Environment setup for aspiring security professionals
Wanna become a Infosec Professional:
Are you willing to become security professional? If yes we can learn theoretical concepts from the INTERNET, but the real problem is how can we execute that knowledge. We have to be so conscious as there is a thin line between ethical and criminal. If we have legal access to perform some hack on a website/network then it is legal and If we perform any such on web/network without access then it's an offense. Offensive approach is so dangerous and can be sued very high based on country's/company's law.
How to execute:
Yeah, the only way we have is to simulate the original environment and create the clone locally in your system. Then we should start the attack. To isolate an infrastructure we should use any of the visualization technologies like vmware, virtual box and also docker for web services.
Choosing the Technology:
While choosing the visualization tools we got two options. First is the open source and second is free-ware/commercial. Virtual-box (Windows,Linux,Mac),kvm libvirt(Linux) comes under opensoure and vmware player/workstation,hyperv comes under commercial/free-ware. Choosing virtual-box is most preferable as it has both cli and GUI. Even we can use Vagrant for automating the creation of virtual infra.
Generally after creating the virtual instances just create one private network using host-only driver in virtual box as below. Then configure the host IP address details followed by DHCP leases. These IP address ranges are automatically assigned to the guest virtual machines.
The above environment will have two network interfaces i.e physical and virtual. Host PC will have access to Internet from physical NIC and has access to VM from Virtual NIC. Use this topology for getting started with hacking/exploitation. Going further we can also create complex network infra using virtual box which have entities like corporate network, home network, VPN, Firewall using a single Vagrant file.