You will probably hear this frequently but having a lab of some sort is crucial for learning and testing things safely, whether it involves information security, or just IT in general. I wouldn’t advise penetration testing, or any sort of testing against something on the internet that you didn’t get permission for.

Before you scoff at the idea of a lab, bear in mind the benefits significantly outweigh the cost.  The lab doesn’t necessarily have to be a full 42U rack, although if you have the resources, why not right?

This article is a lessons learned on my experiences building a homelab answering these questions:

  • Things to consider
  • Where to find equipment
  • How to set everything up

Things to Consider

So I had a plan for the lab and got some good tips from colleagues and after much research I reached the conclusion that this could become a very expensive project.  While labs can also be built through virtualization, this article is written under the premise the lab you are going to build is for the physical hosts, and will likely be in a home or small office.  The long story short the most common threads I ran into were the following:

  • Initial cost
  • Secondary costs/physical space
  • Initial setup

When I first started planning for the lab, I had a general idea in mind of what I wanted to do, but wasn’t sure how and where to find equipment.  I looked for servers online whether it was from conventional places like Dell, or unconventional places like eBay, Craigslist, or local e-waste stores, and even less conventional like finding friends who were looking to downsize or upgrade their labs.  If you already know people with home labs, I recommend exploring this route.  I had in mind what my budget was and the specs.  Through a combination of e-waste, craigslist, and acquiring hand me downs from existing labs, I was on my way.

generate

*Pro-tip:  Make sure you wipe your hardware before selling it or donating it.  I lost track of how many instances I found old passwords, configurations or, data on routers, hard drives, etc.

 With that out of the way and now that I have a home lab, where do I put all this?  Without getting in too much detail consider a place you don’t mind being warmer and/or louder than anywhere else you set it up. If your lab is a bunch of rackmount servers and you’re used to managing those type of servers you know what to expect. Also consider where you live in terms of climate, temperature, as well as crime rate play factors in where and how everything is set up. Rackmount serves not only generate a lot heat  but Also noise especially on initial power up but some are always loud. Last but not least the cost of electricity is definitely a concern. Be prepared to spend at least another $100 per month. I mitigate this by only leaving the servers on when I’m actively working on the lab. 

The lab you see above may be a bit of an overkill for you, but the more resources you can use for your lab the better.  Out of wanting a more potable solution, You can also load a few VMs on your laptop or desktop, and use a hypervisor like Virtualbox, VMWare (Fusion or Workstation), or others.  On either, you’ll find a mode similar to Virtualbox that self contains the network of your VMs on your host.

 

 

Resources:

Infoseclabs: A creation that’s inspiring my lab

Lack Rack: Save lots of money

r/Homelabs: Reddits Homelab subreddit