Building Virtual Machine Labs: A Hands-on Guide (Second Edition)
Building Virtual Machine Labs: A Hands-on Guide (Second Edition)
Learn everything there is to know about building and maintaining your own home or workplace virtual lab environment on the most popular hypervisors today in this new and improved second edition release!
About the Book
Most Information Technology professionals agree that virtualization is vital, as it provides a safe and malleable work environment with which to learn and experiment. The only downside is that virtualization can be extremely daunting to learn, and even harder to set up with strong security controls. There is a plethora of knowledge on how to build home labs, but it can be difficult to find. The premise of this book is to provide students a hands-on, go-to resource for building a secure, customizable lab environment.
Within this text, readers will choose one of five hypervisors for building their baseline lab environment, and will be guided through performing all of the necessary setup tasks. This allows students to become more familiar with virtualization technologies, gain mastery over their chosen hypervisor, and design a safe and secure virtual lab environment for further endeavors.
The second edition of this work covers new technologies, and adds an additional 400 pages of guidance and extra content over the first edition.
About the Author
Table of Contents
Foreword: Once More unto the breach… 17
Chapter 1 Patch Notes 19
Chapter 1: If you build it… 20
1.1 Who is this book for? 20
1.2 Getting the Most out of this Book 20
1.3 Notation 21
1.4 A Note About Software Versions, and The Three Rules of IT Disciplines 21
1.5 Software Recommendations 22
1.5.1 Windows Software Recommendations 24
1.5.2 MacOS Software Recommendations 24
1.5.3 Linux Software Recommendations 25
1.5.4 Operating System Installation Images 26
1.5.5 Register accounts on these websites 26
1.6 Linux users, MacOS users and the which command 27
1.7 Linux Users and Kernel Headers 28
1.7.1 How to Acquire Kernel Headers for Ubuntu/Debian-based Distributions 29
1.7.2 How to Acquire Kernel Headers for Redhat Enterprise/CentOS-based Distributions 30
1.8 Using Compression Tools 33
1.8.1 7-Zip on Windows 33
1.8.2 Finder on MacOS 34
1.8.3 zip/unzip and gzip/gunzip on Linux (and MacOS) 34
Chapter 2 Patch Notes 36
Chapter 2: Recommended Skills and Knowledge 37
2.1 TCP/IP Networking 37
2.2 Navigating Operating Systems, and their Installation Procedures 38
2.3 Recommended Training Resources 38
Chapter 3 Patch Notes 40
Chapter 3: Virtual Machines and Hypervisors 40
3.1 What is Virtualization? 40
3.2 What is a Hypervisor? 41
3.2.1 Hosted Hypervisors 41
3.2.2 Bare-metal Hypervisors 42
Chapter 4 Patch Notes 44
Chapter 4 – Introduction to Virtual Networks: Hosted vs. Bare-metal Hypervisor Networking 44
4.1 Hosted Hypervisor Networking – Host-Only, Bridged, and NAT Network segments 44
4.1.1 Bridged Networking 45
4.1.2 NAT Networking (and Port Forwarding) 46
4.1.3 Host-Only Networking 48
4.1.3.4 Virtual Network Adapters 48
4.2 Bare-metal Hypervisors and Virtual Switches 50
Chapter 5 Patch Notes 51
Chapter 5: Hardware 51
5.1 RAM 51
5.2 Disk I/O 52
5.2.1 Hard Disk Drives 53
5.2.2 Solid-state drives 53
5.2.3 RAID arrays 53
