Designing a new home lab

Leave a reply

I used to have a home lab of 3 cisco routers, and 3 cisco switches. That was for my CCNA training. Problem was, they were so old, they were not worth it. The lab also had 2 Intel 32-bit PC towers and a Sun Ultra 10. The Sun box was to get the Sun certification, but never got around to it. That isn’t to say that the lab wasn’t used. Just not used for the reasons I originally bought the components for.

Now, since I graduated and I have money to spend on building a new lab, I’m looking at getting something new set up. After watching Johnny X(m4s) and Eve Adams recorded talk from Derbycon. I decided on the following design.

Lab Design v1

So this will be on a separate internet connection from my home network. That means getting a second line to the house, but it doesn’t have to be the fastest line in the world.

The hope is to have the PFSense box, the Security Onion Box, and the Vmware ESXi box all running on Micorservers. The price for the Lenovo ones are decent.

I want a Cisco 3560g switch for Gig out all the ports, plus the layer 2 / 3 routing. Again the price isn’t too bad, about the same as the Microsevers. Lastly if I decide to go for the CCNA again, it should be useful.

The wireless access point was chosen from the Offensive Security WiFu class hardware list. I could use my old Linksys WRT54GL with dd-rwt on it. But it cant’ do N. Granted it looks like the Off-Sec recommended ones are only half N.

Lastly, it would be nice to have a peg board with all my Raspberry Pi devices attached to it. Requires being easy to remove them, but not a big issue. This would give me a place to have them while working and store them when not in use. If I can get POE on the 3560g, that means I can get a POE splitter and adapter for each Raspberry Pi, and don’t have to worry about power there either.

The laptop would be as needed device. I could use my current one or buy one to dedicate to the lab. Mainly it’s there for user interface purposes than anything else.

The only downside, even though I’m not paying for college classes out of pocket any more, is that it will take a while to build this lab. I’m going to have to piece it together a little at a time.

Data Science Course part 1: Data Scientist Toolbox

Leave a reply

So after a class project, someone suggested I learn some R. After digging around a bit on the internet, I found the Coursera Data Science Specialization. It looked good.

The first class was The Data Scientists Toolbox class. It was good. The goal was to get students experience with hands on work in git and with Github. It also got the students ready on the software for R, by installing R and R-Studio.

I had to drop the second class, the R class, due to some issues that came up. I got bogged down during week 2 and wasn’t able to devote any time to the studies. I’ll take the class again when I can actually spend time focusing on it.

I graduated.

Leave a reply

I graduated from Eastern Michigan University with a BS in Applied Information Assurance. Now that is done, I’m working on some stuff that I want to do. I also am trying to to get accepted to UMUC for a Master of Science. I’m unsure if I want to go for the Cyber Security or Digital Forensics and Cyber Investigations degree.

Some of the projects:

  • My Raspberry Pi WIDs modifications
  • Study for my CISSP
  • Hacker’s Challenge (from 2001)
  • R Programming (Coursera Data Science Program)
  • catching up on leisure reading
  • Studying for my General Amateur Ticket
  • Designing a new home lab
  • some other things not for open consumption

Real-Time Rogue Wireless Access Point Detection with the Raspberry Pi

Leave a reply

So I mentioned this previously as a teaser, but I had an article posted in the Linux Journal. It was based off my independent study at Eastern Michigan University.

It was in the December issue of the Linux Journal. Now it’s posted on their website.

This is related to the talk I am submitting for conferences this year. It has already be accepted to one conference. The talk has a little more information built in to it. For example the experience I had in an environment with heavy wifi coverage compared to home and Eastern Michigan University. A slight design modification. I don’t know yet if I’m going to rebuild using Raspberry Pi B+ or the new Raspberry Pi 2 model B.

Raspberry PI WIDS (Teaser)

Leave a reply

So I’ve been dropping hints about this since July or so. The biggest hint was on my “Raspberry Pi Projects” entry from September. Since then I have been told by the editor of The Linux Journal that the article is going to be published. It will be in either the December, or January issue. I hoping January, because that’s the annual security issue.

Short version, 6 Raspberry Pis, 6 wireless cards, a laptop, 1 switch. About 4% the cost of a large network vendor’s commercial version.

I’ll be submitting this talk for the 2015 Conferences I go to. (Planning on Circle City Con, DerbyCon, and GrrCon).

(oh, and this is the second publication I’ve done. The first one was a book review for “The Ethical Hacker Network” back in 2010.

it’s all culturally relevant

Leave a reply

This year a 17 year old woman, Malala Yousafzai, won the Nobel Peace Prize. Actually she had to share it with someone else, but that’s besides the point. She got it for her fight to get women in Pakistan education.

But around that same time, there was an article on NPR called “The Crime That Has Shocked Pakistan“.  The story was about a philanthropist in Karachi, Abdul Sattar Edhi, being robbed. He created a private ambulance service, and some of the residents in Karachi trust his foundation with their money instead of the banks.

But the thing that stuck me, was his being robbed was a large enough story in Pakistan, that NPR covered it. From the sound of the article he sounded like he was bigger news than Malala Yousafzai winning half the peace prize. But the NPR article did touch on her briefly. “Pakistanis tend to portray the teenager as a puppet of the West“. (emphasis mine).

That kind of shocked, as at the time, even on NPR made it a big deal. Then I remembered from my time as an Anthropology student. It is all culturally relevant. To us, it’s a big deal, because she’s bringing our (the west’s) form of equality. To her media, she’s pushing the West’s agenda for the future, while he brings them medical services now.

Derbycon 2014 thoughts

2 Replies

Selil, and I were talking about education before his panel talk. The thing that stuck me was his analogy of how education works. High school is about making people consumers. The Bachelor degree is about making sure people have knowledge and skill to make things. The grad schools after that are about focusing and specializing. Masters degrees are more skilled and focused than the Bachelor. The Doctorate degree is the pinnacle of focus. Thinking over some of the conversations I had at Derbycon, that makes a great analogy for our industry too.

Here is how I saw the the pyramid structure above fit to our industry’s conferences.

The Attendee badge holders really are the equivalent of the high school graduate. Some of them are just getting in to the industry, while others are just the consumers of  what we have to say.

The Bachelor grads are mostly the vendors. They have things they make to be consumed in mass. This isn’t a bad thing. And some of them are groups, made up of people of different levels.

The Master and Doctorate students and grads would be the speakers. The specialized knowledge and content that the consumers are there to learn. Some of us are better than others, but we’re all the ones digging deep and submitting the talks. Yeah sometimes people at this level are at the con and not speaking for various reasons.

While I love Derbycon, and the people I meet, I think I’d like to see less of the consumers. I’m not saying become elitist and not invite them, I’m saying I want to see those of that have specialized in things enough to give talks to encourage others to get up and talk too. I know you can’t have a con with 2000 speakers, but I think we need to get people out of the consumer side and in to the skill and knowledge side.

Something different in classes

Leave a reply

This semester, the first quiz in each of my Information Assurance classes was to gauge the skill of levels of the class. I liked that, I think it would have been good last Winter if the Digital Forensics 2 class would have done that.

It gives the professor a better way to know what people’s skills are, which should improve the class. It gives the professors a way to help students that are a little behind. it’ll also hopefully allow the professor to make the class harder for some of us.