Pentesting Lab in GNS3
Introduction
After completing my CCNA1 course, I decided to set up my own Pentesting lab or controlled environment, but with the condition that it should be as realistic as possible. I still have a lot to l earn about the CCNA 200-301 certification, and what better way to practice what I’ve learned than by working on this project. Additionally, this will be my first official project in the field of cybersecurity.
Questions
Before proceeding, here are some uncomfortable and annoying questions:
Let’s take a look at the context of a pentesting lab that can be found online. When looking at online platforms like HackTheBox and similar ones, the network architecture (in most cases) is like this:
It's not bad (if you want to test something quickly), but in a real-world situation, the above image could be considered the final step of a long procedure, provided that you have been able to bypass/evade/study all the obstacles that a real network poses. For example:
Not to mention that the vuln server has certain incorrect configurations (its purpose is to be vulnerable) that may not be found in a real-world environment, and most of the time it's a Linux OS.
What if I encounter a fully updated Windows system behind multiple firewalls/IDS/honeypots and other weird things that could happen?
Now it’s possible to find some rooms or platforms online that could provide a pre-configured network for practice, but they have a cost. Another option is to use pre-configured settings or tools in the wonderful world of github, but even then, it will always lack something or not adapt to what one needs (try it and see).
Building your own lab gives you all the control and conditions you need over the cybersecurity area being studied, and it also increases one of the main skills that every cybersecurity professional should have (or should have):
NETWORKS
That's why I'm building this lab from scratch.To not get lost along the way, it’s recommended to take at least a CCNA 1 course (if I said so). It will be worth it and a good investment, but let’s not forget that the CCNA certification consists of three parts, and I only recommend taking the first one (CCNA 1) to build this lab. In addition to CCNA1, you’ll need:
- Linux and its administration
- Docker
- Virtualization
For the base OS of this series of guides, I used the BackBox distribution, but any Linux or Windows distribution is sufficient. The hardware used for all the labs is :
- Processor: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz
- Memory: 16Gb
- Disk: 500Gb SD If you have something better than that, excellent! For software:
- GNS3
- VirtualBox
- Docker Optional but recommended:
- Cisco packet tracer
GNS3 is a network simulator similar to Packet Tracer, but with the difference that it’s possible to:
- Use real hardware like a switch or router
- Simulate a fully functional network in the real world
- Integrate Virtualbox, Vmware, Docker, Qemu images (the latter to use hardware images like Cisco, Mikrotik, Openwrt, etc.) As we can see, it has everything needed to perform different tests. Here’s its marketplace.
- Mininet seems great, but I haven’t tried it yet, it’s on my waiting list.
- Eve-ng has a free and a paid version. I immediately discarded the paid version.
- Docker is a good option if the hardware is limited. The bad thing is that there are no real hardware images like CISCO. While writing this post, I found this, but I haven’t tried it yet.
- LXD/LXC, like Docker, is another good option, but I haven’t finished testing it yet.
The books (or sources) used to build this lab (and I recommend reading them) are:
- CCNA certification study guide 2ed Not only is it useful for the CCNA certification, but it also contains everything necessary to work offline and not bother Google every moment. I consider it the introduction to networks that I always wanted.
- The book of GNS3 A friendly and practical book on how to manage GNS3 with several examples and scenarios.
- Cisco Routers for the Desperate, 2ed Another pocket book with basic commands/configurations for any CISCO device.