5.3 CPU Cores and Features 54
5.4 Virtualization Extensions (AMD-V, Intel VT-x) 54
5.5 Performance as a Vicious Feedback Loop 56
Chapter 6 Patch Notes 57
Chapter 6: Virtual Lab Design and Overview 57
6.1 Lab Network Description – Virtual Machines 59
6.1.1 pfSense 59
6.1.2 SIEM 59
6.1.3 IPS 60
6.1.3.1 AFPACKET bridging, and Fail-Closed Networking 60
6.1.4 Kali 61
6.1.5 Metasploitable 2 62
6.2 Lab Network Description – Network Segments 63
6.2.1 Bridged (Physical) Network 63
6.2.2 Management Network 63
6.2.3 IPS 1 and IPS 2 Networks 63
6.3 Resource Allocations, and Hardware Requirements 64
Chapter 7 Patch Notes 67
Chapter 7: The Importance of a Password Manager 67
7.1 Benefits of Password Managers 67
7.2 Weaknesses of Password Managers 68
7.3 Mitigating the Weaknesses 68
7.4 Creating a Password Database File with KeePassXC 70
7.5 Creating Password Database Entries with KeePassXC 76
Chapter 8 Patch Notes: 79
Chapter 8: Time to Choose Your Destiny 80
8.1 Hypervisor Choices 80
8.2 Hypervisor Guide – Chapter Outline 82
Chapter 9 Patch Notes 84
Chapter 9: Client Hyper-V 86
9.1 Prerequisites 86
9.1.2 msinfo32 87
9.2 Installing Client Hyper-V 91
9.3 Customizing Client Hyper-V 92
9.3.1 Hyper-V Settings 92
9.3.2 Virtual Switch Manager 96
9.3.3 Configuring the Host-Only Network Interface (Management Virtual Switch) 100
9.4 Building the First VM, pfSense 102
9.4.1 VM Creation 102
9.4.2 pfSense Virtual Machine Settings (Part 1) 109
9.4.3 First Boot and OS Installation 112
9.4.4 pfSense Virtual Machine Settings (Part 2) 117
9.4.5 pfSense Command-Line and initial interface configuration 120
9.4.5.1 The Assign Interfaces Wizard 120
9.4.5.2 Setting IP Addresses for WAN, LAN, and OPT1 124
9.4.6 Testing Internet Connectivity using Shell commands 131
9.4.7 Finish setting up pfSense 134
9.5 Create the Remaining Virtual Machines 135
9.5.1 Virtual Machine Creation and Tuning – SIEM, IPS and Kali 135
9.5.2 Operating System Installation 141
9.5.2.1 Installing Ubuntu on the SIEM VM 141
9.5.2.2 Additional Virtual Machine Settings – SIEM VM 149
9.5.2.3 Booting the SIEM VM for the first time 149
9.5.2.4 Installing Ubuntu on the IPS VM 154
9.5.2.5 Additional Virtual Machine Settings – IPS VM 158
9.5.2.6 Booting the IPS VM for the first time 159
9.5.2.7 Installing Kali Linux on the kali VM 161
9.5.2.8 Additional Virtual Machine Settings – kali VM 173
9.5.2.9 Booting the kali VM for the first time 173
9.5.3 Metasploitable 2 177
9.5.3.1 Converting the Metasploitable.vmdk to VHDX 179
9.5.3.2 Creating the Metasploitable 2 VM 182
9.5.3.3 Adjusting Metasploitable 2 VM settings 184
9.5.3.4 Booting Metasploitable 2 186
9.6 Checkpoints 189
9.6.1 How to Create a Checkpoint 189
9.6.2 Restoring a Checkpoint 192
9.6.3 Create checkpoints for the SIEM, IPS, Kali and Metasploitable 2 virtual machines 193
9.7 Chapter Review 194
Chapter 10 Patch Notes 195
Chapter 10: VirtualBox 196
10.1 Windows Installation Guide 197
10.2 MacOS Installation Guide 199
10.3 Linux Installation Guide 203
10.4 Customizing VirtualBox 208
10.5 Configuring the Host-Only Virtual Network Adapter 210
10.5.1 Setting the Host-Only Adapter's IP Address 212
10.5.1.1 Windows and ncpa.cpl 212
10.5.1.2 MacOS and ifconfig 214
10.5.1.3 Linux and ip addr 214
10.6 Building the first Virtual Machine, pfSense 216
