secdoc.tech
Fortify Your Digital Defenses: CAH
Basics Series · · 5 min read

Basics Series - #1 Build Out Your Lab

As promised in the Chapter 9 Lab document, This will be the first in a series of Basic How-To's for those that have little to no experience in working with VMs or installation of operating systems.

Proxmox VE Cluster
Proxmox VE Cluster

As promised in the Chapter 9 Lab document, This will be the first in a series of Basic How-To's for those that have little to no experience in working with VMs or installation of operating systems. If you are new to technology or security, the amount of different technologies and speed of which information changes can be overwhelming. That is why setting up a lab environment is a critical first step for any aspiring or well-seasoned technology/security learner.

When I first started learning technology/security, it was necessary to obtain hardware in order to learn various technologies. Today, learners have a much easier way to set up a lab and learn different technologies without the need for specific hardware.

Some things to consider:

  • Do you have some spare hardware, computers that you can leverage for your environment?
  • Do you need to or can you setup more robust networking?
  • Does the CPU and motherboard support virtualization and if so how many cores/threads?
  • Do you only have a workstation or laptop?
  • How much RAM and storage do you have?

These are all considerations that can impact how much you can or cannot do in your lab or virtualized environment and which hypervisor will be best suited for your needs.

What are Hypervisors?

In order to setup a lab, it is important to understand and choose the right virtualization platform that is right for you at your current stage of learning. The first step is selecting the hypervisor or using a cloud service like AWS, Azure, GCP or even Oracle Cloud. While cloud services can support quick and anywhere access to systems, there can be limits to low cost or free capabilities and even there there is a cap to the amount of time or data before fees start to incur. That is why many technologists and security professions will setup home labs using hypervisors.

Hypervisors are software tools that provide virtualization capabilities by abstracting a computer's physical hardware resources and creating isolated virtual machines (VMs). They enable a single physical machine, called the host, to run multiple VMs, known as guests, each with its own operating system and allocated resources.

Hypervisors are the backbone of cloud computing, allowing providers to efficiently subdivide powerful servers into smaller, more manageable VMs that can be easily provisioned, scaled, and sold to customers. By maximizing hardware utilization while providing reliable and scalable virtual environments, hypervisors enable cloud vendors to offer competitive pricing and flexible solutions.

The concept of hypervisors dates back to the 1960s with IBM's experimental tools like SIMMON and CP-40. However, widespread adoption of hypervisors for x86 platforms only took off in the early 2000s, driven by advancements in hardware virtualization support, increased computing power, and the proliferation of multi-core CPUs.

There are two main types of hypervisors:

  1. Type 1 hypervisors run directly on the host hardware, offering better performance and typically used in data centers and high-performance server environments.
  2. Type 2 hypervisors run as an application on top of a conventional operating system, commonly used for desktop virtualization and running alternate operating systems.

Key benefits of using hypervisors include:

  • Improved hardware efficiency and cost-effectiveness
  • Rapid provisioning and scaling of virtual machines
  • Flexibility in resource allocation and management
  • Simplified backup, migration, and cloning of VMs

Popular Type 1 hypervisors include VMware vSphere/ESXi, Microsoft Hyper-V, and Nutanix, Citrix Hypervisor, and open source solutions such as Proxmox VE (QEMU) or XCP-ng, while Type 2 hypervisors include Oracle VirtualBox, VMware Fusion, VMware Workstation, and VMWare Player.

Closing Thoughts on Hypervisors/Virtualization

There is some disagreements amongst the community regarding QEMU and other hypervisors that build on it such as Proxmox which is based on Debian. The disagreement surrounds the fact that virtualization is built into the Linux Kernel and to make use of it is just downloading and installing QEMU or like applications. I am one that thinks this is a Type 1 hypervisor, because it is using the Linux Kernel and not the full OS to manage the low level hardware just like ESXi or Hyper-V, that said, others see it as a Type 2 because it is a part of the overall Linux OS. In either case, if you run Linux on your hardware such as a desktop or laptop, being able to run a VM is as simple as an apt or yum command after making the changes within your BIOS or UEFI settings.

