Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: What's in Your Lab? - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
What's in Your Lab?

The discussion about labs got me thinking about what we all have in our personal labs.  The "What's in your lab?" question is a standard one that I ask in interviews, it says a lot about a person's interests and commitment to those interests.

I just revamped my lab (thanks to my local "cheap servers off lease" company and eBay).  Previously I was able to downsize and host my entire lab on my laptop with a farm of virtual machine and a fleet of external USB drives, but as I ramp up my requirements for permanent servers (an MS Project server, an SCP server, a web honeypot and an army of permanent, cpu and memory hungry pentest VMs), I had to put some permanent hosts back in.

So to host all this, I put in 3 ESX servers with 20 cores altogether (thanks eBay!).  I picked up a 4 gig fiber channel switch and 4 HBAs for a song, also on eBay.  I had an older XEON server with lots of drive bays, so I filled it up with 1TB SATA drives and a SATA raid controller - with a fiber channel HBA and Openfiler, I've now got a decent Fiber Channel SAN (with iSCSI and NFS thrown in for good measure).  Add a decent switch and firewall for VLAN support and network segmentation, and this starts to look a whole lot like something useful !!  The goal was that after it's all bolted together, I can do almost anything in the lab without physically being there.

I still keep lots of my lab on the laptop VM farm - for instance my Dynamips servers for WAN simulation are all still local, so are a few Linux VMs that I use for coding in one language or another for instance.

Enough about my lab - what's in your lab?  Have you found a neat, cheap way of filling a lab need you think others might benefit from?  Do you host your lab on a laptop for convenience, or do you have a rack in your basement (or at work)?  Please use our comment form and let us know!

Rob VandenBrink

Rob VandenBrink

578 Posts
ISC Handler
May 30th 2012
I used to have a decent lab of about 4 desktop PCs a while back but I got tired of having all this in a 1 bedroom apt so I took it down / sold it off as I was able to learn at work.
Now getting more into security Im seeing the need to setup again. My current desktop is a 4 core 8G beast so I can use that for VMs but im still going to need a separate box for all the firewall(pf) network security tools (gpl) I want to try out.
I probably wont be setting up any fancy storage.
With this setup hopefully I wont be hearing fans 24/7 in my apt.

37 Posts
The folks over a have been kind enough to provide the details on how they build their storage pods:

I don't need 135 terrabytes in my vmware lab (yet), but the base design can be easily tweeked to meet a variety of needs.

12 Posts
I've moved towards more, small embedded systems instead of fewer, faster (noiser) systems. So I've got a little stack of soekris boxes ( systems doing a variety of tasks. My personal mailserver, for instance, runs on one of these with a flash card containing the OS (re-mounted RO, of course) and an SSD drive for logs, spools, mailboxes, etc. No moving parts, low power usage, absolutely silent. :-)

133 Posts
Currently I am using multiple Linux and Windows VMs located on my laptop and on a quad core desktop.

I have an empty rack in my garage and I am thinking about buying two powerful servers, a firewall, and ... I'll see later what. I also have an UPS I can use (after I'll change the accumulator).

My dilema is if I can put in in the garage. I don't want to put it inside the house because of the noise. The garage is partially heated, and I have no A/C. My biggest concern is the dust. Do you think that I should take the risk and build it there? If not, what other solution do you see?

2 Posts
I've focused a lot of my lab towards Cisco certifications, so a lot of hardware is in switches and routers.
I currently have a couple of 2600X and Non-XM routers, a 2520 for legacy stuff, a bunch of 1721 which are convenient in size but the power bricks are a pain. I also have a 6500 series switch, four 2950 Catalyst switches and four 3550 Catalyst switches. I can accommodate just about any networking configuration I can think of.

I also have two old HP DL160 servers that I'm setting up as LAMP servers. And i have two other servers that will serve as a Windows based server and storage server.

All of this was bought on eBay for pretty cheap.
1 Posts
I think I have the same problems as most everybody else so far - noise, power requirements, and heat. I've had some luck with liquid cooled and sound-insulated servers. SSDs and virtualization are a must, but add in ye olde routers, switches, and network appliances, and there's not a lot that one can do. Somebody needs to build a hackerspace for (actual?) hackers...

48 Posts
- big desktop system (4 cores, multi threaded), 12 GB RAM, no fancy storage, VMware Workstation, one additional physical NIC w/o IP address on host system (so one can connect the VMs to the NIC and outside world directly)
- several old notebooks to play with as victim / hack-me servers / IPCop firewall / pentest systems (we _do_ like real hardware ... don't we?)
- "hardware store" grade switches and cables

7 Posts

Sign Up for Free or Log In to start participating in the conversation!