10.6.1 VM Creation 216
10.6.2 pfSense Virtual Machine Settings (Part 1) 219
10.6.2.1 Virtual Machine Network Settings 224
10.6.3 First Boot and OS Installation 227
10.6.4 Virtual Machine Settings (Part 2) 231
10.6.5.1 The Assign Interfaces Wizard 234
10.6.5.2 Setting IP Addresses for WAN, LAN, and OPT1 238
10.6.6 Testing Internet Connectivity using Shell commands 245
10.6.7 Finish setting up pfSense 248
10.7 Create the Remaining Virtual Machines 249
10.7.1 Virtual Machine Creation and Tuning – SIEM, IPS and Kali 249
10.7.2 Operating System Installation 255
10.7.2.1 Installing Ubuntu on the SIEM VM 255
10.7.2.2 Additional Virtual Machine Settings – SIEM VM 263
10.7.2.3 Booting the SIEM VM for the first time 265
10.7.2.4 Installing Ubuntu on the IPS VM 270
10.7.2.5 Additional Virtual Machine Settings – IPS VM 274
10.7.2.6 Booting the IPS VM for the first time 275
10.7.2.7 Installing Kali Linux on the kali VM 277
10.7.2.8 Additional Virtual Machine Settings – kali VM 285
10.7.2.9 Booting the kali VM for the first time 286
10.7.3 Metasploitable 2 289
10.7.3.1 Importing Metasploitable 2 291
10.7.3.2 Adjusting Metasploitable 2 VM settings 294
10.7.3.3 Booting Metasploitable 2 297
10.8 Snapshots 299
10.8.1 How to Take a VM Snapshot 299
10.8.2 Restoring a Snapshot 300
10.8.3 Snapshot the SIEM, IPS, Kali and Metasploitable 2 virtual machines. 301
10.9 Chapter Review 302
Chapter 11 – Disclaimer for "M1" macs and macOS "Big Sur" 303
Chapter 11 Patch Notes 304
Chapter 11: VMware Fusion Pro 306
11.1 Installation 306
11.1.1 Permissions Dive 310
11.2 Virtual Network Editor 314
11.3 Configuring the vmnet2 Host Virtual Adapter 317
11.4 Building the first Virtual Machine, pfSense 318
11.4.1 VM Creation 318
11.4.2 Customizing the pfSense VM 322
11.4.3 First Boot and OS Installation 332
11.4.4 Virtual Machine Settings 336
11.4.5 pfSense Command-Line and initial interface configuration 337
11.4.5.1 The Assign Interfaces Wizard 337
11.4.5.2 Setting IP Addresses for WAN, LAN, and OPT1 341
11.4.6 Testing Internet Connectivity using Shell commands 348
11.4.7 Finish setting up pfSense 351
11.5 Create the Remaining Virtual Machines 352
11.5.1 Virtual Machine Creation and Tuning – SIEM, IPS and Kali 352
11.5.2 Creating Static DHCP Allocations for the SIEM, IPS and Kali VMs 357
11.5.3 Operating System Installation 358
11.5.3.1 Installing Ubuntu on the SIEM VM 358
11.5.3.2 Additional Virtual Machine Settings – SIEM VM 366
11.5.3.3 Booting the SIEM VM for the first time 366
11.5.3.4 Installing Ubuntu on the IPS VM 371
11.5.3.5 Additional Virtual Machine Settings – IPS VM 375
11.5.3.6 Booting the IPS VM for the first time 376
11.5.3.7 Installing Kali Linux on the kali VM 378
11.5.3.8 Additional Virtual Machine Settings – kali VM 386
11.5.3.9 Booting the kali VM for the first time 386
11.5.4 Metasploitable 2 390
11.5.4.1 Registering the Metasploitable 2 VM 390
11.5.4.2 Edit Metasploitable 2 Virtual Machine Settings 393
11.5.4.3 Metasploitable 2 Test Run 395
11.6 Snapshots 399
11.6.1 How to Create a Snapshot 399
11.6.2 Restoring a Snapshot 400
11.6.3 Create snapshots for the SIEM, IPS, Kali and Metasploitable 2 virtual machines 402
11.7 Chapter Review 403
Chapter 12 Patch Notes 404
Chapter 12: VMware Workstation Pro 405
12.1 Installation 405
12.1.1 Windows Installation Guide 406
