Setup your own Security HomeLab - Part 1: Intro

This is intended to be the first in a series of posts in setting up the tools, VMs, and systems to build out a good Security HomeLab.

Why?

If you need to ask then it's possible that this is not for you, this isn't meant to be easy, or quick, or even remotely make sense for the average person to protect your home network. But, if your looking to start in a career in Cyber Security Operations or Network Security, then tools techniques, and general thought processes described here will be highly valuable. Plus can be quite fun!

Tools

I have selected the tools below for several reasons: they are all industry standard, and they are free or have free-ish versions/licences:

• Elatic Stack (Security information and event management - SIEM)
• Elastic Agent (Logging agent)
• Nessus (Vulnerability Scanner)
• Open Canary (HoneyPot)

These are the main 4 security platforms/tools i'm going to delve into into, with a planned blog post for each (several in the case of Elastic Stack).

However there are some additional infrastructure that I am also going to to talk about, although it's not security, having a well grounded knowledge across IT infrastructure is extremely helpful, plus really a crical first step in building a homelab:

• Veeam Backup and Replication
• Vmware ESXI / Proxmox
• Docker
• PRTG

Hypervisor

The first step before you can really start exploring all the great cyber security tools that exist out there is first somewhere to run them. To do that the best approach is to run Virtual Machines. In a pinch you could use Hyper-V or Virtualbox running on your main PC (provided you have enough RAM), but a better option is to have a dedicated computer to run all your homelab systems on. With a bit of effort VMware ESXI will run on just about anything, I started running it on a old dell optiplex I got for free, with later upgrades to using a whitebox server made from 2nd hand desktop & Server Parts. A big plus for using ESXI is that it is an industry standard for on-premise server virtualisation. Since there is absolutely tons of other people who have great blogs on getting started with ESXI in a homelab, I won't repeat what they said, but i'll put some links down below:

• Interesting VMware Homelab Kits for 2023
• Building a more advanced homelab setup with a dedicated server running VMware ESXi

Having said that, If your starting from scratch and/or less focused on learning an industry standard enterprise hypervisor, then i'd suggest looking into Proxmox. The licencing is far more accessible then ESXI these days (since Broadcom.....), and there are lots of great guides available for Getting started With Proxmox. There's even quite a lot of guides for setting up multi node High availability deployments with Proxmox, such as: Building a Highly Available (HA) two-node Home Lab on Proxmox.

Myself i use ESXI, however with the discontinuation of future free ESXI licence's, the upgrade path is looking rather bleak, and even applying security updates is challenging in the post-broadcom VMware world. i'll most likely switch to purchasing an VMWare MUG Advantage subscription (at a eye-watering cost of $210USD Per Year) in order to get access to new versions of ESXI. Although, if i was starting from scratch i would probably start with Proxmox as a hypervisor.

Backups

I can't overstate how critical backups are, even in a homelab, i've spent days trying to recover a broken VM which had months of tinkering tied to it. Especially when your learning and trying new things (and if your using ESXI, most likely in ways not supported by VMware....), the chances of breaking your VMs and/or applications in ways that are challenging to recovery from are quite high. So i'd recommend getting a backup solution working to be a fairly high order priority.

For a free homelab solution i'd recommend Veeam Backup and Replication, This allows you to conduct both bare metal backups recoveries of non-virtualized systems using agents, and VM backups through integrating with ESXI or Proxmox native snapshot capability. The learning curve is fairly shallow (especially compared to more DIY solutions. A setup tip i have for homelab users (where running multiple servers 24x7 is unappealing to pay for power) is to have a separate hypervisor server (normally powered) down and to use Veeam B&R to replicate VMs across once or twice a week, Veeam can trigger a powershell script prior to running a job, in this case send a Wake-On-LAN packet, and then another script after the job has run to automatically SSH into the server and shut it down. I've been using the this to good effect for a few years to keep a 'cold-standby' server ready incase my main homelab server fails. It can of course can also do local Incremental backups to a NAS via SMB, and with GFS you can preserve specific backups (like 2 weekly, 2 monthly, 1 yearly) longer, useful for nightly backup jobs with the intention to have easy access to rollback bad changes or bad updates.

The community licence give you 10 'instances', a Veeam agent on a workstation or a VM on a hypervisor, will consume 1 instance each. If your able to get an Veeam NFR licence this increases to 20 instances, and you can also do some pretty interesting automated offsite backups using a Object Storage services (like Wasabi or Cloudflare's R2) that offer a S3-compatible API. Either can combined with Veeam Data Platform NFR licence can enables you to have tiered onsite and offsite backups for you homelab (and other important data), while costing less than $10USD in cloud storage a month.

Monitoring

While a more optional step for a homelab, if you start having workloads and systems you care about remaining available (such as home automation!), Availability monitoring becomes important quickly. Once you have a few physical servers, several VMs, a few cloud Servers, managed switches, APs, dozens of docker containers, UPS, etc..... Keeping track of when things aren't quite working right can start to become fairly onerous. For a homelab setup - where free is critical - the only feature rich solution that can monitor EVERYTHING i have (sometimes with help of community scripts), is PPRTG Network Monitor. This is free up to 100 'sensors' (perfect number for a homelab), and doesn't require an account to get the free license. It integrates easily with ESXI (and can monitor proxmox too via SNMP), can monitor docker containers and Linux systemd services(with the help of a script), plus can monitor Veeam B&R with the use of some powershell scripts. It doesn't handle syslog particularly cleanly, but we'll tackle that later when we look at setting up our SIEM.

Conclusion

This first part was aimed at being an introduction to why and what you'll need to consider before diving into building out a suite of security tools in your homelab. In Part 2 we'll dive into setting up a Vulnerability scanner for your homelab.