I meet IT folks fairly frequently who want to know how to get started in Security. But Security is a huge field! What kind of security are you intersted in? Or what kind of Security do you think you’re interested in? And how do you find out?
Disclaimer
Personally, I’m biased toward not starting in Security, but starting in System Administration or Network Administration or development or….
The reason is that if you haven’t actually spent time running an IT shop, you won’t really have an idea of what you’re defending or the balance between keeping things running smoothly and patching (for example).
When a Security professional “demands” that a patch be applied, we should understand the implications of those demands and be able to work with the Operations teams to ensure the patches are tested properly - again, just as an example.
So with that disclaimer out of the way…
Home Lab
First of all, you need a home lab. You need a place to test out new tools and technologies - WITH PERMISSION - and a home lab is probably the best place to do that.
VirtualBox is a great, free way to start a home lab. VMWare is fine if you have some money to start with, but I still use VirtualBox on a regular basis, and I have a license for VMWare, too.
Both virtualziation platforms allow you to create internal, virtual networks where you can see the interaction between attack tools and defense tools, and get familiar with how to configure both.
What should go in your lab? I’m glad you asked!
Below, I’ve started a list of tools and technologies I’ve used in production and/or learning environments that will give you plenty to explore. Many of these resources are free and/or Open Source, though obviously not all of them. These are also not listed in order of preference or performance. For most of these, I’ve included a brief description or thoughts around the tool, but I’m sure this will be a bit of a living list.
And who knows? Maybe I’ll get around to writing up some more in-depth info on these as time goes on. :-)
Tools / Resources
*Last updated: 2021-09-09
Virtualization
- VirtualBox
- Great for running virtual machines on your laptop / small server
- Proxmox
- Run a virtual data center in a single server
- This is really the next step up for home labs and suitable for larger labs (or even home production use)
- VMWare
- The defacto standard for local virtual machines. Not free.
- AWS
- um…..duh.
- Not as expensive as you think it might be, once you get the hang of it.
- Vultr and/or DigitalOcean
- Good places to run a virtual server for $5 / month
- Perfect if you don’t want to dive into AWS just yet.
Network Routing and Firewalls
- iptables
- The famous Linux firewall.
- There are a ton of resources and tutorials out there on this, but I included the one for CentOS.
- It’s not necessarily the best, but it’s a start.
- OPNSense
- BSD-based Open Source firewall.
- Includes a web GUI for management.
- Fork of PFSense, but probably my pick between the two.
- PFSense
- Still a solid, supported Web GUI-based BSD firewall.
- MicroTik
- Not free, but their Cloud Hosted Router (CHR) is excellently priced.
- There are also cheap(er) hardware devices that can be purchased to run this production-supported solution.
- VyOS
- Command line Linux-based router and firewall. Love this software, but it doesn’t have a frequent update cycle.
Utilities
- grep / Regular Expressions
- Learn regular expressions. You’ll need them.
- And you’ll hate them.
- Let’s Encrypt
- Free, programmable TLS certificates.
- No reason not to have a cert on any website you create.
- nmap - Network Mapper
- The defacto standard for network scanners.
- The NSE (Nmap Scripting Engine) has added quite a bit to this and you can do some basic vulnerability scanning here.
- My go-to for initial local network reconnaissance.
- PowerShell
- I strongly prefer Linux or Mac over Windows, but the rest of the world runs Windows and you need to know how to manage and secure these boxen.
- PowerShell is actually pretty awesome and definitely worth learning!
- python
- My personal preference for script languages. There are others, and you can choose them if you like. I promise it won’t hurt my feelings.
- Shell scripts (bash / zsh)
- Know your way around a command line.
- Waay too many tutorials out there right now. Google it.
- tcpdump
- The original tool to capture network traffic. Still awesome.
- Wireshark
- The simplest way to examine the packets you captured with tcpdump.
- Of course, Wireshark can capture on it’s own (use tshark on the command line).
Forensics
- SANS SIFTKit
- Created and maintained by SANS, the SIFT Kit is an excellent forensics-machine-in-a-box and includes a ton of fantastic tools and documentation.
- Sleuthkit
- Included in the SIFT Kit and is a basic tool in file system forensics.
Configuration Management
- Boxstarter (Built on Chocolatey)
- “Repeatable, reboot resilient windows environment installations made easy using Chocolatey packages” (from their site).
- Honestly, I haven’t mastered this one yet, but it looks really interesting.
- Chocolatey (Windows)
- Like yum or apt-get for Windows.
- I even created a scheduled task on my family’s computers to automatically patch all their software on a regular basis.
- Docker
- Allows you to use pre-packaged applications, alone or together with other “containers” to quickly build and manage applications in a standard fashion.
- Github
- Version control.
- Super important to maintain versions of your scripts, configuration, notes, whatever.
- You will love this. And hate it.
- Gitlab
- See above.
- Gitlab also supports private repositories on their free plan (something
you have to pay foralso now available on Github, since Microsoft bought them out). - Using a private repo, you could keep your configurations on all your workstations in a version control system.
- All you need to do to make your new computer setup just like your old one is to clone the repo!
- Gitlab (and Github) also support hosting static sites - Geek Cabinet is was hosted here on Gitlab, for example. Gitlab even supports custom certifcates (e.g. Let’s Encrypt) where Github does not (yet?).
- Puppet
- Using Puppet (or Salt Stack - see below), you can ensure servers and workstations are configured consistently and correctly from one central place.
- This changes the way you administer your network.
- Runs on Ruby, but you don’t need to know that (or the language) in order to use it.
- Salt Stack
- See Above
- Python-based version of Puppet.
Offense
- Kali Linux
- Network Penetration Testing in a box.
- When you’re ready to start practice attacking systems (with permission), this is a great place to start.
- Tenable Nessus Home Scanner
- Maybe should’ve even put this in the “Defense” section…¯\_(ツ)_/¯
- Free for home use, a quality network vulnerability scanner to find and (lightly) test the systems in your lab
- Or make sure your IDS is working…
- Again, use only with permission. If you own what you’re scanning, you’re fine. If you don’t - ask first. Or just skip it.
Defense
- Zeek IDS
- OSSEC HIDS
- Security Onion
- Network Intrusion Detection System in a box.
- Includes Snort, Suricata, Zeek, OSSEC, + …..
- Snort
- Suricata
Learning
- Local Community Meetups
- SANS Reading Room
- SANS Facilitator Program