12.1.2 Linux Installation Guide 409
12.2 Customizing VMware Workstation 413
12.3 Virtual Network Editor 416
12.4 Configuring the VMnet1 Host Virtual Adapter 423
12.4.1 Configure the VMnet1 Host Virtual Adapter on Windows 423
12.4.2 Configuring the vmnet1 Host Virtual Adapter on Linux 425
12.5 Building the first Virtual Machine, pfSense 426
12.5.1 VM Creation 427
12.5.2 First Boot and OS Installation 437
12.5.3 Virtual Machine Settings 441
12.5.4 pfSense Command-Line and initial interface configuration 442
12.5.4.1 The Assign Interfaces Wizard 442
12.5.4.2 Setting IP Addresses for WAN, LAN, and OPT1 446
12.5.5 Testing Internet Connectivity using Shell commands 453
12.5.6 Finish setting up pfSense 456
12.6 Create the Remaining Virtual Machines 457
12.6.1 Virtual Machine Creation and Tuning – SIEM, IPS and Kali 457
12.6.2 Creating Static DHCP Allocations for the SIEM, IPS and Kali VMs 462
12.6.3 Operating System Installation 464
12.6.3.1 Installing Ubuntu on the SIEM VM 464
12.6.3.2 Additional Virtual Machine Settings – SIEM VM 472
12.6.3.3 Booting the SIEM VM for the first time 472
12.6.3.4 Installing Ubuntu on the IPS VM 477
12.6.3.5 Additional Virtual Machine Settings – IPS VM 481
12.6.3.6 Booting the IPS VM for the first time 482
12.6.3.7 Installing Kali Linux on the kali VM 484
12.6.3.8 Additional Virtual Machine Settings – kali VM 492
12.6.3.9 Booting the kali VM for the first time 492
12.6.4 Metasploitable 2 496
12.6.4.1 Registering the Metasploitable 2 VM 496
12.6.4.1 Upgrading the Metasploitable 2 VM 501
12.6.4.2 Edit Metasploitable 2 Virtual Machine Settings 503
12.6.4.3 Metasploitable 2 Test Run 505
12.7 Snapshots 507
12.7.1 How to Create a Snapshot 507
12.7.2 Restoring a Snapshot 509
12.7.3 Create snapshots for the SIEM, IPS, Kali and Metasploitable 2 virtual machines 511
12.8 Chapter Review 512
Chapter 13 Patch Notes 513
Chapter 13: ESXi 515
13.1 Prerequisites 515
13.1.1 Installation Requirements 516
13.1.2 Hardware Compatibility 520
13.2 Installing ESXi 525
13.2.1 Acquiring the installation ISO 525
13.2.2 Downloading and Installing UNetbootin 528
13.2.2.1 Installing UNetbootin on Windows 529
13.2.2.2 Installing UNetbootin on MacOS 529
13.2.2.3 Installing UNetbootin on Linux 532
13.2.3 Using UNetbootin to create a bootable installer USB drive 536
13.3: Installing ESXi 539
13.4: Accessing the ESXi Web Interface 543
13.4.1: Configuring a Static DHCP Mapping for the ESXi Management Interface 543
13.4.2: Connecting to the ESXi Web Interface 548
13.5: Configuring ESXi 550
13.5.1 Assigning a License 552
13.5.2 Virtual Switches and Port Groups 553
13.5.3: Datastores 561
13.5.3.1: Staging 567
13.6 Building the first Virtual Machine, pfSense 569
13.6.1 VM Creation 569
13.6.2 First Boot and OS Installation 575
13.6.3 pfSense Virtual Machine Settings 579
13.6.3.1 Static IP Address/DHCP Reservation for the Bridged/WAN MAC Address 582
13.6.4 pfSense Command-Line and initial interface configuration 583
13.6.4.1 The Assign Interfaces Wizard 583
13.6.4.2 Setting IP Addresses for WAN, LAN, and OPT1 587
13.6.5 Testing Internet Connectivity using Shell commands 594
13.6.5.1 One Last Detail (enableallowallWAN) 597
13.7 Create the Remaining Virtual Machines 599
13.7.1 Virtual Machine Creation and Tuning – SIEM, IPS and Kali 599
