I have just completed re-building my home lab and it took for few weeks to make certain worked. Hypervisors and pfsense are core parts of systems, but I also want to try that legacy or retired gadgets like Cisco ASA or HP DL3 series. Using cloud services such as AWS, Azure or DigitalOcean could make our life more easier, but on-premise systems are still important to understand what is going on there.
I feel like installing the Pfsense is at least 5 times easier than Cisco ASA. We can make connection worked even few mouse clicks; however, we can not understand how packet flows and how to make different machines are connected between each other under hood. There’re lots of trial errors as always. From wipe-out firmware images on that bare-metal firewall to complete ACL, those process gave me lots of fun anyway.
Each networks are divided into different VLANs and totally isolated each other to prevent security holes. Maybe I could do malware analysis on this environment. Metasploitable 2 and DVWA/WebGoat will be used for penetration practice, then any packets between attack/target machines are monitored.
Regarding the hyper visors, I would like to say, they have both pros and cons. Windows Hyper-V provides ease-of-use experience with nice looking graphic interface. More than that, we can use Hyper-V bare-metal machine as a monitoring server as well. But it requires lots of computing resources. ESXi is a very solid hyper visor and it needs few resource. Although I reinstalled because of its’ speed, it was working okay on 32GB SD Card. I am still not so sure which one is better, so I am using two hyper visors simultaneously.
My total budget for this lab was under 400$ CAD thanks for the retired but still healthy generals.
Hyper-V provide a specific PowerShell tool for converting other VMs to Hyper-V disk(*.vhd, *.vhdx), but when converting images, it generally occurs errors depending on environment. After some trial errors, I found those errors can be categorized.
Open source ? or commercial product? I believe they have pros and cons respectively. PfSense is working perfect as a centralized firewall includes almost everything but need more computing power when it deals with massive network traffic. Cisco ASA series are robust and fast, but expensive. So, maybe mid-range companies or organizations might prefer to use pfSense and big companies seem to use legacy bare-bone firewalls. Anyways it would be better for us to use both side of firewalls and compare its functions together.
Boot up then push esc key few times rmmon #0>confreg select no rmmon #1>confreg 0x41 rmmon #2>boot ciscoasa> ciscoasa>enable blank password ciscoasa#write erase ciscoasa#configure terminal ciscoasa(config)# config-register 0x01 ciscoasa(config)# exit ciscoasa#show version ciscoasa#write ciscoasa#reload login with blank password ciscoasa(config)#configure factory-default
We should also install the JRE since ADSM is running on JAVA Then add JRE path on system environment variables.
Then we can just start making initial configuration for physical ethernet ports. These are might be wan, management, dmz1 or dmz2 depending on purposes, but I would like to say we need to check consoles and GUI together to make sure that configurations are well synchronized. We can add up Cisco routers or switches to expand or isolate traffics.
I should have followed the wise saying: “There are two types of people. Those who backup and those who have yet to lose everything to a system crash.”
I wrote some takeaways from current learning practices on this tidy little space. Website was running on VM ESXi for few months without issue; however, an error has occurred while migrating and installing the hypervisors. Thought I made full disk back up, but I did not notice that file contains some errors. So, now I am in the middle of recovering my previous records.