While hypervisors and containers both provide isolation, they operate at different layers. Hypervisors virtualize hardware, allowing multiple VMs to run on a single host, while containers provide process-level isolation within a shared operating system kernel. In modern environments, hypervisors often host the VMs on which containerized applications run.

Security is a critical consideration with hypervisors. While they provide isolated environments for VMs, vulnerabilities like Meltdown and Spectre have highlighted potential risks. Cloud providers and vendors have responded with updates and mitigations to address these concerns.

As technology advances, with faster multi-core CPUs, high-speed storage, and increasing demand for cloud services, hypervisors will continue to play a vital role in enabling virtualization and cloud computing. Understanding the capabilities, benefits, and considerations surrounding hypervisors is essential for businesses and individuals leveraging these technologies.

In this Basics Series, I will be using Proxmox VE. That stated, everyone has differing requirements or hardware specs, as such, there may be some additional research needed on which hypervisor will be best for you and your needs. With that in mind the links I previously provided can help you with specific installation steps and any system requirements, but for a general how-to and avoiding the recent issues around future availability of VMware because of the aqcuisition by Broadcom, using Oracle VirtualBox will be the best for most starting out.

Installing Oracle VirtualBox

Download and Install VirtualBox (Latest Version)

In this task, you will download and install the latest version of VirtualBox. The instructions provided are for a Windows host, but you can find further instructions for Mac and Linux systems at https://www.virtualbox.org/manual/ch02.html, but for Linux it is not completely necessary.

https://www.secdoc.tech/content/images/2024/03/virtualbox_7014.png

Procedure 1: Downloading VirtualBox

  1. Visit the VirtualBox downloads page at https://www.virtualbox.org/wiki/Downloads.
  2. Under the "VirtualBox 7.0.14 platform packages" section (which is the current version at the time of this post), click on the appropriate link for your operating system:
    • "Windows hosts" for Windows
    • "OS X hosts" for macOS
    • "Linux distributions" for Linux (select the appropriate distribution)
  3. The download should start automatically. Save the file to your preferred location, such as the Downloads folder.

Procedure 2: Installing VirtualBox

  1. Navigate to the location where you saved the VirtualBox installation file (e.g., Downloads folder).
  2. Double-click the installation file to run the executable.
  3. When the installation wizard appears, click "Next" to begin the installation process.
  4. On the "Custom Setup" page, leave the default components selected and click "Next".
  5. Choose the location where you want to install VirtualBox, or leave the default location and click "Next".
  6. On the "Warning: Network Interfaces" page, VirtualBox informs you that it will reset your network interfaces temporarily during the installation. Click "Yes" to proceed.
  7. On the "Ready to Install" page, review the settings and click "Install" to start the installation process.
  8. If prompted by the User Account Control (UAC), click "Yes" to allow VirtualBox to make changes to your device.
  9. Wait for the installation to complete. This may take a few minutes.
  10. Once the installation is finished, you will see the "Welcome to VirtualBox" page. Click "Finish" to close the installation wizard.
  11. VirtualBox should now be installed on your system. You can launch it from the Start menu or desktop shortcut.

Congratulations! You have successfully downloaded and installed the latest version of VirtualBox. You can now proceed with creating and managing virtual machines using VirtualBox.

Basics Series #2 will be the installation of a Linux Distribution with a Desktop.

Share Share Share Share Share Email

Read next

Sit Down with the 45Drives' "What's Spinnin'" Team
45Drives · Featured

Sit Down with the 45Drives' "What's Spinnin'" Team

The latest episode of 45Drives' "What's Spinnin' Podcast" has just dopped. Brett sits down with me to explore my 25-year journey through the cybersecurity landscape. We also discuss my book, the "Cybersecurity Architect's Handbook," and how it has evolved throughout my career.