13.7.2 Operating System Installation 603
13.7.2.1 Installing Ubuntu on the SIEM VM 603
13.7.2.2 Additional Virtual Machine Settings – SIEM VM 611
13.7.2.3 Booting the SIEM VM for the first time 611
13.7.2.4 Installing Ubuntu on the IPS VM 616
13.7.2.5 Additional Virtual Machine Settings – IPS VM 620
13.7.2.6 Booting the IPS VM for the first time 621
13.7.2.7 Installing Kali Linux on the kali VM 623
13.7.2.8 Additional Virtual Machine Settings – kali VM 631
13.7.2.9 Booting the kali VM for the first time 631
13.7.3 Metasploitable 2 635
13.7.3.1 Acquiring the vCenter Converter Application 635
13.7.3.2 Converting and Uploading Metasploitable 2 638
13.7.3.3 Additional Adjustments 642
13.7.3.4 Uploading and Converting the Metasploitable VM without vCenter Converter Standalone 643
13.7.3.5 Final touches 647
13.7.3.6 Metasploitable 2 Test Run 655
13.8 Snapshots 658
13.8.1 How to Create a Snapshot 658
13.8.2 Restoring a Snapshot 659
13.8.3 Create snapshots for the SIEM, IPS, Kali and Metasploitable 2 virtual machines 661
13.9 Chapter Review 663
Chapter 14 Patch Notes 664
Chapter 14: pfSense Firewall Policy and Network Services 664
14.1 The webConfigurator, and pfSense Setup Wizard 665
14.2 Checking for System Updates 671
14.3 Enabling Network Services 675
14.3.1 DNS Forwarding 675
14.3.2 NTP 682
14.3.3 Squid HTTP Proxy 685
14.3.4 DHCP 688
14.3.4.1 How to Create a Static DHCP Mapping 690
14.4 Firewall Policy 693
14.4.1 Firewall basics – Stateful Firewalls, Rule Order, and Implicit Deny Any 693
14.4.2 Firewall Aliases 696
14.4.3 Creating Firewall Rules 698
14.4.4 Firewall Rule Policy – Hosted Hypervisors 702
14.4.4.1 – WAN Interface 702
14.4.4.2 – LAN Interface 703
14.4.4.3 OPT1 Interface 705
14.4.4.4 Removing the Default Anti-Lockout Rule 708
14.4.5 Firewall Rule Policy – Bare-metal Hypervisors 711
14.4.5.1 WAN Interface 711
14.4.5.2 LAN Interface 713
14.4.5.3 OPT1 Interface 714
14.4.5.4 Removing the Default Anti-Lockout Rule 717
14.4.5.5 Removing the allow all pfSsh.php firewall rule 719
14.5 Chapter Review 724
Chapter 15 Patch Notes 725
Chapter 15: Routing and Remote Access for Hosted Hypervisors 727
15.1 Routing Tables and Static Routes 727
15.1.1 Persistent Static Routes on Windows 732
15.1.2 Static routes on Linux 733
15.1.3 Static Routes on MacOS 734
15.1.3.1 flightcheck-Linux and flightcheck-OSX 735
15.1.4 Enabling SSH access on Kali Linux 742
15.2 Remote Access for Windows Hypervisor Hosts 743
15.2.1 mRemoteNG 743
15.2.2 Creating Connection Profiles 745
15.2.3 Enabling Key-Based Authentication 750
15.2.3.1 Generating Public and Private SSH keys using PuTTYgen 750
15.2.3.2 Copying the SSH public key to lab VMs 760
15.2.3.3 Reconfiguring mRemoteNG to Use SSH keys 775
15.3 Remote Access for Linux/MacOS Hypervisor Hosts 784
15.3.1 The ssh command 784
15.3.2 Connection profiles and ~/.ssh/config 788
15.3.3 Enabling Key-Based Authentication 798
15.3.3.1 ssh-keygen 798
15.3.3.2 Copying the SSH public key to lab VMs 799
15.3.3.3 Testing Key-Based Authentication 808
15.4 Troubleshooting SSH Connectivity and Key-Based Authentication 809
15.5 (Optional Content) Remote Access Enhancements 813
15.5.1 Enabling SSH Access as the root User 813
15.5.1.1 Testing root SSH for Linux/MacOS Hypervisor Hosts 816
