◼️
General Knowledge
  • Introduction
  • Building a Home Lab
  • Certification Roadmap
  • Basics
    • Basic Networking
    • Basic Gigamon Configuration
  • Firewalls
    • PFSense
    • Cisco ASA
  • Hardware Setup and Device Networking
    • Cisco Device
    • MaxVision Servers
    • Gigamon
  • Reporting
    • Network Activity Report (NAR)
    • Network Change Request (NCR)
    • Redmine
  • DCO Tools
    • Splunk
      • Threat Hunting with Splunk
    • Security Onion 2.4
      • Threat Hunting with Security Onion
    • OsQuery
  • Methodology
    • Gather Information
    • Gather Documents
    • Prepare Equipment and Team Procedures
    • Conduct Network Reconnaissance
    • MITTRE ATT&CK Framework
    • Considerations when Recommending Remedial Action
    • Document Everything
    • Defensive Cyber Operations Checklist
  • Requirements
    • Power Requirements
    • Port Density Requirements
    • Opened Port Requirements
  • Building a Virtual Testing Environment
    • Identify Requirements
    • Gather Equipment and tools
    • Initial Draft
    • Building the Environment
    • Example
Powered by GitBook
On this page
  • Introduction
  • Goal / Mission
  • Scope
  • Time Constraints
  • Physical Gear
  • ISO's and Tools
  • Licensing
  1. Building a Virtual Testing Environment

Identify Requirements

Introduction

Before you can begin building a virtual testing environment, you first need to identify the requirements for the mission. In this section, we'll go over some common questions to ask and how to identify all you will need and set up tasks accordingly.

Goal / Mission

The first thing to do is identify what is the goal or mission for this environment. Is it to train an individual? To train a group? What is the training, Blue team, Red team, or Purple team? Does the environment need to look and feel similar to a real-life network? All of these questions help set a baseline on what needs to be accomplished.

Scope

Scope needs to be identified earlier on during the development otherwise you run the risk of sprawl. A common problem we see arise is the customer wants an environment built for X, and after a few days, they want Y added and then a few days later they want Z added. Identifying a scope clearly, and agreeing upon it at the earliest moment helps contain sprawl. Some common questions for scope include, How many networks need to be involved? How many connections are required for each of the trainees/teams? How many machines need to be in each network? What types of machines need to be in each network?

Time Constraints

Knowing how long things take to build, and how long until the mission is an important requirement to be identified. If the mission is three weeks away, the scope may need to be smaller than a mission six to eight months away. This is also where the engineer must be able to make accurate goals and estimates to provide the customer. Don't box yourself into a corner by saying it will take two weeks to build something that realistically takes two months.

Physical Gear

Based on the previous three requirements, you can now determine what physical gear is required for the mission. If you know you need one customer network with five virtual servers and two virtual workstations, you may only need one minirax, whereas fifteen customers, each with thirty virtual machines may need a maxcube and a cyberpac. For this, previous experience may help, so below are what we've identified each piece of equipment can reasonably hold

1 Customer network = 1 router, 8-10 Servers, 10 Workstations. All with user-sim

Greyspace = Fake internet, Redmine, Greyspace DNS Server, Ghosts server

Minirax - 1 Customer network

Cyberpac - 3-5 Customer networks + Greyspace

MaxCube - 8-10 Customer networks + Greyspace

ISO's and Tools

What type of ISO's are you going to need, Security Onion? Splunk? Windows Server 2019? Windows 10? PFSense? This may be self-evident based on the previous requirements, if part of the mission is that the blue teams are training to defend Windows Server 2019 servers then you know you will need to get that ISO

Licensing

Think about licensing as well. Ask around for what your organization is paying for and what licenses you have. Most software in these testing environments requires a license so figure out and gather together what licenses you need. Some common ones are

Windows Server 2019

Microsoft Exchange

Windows 10

PreviousOpened Port RequirementsNextGather Equipment and tools

Last updated 1 year ago