Security Lab on a Budget


As a community interested by the plethora of Malware being released in the wild, curiosity eventually leads to the purposeful download and detonation of the newest exploit, if not for research, then just for fun. Luckily our inner-nerd fire is fueled by the rise of virtualization and the declining price of the technology needed to run it. While previous methods had a separate computer to pwn, reimage, and pwn again, freely available virtualization platforms allow for a snapshot of the clean system, and the ability to revert to it after pwning it. While this can be done on production computers, to get the best bang for the buck and cram in some serious horse power, building a custom machine to function as a security lab can be much more cost efficient (and fun). For around a $1000, the machine outlined below carries more than enough power to run multiple virtual machines on top of VMWare’s free hypervisor ESXi.

This goes back to our philosophy that it’s better to do something than pontificate about it.  The best way to delve into security is to have an always available test bed for learning and development!

Hardware
Case/Motherboard/PSU: Shuttle SH67H3

For the barebones of this system, the SH67H3 by Shuttle is a great value in a small package. The motherboard sports a LGA1155 socket, fitting 3rd Gen Ivy Bridge Intel i3-i7s. It also supports 32 GB of RAM, and has 2 – 6 GB/S SATA 3.0 connections for hard disks, with RAID onboard as well. All of this is powered by the included 300 watt power supply, and is cooled by its efficient design and single fan that connects to the processor and draws airflow through the back vents. This low wattage also means there is less of a power draw, equating to a lower cost to keep it running (80 Plus Bronze Certified). While this will be running ESXi, which does not support rich graphics (virtual machines are accessed through the vSphere client on your regular desktop or laptop) it does support the addition of choice graphics cards, and the built in video supports dual monitors.

Price:  $249.99

Processor: Intel Core i7-3770k

Consuming 77 watts, the 3770k is a quad-core 3.5 GHz processor that will boost to 3.9 GHz, and supports hyper threading, looking like 8 cores to the hypervisor. This processor has more than enough power to run a range of operating systems in parallel.

Cost: $329.99

RAM: G.SKILL Ripjaws X Series 32GB (4x8GB) PC3 12800

With most operating systems require or recommend 4 GB of RAM, having enough memory to run multiple virtual machines in parallel while not ruining performance is important for a security lab.

Cost: $299.99

Hard Drive: Western Digital WD10EZEX 1TB 7200 RPM SATA 3.0

While any hard drives will do, the WD10EZEX provides ample storage and speed for a great price. While 1 TB may be enough to store ISOs and virtual machines, adding a second can utilize the built in RAID 1 for redundancy, for simply more space for a data store.

Cost: $59.99 each

Optional

While not included in this build, CD/DVD Rom drives can be added for around $30, and select graphics cards can also be added to use this system as a host to run VMWare player or VirtualBox.

Component
Cost (From NewEgg)
Purchase Link
Case
$249.99
NewEgg
Amazon
Processor
$329.99
NewEgg
Amazon
RAM
$299.99
NewEgg
Amazon
Hard Drives
$119.98 (For 2 with a $10/each discount)
NewEgg
Amazon
Total
$999.95

At just under $1000, this beefed up box should be able to run a number of both Victim Operating Systems, as well as detection and investigation systems.  This is focused on the hardware to build a good lab.  There is some essential software we would recommend as well.

Please send comments or suggestions to randy (dot) [email protected]