CYBERSECURITY DETECTION & MONITORING LAB:- Part Three

KALI LINUX ATTACK VM & UBUNTU SECURITY ANALYST VM SETUP

Introduction

Welcome back to the blog series, ‘Cybersecurity Detection and Monitoring Lab’. Find the link to part two of the lab where we installed the pfSense firewall and set up the initial configuration of our network interfaces.

Today, we embark on installing the two network controllers; the Kali Linux Attack virtual machine (VM) and the Ubuntu Security Analyst virtual machine (VM). We need the Kali VM initially to access the pfSense web console and finish configuring the network interfaces, DHCP, and DNS activation. Thereafter, we will propagate attacks on our victim network devices from here. The Analyst VM will be the central point at which we will be accessing the IDS and SIEM to monitor the traffic and respond to incidents in our lab.

Below is an image of our lab network topology that we will reference throughout this blog series.

Setting up the Kali Linux Virtual Machine

Kali Linux will be used as the attack machine that will propagate different forms of offensive actions against the victim network.

Configure the VM by following the steps below:

• Go to VirtualBox and click on ‘New’ to create a new Virtual Machine (VM).
• For the name, type in ‘Kali Linux AttackVM’, then for the iso image select the downloaded Kali Linux iso image and click on ‘Next’.

• Give the new VM 2GBs of RAM, then proceed to click on next using the defaults until you finally create the Kali Linux VM by clicking on ‘Finish’.
• Click on the Kali Linux VM then select ‘Settings’.
• Go to ‘Network’. Enable Adapter 1 and set it as below to our internal network detect-and-monitor-LAN.

• Click ‘Start’ to Power on the virtual machine.
• Select Graphical Install and click on ‘Enter’.
• Select your preferred language, country, and keyboard to proceed.
• Enter an appropriate hostname for your case.

• Leave the domain blank and click ‘continue’.
• Enter the username and password then click on ‘continue’ to allow login to the OS after installation.
• Continue with the entire disk partition and all files in one partition (the recommended options).
• Finish partitioning and write changes to disk.
• Select ‘Yes’ then continue to begin OS installation.
• Continue with the default Software selection.
• Select ‘Yes’ to install the GRUB Boot Loader. Select your drive the click ‘continue’.

• Choose ‘continue’ to reboot the machine.
• Log in with your username and password.
• Open the terminal in Kali Linux and type in the command ‘ifconfig’ to confirm that the LAN VM has received an IP from the pfSense DHCP server. You should see the IP address below. We will use Kali Linux to configure our pfSense terminal and this should be done on a private network.

Setting up the Security Analyst VM.

The general objective of this lab is to simulate a security analyst. This Ubuntu VM will be used as the analyst VM where a security analyst will be able to analyze and mitigate against the different forms of offensive actions propagated against the victim network. The tools in the lab e.g. Security Onion, Splunk, and Wireshark will be accessed from this VM by the analyst.

Configure the VM by following the steps below:

• Go to VirtualBox and click on ‘New’ to create a new Virtual Machine (VM).
• For name, type in ‘Security Analyst, then for iso image select the downloaded Ubuntu iso image and click on ‘Next’.

• On the Unattended Guest OS Install Setup page, type in an appropriate username and password. Click on ‘Next’.

• Give the new VM 2GBs of RAM, then proceed to click on next using the defaults until you finally create the Security Analyst VM by clicking on ‘Finish’. The installation will begin automatically.
• Choose your preferred language.
• Select ‘Install Ubuntu’.

• Choose your preferred keyboard layout and click on next.
• Select the default installation and click on ‘Next’.
• Click on ‘Next’.

• Click on install.
• Enter account details as below and click on ‘Next’.

• Choose a theme and click on ‘Next’.
• The installation will begin automatically.
• After the installation is complete, log in to the Ubuntu VM.
• Launch the terminal type the command ‘sudo apt upgrade’ and press enter. Then ‘sudo apt update’ and press Enter to ensure you’re running the most recent version of Ubuntu OS.
• Turn off the VM. Go to the settings tab and ensure Adapter 1 has the following configuration.

• Login to the VM. Open the terminal and type the command ‘ifconfig’.

• Since we need to check our IP addresses for assignments, we must install network tools. Run the command ‘sudo apt install net-tools’ in the terminal.
• Type the command ‘ifconfig’ again. You should get a result close to the one below. Notice the IP address from your home DHCP. We will also add the vtnet2 adapter (detect-and-monitor-Analyst-VLAN) as Adapter 2 that will connect our Analyst VM to pfSense.

Note that Adapter 2 in our setup doesn’t have an IP address. This means that pfSense which in this scenario is our DHCP server has not assigned an IP address to our Analyst VM. We will add this when we configure our pfSense VM.

Great work! We now have our attack and analyst machine set up. We will now proceed to install Security Onion our IDS to monitor our network traffic. Catch this in the next episode: part four. Happy Learning!