Build Your Lab: Advanced Lab

Advanced Windows enterprise lab including Windows Workstations, a Server and Firewall

The advanced lab is the foundation of a realistic enterprise network environment that simulates multiple hosts and systems including using Active Directory, DNS, DHCP services and a pfSense firewall that servers as the internet gateway.

This lab is the foundation for advanced security exercises and testing attack & defense tools. Furthermore, a great deal can be learned by just setting up the various services mentioned in this guide, which emphasizes on important cyber security networking concepts.

It is highly recommended to have a lab like this available and ready to go to for advancing hands-on DFIR skills and testing purposes.

Skills practice:

  • Data acquisition
  • Disk forensic
  • Memory forensic
  • Active Directory
  • DHCP
  • DNS
  • Firewall

Systems:

  • 1 x pfSense Firewall
  • 1 x Windows Server 2019
  • 2 x Windows 10

Requirements:

  • 8< GB of memory

Overview:

 This lab builds on the Medium Lab setup, which outlined how to set up a Windows Server 2019 incl. Active Directory and a Windows 10 client. We will add a pfSense firewall as the internet gateway for the environment. Furthermore, we enable DHCP and DNS services on the domain controller and add another Windows 10 client.
 
Prerequisite: For an introduction into virtualization software, options and best practices it’s highly recommended to read the Virtualization Primer.
 

Setup Instructions:

Follow the instructions in Medium Lab guide to set up VirtualBox, a Windows 10 and a Windows 2019 server including Active Directory services.
Additional notes:

  • For this lab it is recommended to change or attach all VM network interfaces to “Internal Network” mode. This provides an isolated network where VMs can still communicate with each other. Internet access will be provided through the pfSense Firewall at  a later step.
  • Create at least two domain user accounts in Active Directory e.g. Alice and Bob.
  • Set up at least two Windows 10 workstations.

Download and install pfSense Firewall

  1. Download the latest pfSense ISO from  https://www.pfsense.org/download/ and pick Architecture  AMD and Installer ISO.
    • Decompress the .gz file when finished downloading (for Macs use tools like “The Unarchiver”)
  2. Create a new virtual machine in VirtualBox
    • Select type “BSD” and version “FreeBSD 64-bit”
    • Memory 256 MB will suffice
    • Create a virtual hard disk
    • Add the pfSense ISO to the VM’s optical drive
      • Go to the VM’s settings -> Storage, click on the Empty optical drive
      • On the CD symbol to the right select “Choose Virtual Optical Disk File” and select the downloaded ISO
  3. Activate both network interfaces. Go to the VM’s settings -> Networking
      • Enable Adapter 1 and set it to “NAT”
      • Enable Adapter 2 and set it to “Internal Network”
  4. Start and install pfSense
    • Start the VM, click accept and install the VM with default options. Follow the pfSense Auto Installer Guide.
    • IMPORTANT – when the VM is rebooted shut it down and remove the ISO from the VM’s disk settings! This ensures that it doesn’t load the installer on startup. Then start the VM again.
  5. Configure pfSense networking
    • When prompted for the main menu, IP addresses have to be configured for the networking interfaces. To do so select option 2 “Set Interfaces IP Addresses”
    • Type “2” for to select LAN interface
    • For the LAN IPv4 address set “10.10.10.1”. This will be our default gateway IP for the lab.
      • For subnet bit count enter “24”
      • For “upstream gateway address” just press enter
      • For “DHCP” and “revert to HTTP” enter “n” for both
      • Review your settings and finish.

Enable DHCP & DNS services on the domain controller

  1. Assign a static IP address to the Domain Controller
    • Open network settings. Alternatively in “Server Manager” -> Local Server -> Ethernet and right click on the “Ethernet” symbol. Select “IPv4” and click “Properties” (10.10.10.2 in our case)
    • Set the static IPv4 address for the domain controller to “10.10.10.2” and subnet mask “255.255.255.0”
    • Set the default gateway to your pfSense FW IP “10.10.10.1”
    • Set the Preferred DNS server IP to local host IP “127.0.0.1”. In order to resolve external DNS records, you can set the Alternate DNS server IP to a public DNS service such as “9.9.9.9” (Quad9).
    • To validate everything is working open a command prompt and try to ping the gateway IP “10.10.10.1” and an external domain name such as “google.com”.
  2. Open “Server Manager”. On the right click “Manage” and select “Add Roles and Features”
  3. Click next until “Server Roles” and select “DHCP” (and “DNS” if not already installed)
  4. Select add roles. If a warning pops up regarding no static IP addresses configured, click continue
  5. Click “next” until you are able to “install”. When finished click “Close”
  6. When the installation finished, a new notification will show up asking to “Complete DHCP setup” -> Complete the steps with default settings.
  7. Configure the DHCP service
    • On the right top corner select “Tools” -> “DHCP”
    • In the DHCP menu select IPv4 and click the “Actions” menu -> “New Scope”
    • Click through the wizard and select a name (e.g. “BCS Lab”)
    • Assign the IP range from 10.10.10.100 to 10.10.10.254 and Subnet mask Length “24”
    • Click next until “Configure DHCP Options” and click “Yes”
    • When prompted for the Router IP add the pfSense IP address (10.10.10.1 in our case)
    • Click next and finish out the installer.
  8. Add a DNS Forwarder pointing to pfSense
    • On the right top corner select “Tools” -> “DNS”
    • Under “DNS” right click on your workstation and select “Properties”
    • In the new window open the “Forwarders” tab. Here you can add add a DNS forwarder, which is the server(s) that this system is using to resolve DNS queries.
    • For default settings you can add the “pfSense” Firewall (10.10.10.1). Additionally, you can add another public facing server as a backup such as Quad9 (9.9.9.9)
    • Save settings and close the window.

Final pfSense Configuration

  1. From any of your ‘in-network’ VMs open a browser and type in the pfSense IP “10.10.10.1”. Accept the unsigned certificate and exceptions if prompted.
  2. Log in using user name “admin” and password “pfsense”.
  3. Click through the installer wizard
  4. Select your domain name e.g. “BCS.local”
  5. Select your domain controller IP as the Primary DNS Server (10.10.10.2)
  6. Select your time zone
  7. Click next through WAN and LAN settings as everything should be already configured
  8. Reload and Finish
  9. You have now a working firewall. You can now go to “Status” -> “Traffic Graph” to see traffic graphs for LAN and WAN interfaces.

Validate that everything is working

  1. Log in to the Workstations using your created domain user accounts (e.g. Alice and Bob) and validate that they have an IP address of 10.10.10.10x assigned.
  2. Validate that Workstations can reach websites.
  3. On the domain controller open the ServerManager and Active Directory Users and Computers. Open the Computers branch, which should list your currently authenticated Windows workstations.

Once the VMs are set up, power them down and take snapshots. That way you can always revert back and start with a fresh setup.

Scroll to Top

Training Waitlist

Join our waitlist and get notified when training becomes available.

Contact Information
Professional Experience
I'm interested in

*By submitting this form, you’re agreeing that we will contact you and to receive our free email newsletter. (You’ll never be spammed and you can unsubscribe at any time.) We do not share your information with third-parties.