Lab setup Help Needed

[millwalll]

Hi all,

Ok so first of all at the moment I have vm lab as much as I enjoy practicing my skills against that I have identified a big gap in my education and now trying to bridge that gap.

 I have not worked as sysadmin or in helpdesk role my networking/Windows side is in need of  some education. I have been using Windows for over 14 years just not in corporate world (Home user) so know how to perform most task but not had any exposure to active directory,domain contollers so on.

So in order to bridge this gap I am trying to get a job as sysadmin / help desk I am also looking at doing the CCNA once i get study material.

In the meantime I was lucky enough to get my hands on some hardware. I have the following at my disposal:

Dell PowerEdge 1850 Server / Xeon 3.0GHz / 1GB RAM / 2 x 72GB HDD
Dell PowerEdge 1850 Server / Xeon 3.4GHz / 6GB RAM / 2 x 72GB HDD
Dell PowerEdge SC1425 Server / Xeon 3.2GHz / 1GB RAM 120GB HDD
Dell PowerEdge 1850 Server / Dual Xeon 2.8GHz / 2GB RAM / 2 x 72GB HDD
Cisco 2600 router x 2
Cisco 2500 router
Cisco 2900 XL switch

I was thinking of upgrading my lab so it involves this hardware I just really wanted advice on how you would set it all up would you have web server,windows server,sql server ? any advice would be really appreciated. so if you can give me as much information like what os you would install and why.

Thanks a lot

[cd1zz]

I think that is a good plan.

Go get a Technet Subscriber Download subscription and you'll have every OS and app they make at your disposal, for testing only of course.

I would spin up an AD domain, install Exchange, SQL 2000/2005/2008, so you can see what is different. Learn how to add users, run SQL queries. I would also not install any patches on your lab box at first, or at least have a copy of your VM's with no patches. This way you can learn about what missing patches can give you a shell. Also install all that software with security not in mind, so you can also see what happens when you do that. For example, install SQL with a blank or easy SA password and see if you can get a shell.

Make sure you setup an AD domain and know how to dump all the password hashes from AD for example. Know how to add users, know what users have the most power, setup logon scripts, know where to look for those logon scripts. You need to be so comfortable  with all this that you don't panic when you're on a pentest. I was in operations for 12 years doing all this stuff and it has paid off immensely in my PT career.

These are just a few examples to get the wheels turning. Bottom line, know what everything does and try to break it.

[hayabusa]

Hey Jamie.R,

In addition to what cd1zz said (and that is very important...)

I would set it up to (as closely as possible) mimic a real-world scenario:

1.) use the routers to define at least two 'corporate locations'

2.) Put a web or app server in a DMZ, on one or both sides, and a windows / sql / sharepoint or whataver other, inside the network, but accessible by the stuff in the DMZ (to replicate what most places will have)

3.) setup your vlans on the 2900 switch, as if in the main corporate office

4.) since you have extra servers, use one with some VM's (likely the beefier one) to simulate some clients and other machines in the network.

5.) get comfortable with NAT configuration, and how it affects things

6.) download, setup and configure firewall / IDS / IPS so you can begin to see how they behave, and how your activities do / don't trip them, etc.

That's what I'd do to get some things going, although, if you're starting out for sysadmin learning, etc, focus on the earlier stuff, first (routing / switching and the networking aspects.)  Get comfortable with those, as they'll play more roles in security for you, later on.

(Note - you'll likely want to be acquiring some more RAM for those servers, as you'll be limited with what you can do with them, on the lower boundaries you've got, if you want to use them as Windows / app servers.)

[millwalll]

Cool thank for the advice and this is my plain is to try config it as much to a real work as possible the main problems I have is I never done anything like this before so one don't really know what you would find in real world corp environment and two never attempted to set something like this up before hence the reason for doing it.

I don't know really where to start and I think at the moment this is the hardest thing is starting off with maybe one server and getting that setup. I also plan setting up vp connection to the lab once its done. I recently had a job interview and the company like me but they fill they cant take me on as I am now and wanted to me to try learn more about firewalls, ACL,  VPNS I also plan adding to the lab once its setup so maybe a firewall too.

[cd1zz]

You may want to start looking at the MCITP or something similar. It will at least give you a framework for what kinds of things are in a M$ shop. Keep in mind, a lot of this exp you would get on the job at in a sys admin or even starting in a help desk role. It's not uncommon to start in HD. You sound motivated so it likely wouldn't be a long stay as a help desk person if you cant get that network admin/sys admin role you want.

[ajohnson]

Great advice so far, and a strong +1 on the Technet subscription. I used that for my MCSE/MCITP studies, and having cheap access to all that enterprise software was a huge benefit.

I'd expand on Hayabusa's #4/note points and tell you to virtualize everything. I believe all those systems are going to be on VMware's ESXi HCL, which is a free bare-metal hypervisor. You can boot that off a 1-2GB thumb drive (I have 2GBs, but I can't remember if that's required) and use all your internal storage for VMs. If you ever need more storage, you can load VMs via NFS instead of purchasing expensive internal storage for those servers.

Even with only 1GB of RAM, you can still get a few light VMs going. XP will easily run with only 64MB and Server 2003 will be fine at 128-256 depending on what you're doing. You'll need more if you add SQL or Exchange, but DCs, web servers, file servers, etc. will be fine with low memory in a lab environment. Many Linux systems will also run very well in the 64-128MB range; just think of all the vulnerable distros you could load

If you get a Technet sub and have access to Server 2008 / 2008 R2, you can also experiment with Hyper-V on the systems that have more RAM (Maybe the 6GB system; 2GB will be pretty lean for that setup). I greatly prefer VMware, but it'd still be good to compare and get acquainted with other technologies.

You'll probably want to add more RAM to those at some point, but you have more than enough to get started with. You could get 20 systems going if you average 512mb RAM per VM.

[hayabusa]

You'll probably want to add more RAM to those at some point, but you have more than enough to get started with. You could get 20 systems going if you average 512mb RAM per VM.

Full agreement.  Was just saying that if he started throwing up app servers, the memory was lean. 

But ajohnson is absolutely correct.  For the basics, you've got a good setup to start loading a lot of barebones os's up on.

[millwalll]

but where best place to start I am total newbi to this sort things should I start with one server and install server 2003 or is 2008 better ? I want try get server done then use the cisco kit for ccna then build as one.

[cd1zz]

Start with 2003. In a run dialog box type DCPROMO. Go from there.

[Agoonie]

Just to add to your environment, try to look on vmware.com for virtual appliances.  You can add virtual firewalls and load balancers too to help you learn.  But this may require you to beef up your virtual environments memory.

[ajohnson]

If you're not going to follow a cert path, the "Mastering," "Unleashed," and "Inside-Out" books will give you a fairly comprehensive overview for 2003, 2008, and 2008 R2.

Technet is a great resource too. The fifth result of install active domain 2003 site:technet.microsoft.com should tell you everything you need to get started.

[millwalll]

I dont mind doing some certs but just not sure what best

[millwalll]

what would be the best server to setup server 2003/2008 how much memory does it require?

[ajohnson]

what would be the best server to setup server 2003/2008 how much memory does it require?

Just google <os version> system requirements

Start with the minimum and add more as you need it. It's going to vary considerably between a base system and a system with Exchange, SQL Server, etc. Review the requirements for whatever you're planning to install and go from there.