15.5.1.2 Testing root SSH for Windows Hypervisor Hosts 819
15.5.1.3 Remember, This isn't Strictly Necessary 821
15.5.2 Disabling password authentication over SSH 821
15.5.2.1 Backing Up (and Restoring) the /etc/ssh/sshd_config file 821
15.5.2.2 Modifying the PasswordAuthentication, ChallengeResponseAuthentication, and AuthenticationMethods directives 823
15.5.2.3 Verifying Password Authentication over SSH is disabled 826
15.6 Chapter Review 831
Chapter 16 Patch Notes 833
Chapter 16: Routing and Remote Access for Bare-metal Hypervisors 835
16.1 A Brief Review: Bare-metal Hypervisors vs. Hosted Hypervisors 835
16.1.1 Lab Network Design on Hosted Hypervisors 836
16.1.2 Lab Network Design on Bare-Metal Hypervisors 836
16.2 Introduction to Bastion Hosts 837
16.3 Creating A Bastion Host 839
16.3.1 Creating a Bastion Host Virtual Machine on VMware ESXi 840
16.3.2 Creating a Raspberry Pi Bastion Host 850
16.3.2.1 Prerequisites 850
16.3.2.2 Raspberry Pi Imager 853
16.3.2.2.1 RPI Imager Installation Instructions: Windows 853
16.3.2.2.2 RPI Imager Installation Instructions: MacOS 855
16.3.2.2.3 RPI Imager Installation Instructions: Ubuntu Desktop 20.04 856
16.3.2.3 Installing Raspbian using Raspberry Pi Imager 857
16.3.2.4 Booting the Raspberry Pi and Configuring Raspbian 861
16.3.3 Configuring Static Routes on the Bastion Host 867
16.3.3.1 Persistent Static Routes on Ubuntu, using netplan 867
16.3.3.2 Persistent Static Routes on Raspbian, using dhcpcd 873
16.3.4 Configuring the pfSense Firewall 878
16.4 SSH, SSH Tunnels, and You 882
16.4.1 SSH Tunneling Explained 882
16.4.1.1 Forward Tunnels, Illustrated 883
16.4.1.2 Reverse Tunnels, Illustrated 884
16.4.1.3 Dynamic Tunnels, Illustrated 886
16.4.2 Enabling the SSH service on the Kali Linux VM 888
16.5 Establishing SSH Connectivity to the Bastion Host and Lab VMs (Windows) 889
16.5.1 Connecting to the Bastion Host with mRemoteNG 889
16.5.2 Enabling SSH Tunneling via PuTTY Session 891
16.5.3 Connecting to the SIEM, IPS and Kali VMs using Forward Tunnels 896
16.5.4 Generating SSH Keys for Key-Based Authentication (Optional) 898
16.5.5 Copying The authorized_keys File to the Bastion Host, and Lab VMs 903
16.5.5.1: Method 1 – WinSCP 903
16.5.5.2: Method 2 – Copy, Paste, echo, and file redirection 907
16.5.5.3: Method 3 – Copy and Paste, using vi 908
16.5.6: Creating and Modifying PuTTY Sessions to Enable Key-Based Authentication 910
16.5.7: Reconfiguring Connection Profiles, and Testing Key-Based Authentication 914
16.6 Establishing SSH Connectivity to the Bastion Host and Lab VMs (Linux/MacOS) 919
16.6.1 The ssh command 919
16.6.2 Enabling and Testing SSH tunnels 920
16.6.3 Creating SSH connection profiles via ~/.ssh/config 925
16.6.4 Generating SSH Keys for Key-Based Authentication (Optional) 932
16.6.5 Copying The authorized_keys File to the Bastion Host, and Lab VMs 933
16.6.5.1 Method 1: ssh-copy-id 933
16.6.5.2 Method 2: scp 936
16.6.5.3 Method 3: Copy, Paste, and Output Redirection 938
16.6.6 Testing Key-Based Authentication 940
16.7 Troubleshooting SSH connectivity and Key-Based Authentication 942
16.8 Using the Bastion Host as a Web Proxy, using Dynamic Tunnels and FoxyProxy 946
16.8.1 Installation Instructions 946
16.8.2 Configuration Instructions 949
16.8.3 Adding a new proxy, enabling the proxy, and testing connectivity 951
