You might consider buying Professional Penetration Testing, as it covers how to setup a lab for pentesting. There are also a couple of posts here at EH-Net about the very same subject, such as Pentest Lab: Web Application Edition and Network pentest lab setup. There are also many pre-built images available which can be used for practicing as well (De-ICE, pWnOS, hackerdemia, foundstone's, DVL, etc.). You might also look out for CTF images.

If you are not very familiar with networks, it wouldn't hurt to spend time to learn more about it, also regarding the fact, that you would like to attack it later. Knowing how to build a network and possible misconfigurations etc., would help in the attacking phase as well.

A scenario with two different internet connections is possible, but not necessary/ depends on the scenario you would like to go through. Depending on your country/ ISP it could violate some policies though, as you then would attack through your internet connection and not through your internal network.

You can use Virtual Machines, and setup routes inside the solution of choice, or if you're using physical machines, as your post implied, just setup different subnets, with a wireless router (or regular router(s) if you have them,) and they'll work just fine.

As H1tM0nk3y said, however, a bit more detail will go a long way in helping us to make recommendations.

Let this be something you'll always remember and take into account from here on out. Planning planning planning planning. Draw yourself up a plan, literally, write it down whether on a piece of paper or by creating a file with vi, notepad, whatever you use. Doing so will almost always yield better results and save you time in the long run. "To Do List" applications work well for this.

Doing this accomplishes a few things:

1) Helps you remember to ALWAYS establish a structured test
2) Helps you keep things organized (especially if you're using checklists)
3) Allows you to document findings - you cannot possibly remember every hiccup

I would approach the task in the following manner: 1) Learn about the system while doing so 2) Learn about project management while doing so 3) Learn about documentation which is EXTREMELY important when you have to write post-testing reports 4) Learn how to manage your time (remember time equals money)

Step 1) Install an operating system
Step 2) Determine what applications would be used on this machine
Step 3) Determine what types of security would be used on that type of machine
Step 4) Analyze how this security application works
Step 5) Look for methods to circumvent it

When I approach personal based testing, I approach it from the systems, network and architect perspective. For example, I needed to test some SAP stuff. So what did I do? Did the research on typical SAP installs. Documented what I perceived it would do, what machines I needed for it, how I needed it to run, who was going to connect to it and why, what type of security would be on it.

After I got it up and running, everything was documented, it was easy for me to go back revert things, uninstall-reinstall, fiddle around pre-security testing. Then came the fuzzing (Peach and Klocwork for those wondering what I use), then came the patch management, security management, re-fuzzing, breaking, etc.

It's a lot easier to be able to dissect things in the long run. For example, on a step by step basis (validating your findings) you would be able to determine that X occurred because of Y. For example, if you were able to pop shells on a machine prior to say installing ProgramY, you'd know when/how/what you need to work around

Also check LAMP Security CTF , http://sourceforge.net/projects/lampsecurity/

Sil,

Is there a template of the documnetation that I could use?  Or do you know wexactly what should be on ths documenation?

The DD-WRT runs on a Linux on the back end, but it has a web interface that is very similar to that of the Linksys web interface.  Knowing or not knowing Linux isn't really an issue with the firmware.  I was recommending it because it it allows you to have much more control over your wireless routers and unlocks a lot of features you might be interested in.  Since there are also some guides, I also figured it might help you out.

You are welcome to send me PMs if you would like, and I will do my best to answer them when I have free time.

If I recall correctly (but haven't been playing with VMware lately), that you can set up a network for Guests only. So the guests can talk to each other.

I know for a fact VirtualBox does. Usually how I set up my test lab when I want to get dirty, keep it contained all on the laptop (even disconnect laptop from regular network).

However play with VMware if you can, it'll help you more in Xen or VB in job interviews (as I've been finding out lately).