Building a small home lab on a budget

Here’s a small lab design with a budget of $500, considering your goal of having two servers, a switch, and a firewall, along with other necessary components:

Hardware Used:

1. Host Machine:
   • CPU: Intel Core i5 or AMD Ryzen 5 (Quad-core)
   • RAM: 16GB DDR4
   • Storage: 256GB SSD (for the host OS and virtualization software)
   • Network Adapter: Gigabit Ethernet
2. Switch:
   • An affordable managed switch with VLAN support.
3. Firewall:
   • An affordable hardware firewall appliance (e.g., pfSense-compatible hardware or an older PC with multiple NICs).
4. Servers (Two Physical Servers):
   • CPU: Dual-core
   • RAM: 4GB DDR3
   • Storage: 120GB HDD (for the operating system and virtual machines)
   • Network Adapter: Gigabit Ethernet

Software Downloaded and Installed:

1. Operating System (Host):
   • Install Ubuntu Server (free) on the host machine as the base OS.
2. Virtualization Software:
   • Install VirtualBox (free) on the host machine for virtualization.
3. Firewall Software:
   • Install pfSense (free) on the firewall hardware.

VMs Created:

1. Server VM 1:
   • Install Ubuntu Server (free) with 2GB RAM and 40GB virtual hard drive.
   • Use VirtualBox to create this VM.
2. Server VM 2:
   • Install CentOS (free) with 2GB RAM and 40GB virtual hard drive.
   • Use VirtualBox to create this VM.

IP Addressing Scheme:

• Host Machine IP: Assigned dynamically (DHCP) by the local network.
• Firewall: WAN IP assigned dynamically (DHCP) by the ISP. LAN IP could be statically set to something like 192.168.1.1.
• Server VM 1: Static IP, e.g., 192.168.1.10.
• Server VM 2: Static IP, e.g., 192.168.1.20.

Firewall Type:

Use pfSense, a popular and free open-source firewall/router software, on your dedicated firewall hardware.

Network Traffic Monitoring Setup:

Use port mirroring on the managed switch to send a copy of network traffic to a monitoring VM or a separate physical machine with Wireshark or other network monitoring tools.

Log Traffic Setup:

Configure pfSense to log firewall events, and send the logs to a syslog server (which can be one of your server VMs). You can use open-source syslog servers like rsyslog for this purpose.

Switch Configuration (Including VLANs):

Configure VLANs on the managed switch to separate traffic, if required. For example, create separate VLANs for server traffic, management, and firewall.

Wireless Access Details (Optional):

If you need wireless access, consider adding an affordable wireless access point and connect it to the switch. You can create a separate VLAN for wireless traffic and secure it accordingly.

Attack Machine Details:

For ethical hacking and penetration testing, you can use Kali Linux as an attack machine. Install Kali Linux as a VM on the host machine using VirtualBox.

Please note that this lab setup is based on a tight budget and may require using older or refurbished hardware. Additionally, some components like the switch and firewall hardware may vary in price and features. Always be cautious of the security implications of your lab, especially when simulating network attacks.