.
Type 1 Virtualisation (Bare Metal Hypervisor)
Performance, efficiency, scalable (middle ground)
(Probably) More expensive, physical space, compatibility.
Esxi, Proxmox, Microsoft Hyper-V Server, Xen
Type 2 Virtualisation (Hosted Hypervisor)
Ease of use, compatibility, flexibility.
Performance, resources, scalability.
Virtualbox, VMWare Workstation
Just to be clear, it's all virtualisation - cloud providers use type 1 hypervisors. By "Type 1 Virtualisation", I mean owning your own physical hypervisor server and installing something like Proxmox on it.
I'll be doing an "on prem" approach, using VritualBox as my hypervisor software.
Opting for bare metal hypervisor would just mean having this infrastructure on a physical server and using the correct virtualisation software. The architecture shouldn't be significantly different from cloud. Just that managing it would be on the hypervisor user interface, usually web based, and cloud would mean you'd have to VPN and VNC / RDP into a machine if you want to access the GUI of the OS.
Choose your solutions. These can always change in the future which is the nice thing about virtualisation.
I understand that things take a while to download, like .iso files so better to come prepared. For this project I will be using these:
Kali Linux
Penetration testing OS
OPNsense
Firewall / security platform. Can also use products like pfSense
Wazuh
SIEM for ingesting network and endpoint logs
VirtualBox
Virtualisation Framework
Windows 11
For our test subject
I've chosen Wazuh because of recent popularity, it's free, open-source, and an XDR solution.