16.9 (Optional Content) Remote Access Enhancements 959
16.9.1 Enabling SSH Access as the root User 959
16.9.1.1 Testing root SSH for Linux/MacOS Users 960
16.9.1.2 Testing root SSH for Windows Hypervisor Hosts 966
16.9.1.3 Remember, This isn't Strictly Necessary 969
16.9.2 Disabling password authentication over SSH 969
16.9.2.1 Backing Up (and Restoring) the /etc/ssh/sshd_config file 969
16.9.2.2 Modifying the PasswordAuthentication, ChallengeResponseAuthentication, and AuthenticationMethods directives 970
16.9.2.3 Verifying Password Authentication over SSH is disabled 973
16.10 Chapter Review 977
Chapter 17 Patch Notes 979
Chapter 17: Network Intrusion Detection 980
17.1 Making a Choice 981
17.2 Installing Snort3 (via Autosnort3) 982
17.2.1 Confirming Autosnort3 success 986
17.3 Installing Suricata (via Autosuricata) 988
17.3.1 Confirming Autosuricata success 990
17.4 Troubleshooting Snort and Suricata problems 992
17.5 Chapter Review 994
Chapter 18 Patch Notes 995
Chapter 18: Setting up Splunk 996
18.1 Installing Splunk on the SIEM VM 996
18.1.1 Downloading Splunk Enterprise 996
18.1.2 Installing and Configuring Splunk (Part 1) 1000
18.1.3 Installing and Configuring Splunk Enterprise (Part 2) 1002
18.1.3.1 Enabling SSL on Splunk Web 1002
18.1.3.2 Configuring a Receiver 1005
18.1.3.3 Switching to Splunk Free Licensing 1007
18.2 Installing and Configuring the Universal Forwarder on the IPS VM 1016
18.2.1 Downloading and Installing the Universal Forwarder package for the IPS VM 1016
18.2.2 Installing the Suricata TA 1020
18.2.3 Installing the Snort3 JSON Alerts App 1024
18.2.3.1 Installing Snort3 JSON Alerts on the SIEM VM 1024
18.2.3.2 Installing Snort 3 JSON Alerts on the IPS VM 1026
18.3 Restarting the Splunk Forwarder, and Testing Functionality 1029
18.4 Troubleshooting Recommendations 1032
18.5 Chapter Review 1035
Chapter 19 Patch Notes 1036
Chapter 19: End of the Beginning 1037
19.1 Chapter Review 1037
19.2 Remodeling and Expansion 1039
19.2.3 Outfitting a Malware Analysis Lab 1040
19.2.4 Outfitting an Offensive Security/Penetration testing lab 1044
19.2.5 Outfitting an Ops-Centric lab 1047
19.3 Final Words 1052
Chapter 20 Patch Notes 1053
Chapter 20: Extra Credit 1054
20.1 Hardening Hypervisor Security 1055
20.2 Update automation with the updater script 1073
20.3 Setting up ntpd on Linux lab VMs 1080
The Leanpub 60 Day 100% Happiness Guarantee
Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.
You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!
So, there's no reason not to click the Add to Cart button, is there?
See full terms...
80% Royalties. Earn $16 on a $20 book.
We pay 80% royalties. That's not a typo: you earn $16 on a $20 sale. If we sell 5000 non-refunded copies of your book or course for $20, you'll earn $80,000.
(Yes, some authors have already earned much more than that on Leanpub.)
In fact, authors have earnedover $13 millionwriting, publishing and selling on Leanpub.
Learn more about writing on Leanpub
Free Updates. DRM Free.
If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).
Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.
Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.
Learn more about Leanpub's ebook formats and where to read them
