If you ever plan on doing malware analysis, or any other activity where there is a good chance you’ll be in contact with something malicious, logically segregating your lab from your actual production environment is one of the most important safeguards you can implement. While performing the analysis in a VM will largely keep the host safe, a misconfigured hypervisor could allow an infection to spread to other machines.
How I configure everything in this guide may not be the most suitable option for your situation, so how you set it up is really up to you. I have two gigabit switches, one unmanaged and the other managed. My managed switch has 8-ports, 6 of which will be for my home network. The others will be VLAN-ed, and will provide an uplink to the internet and to the unmanaged switch in my lab. This diagram demonstrates what I’m trying to accomplish:
check out draw.io to make your own
I’ll be setting it up this way because my lab sits in a different location in my home from all my other hardware. If you have one central location where everything runs from, I’d probably recommend you just get a larger managed switch and let it handle everything. In general, managed switches can be fairly expensive so, depending on what you’re looking to do, your options may be slim. I went with the tp-link TL-SG108PE. It has fewer options than enterprise managed switches, obviously, but was fairly cheap for the features and number of ports it offers. Like most network appliances, we’ll have to configure our computer’s network adapter to be on whatever default network the managed switch is on. In my case, it’s 192.168.0.X. Once we’re there we can browse to the IP address of the switch and log in with the default credentials.
.First thing I’m going to do now that I’m in is change and document the login credentials. I’m also going to change its IP address so I can install it in my network.
Once it’s a living and breathing part of the network, we’ll also want to check for firmware upgrades to patch known issues and security vulnerabilities.
So now I’ve got everything installed and ready to be configured. First of all, I need to provide an uplink for my soon-to-be second VLAN. My firewall has four ports, one of which provides a WAN interface and another providing a LAN interface. LAN 0 is currently set to 10.0.0.0. Essentially all I need to do is create another for my lab. We’ll call it LAN 1 and put it on 10.0.1.0. Afterwards I need to jump into the switch and set up the VLANs. There are a few methods for doing so, but for my situation we’ll do port-based VLANs. This basically allows me to just take a bunch of ports and throw those in logical groups based on my requirements:
Like the diagram shows, port 1 is serving as the uplink for VLAN 1, and port 7 provides the uplink for VLAN 2. Everything for my home network eats up ports 2-6, and port 8 has a cable that runs to my office where it terminates into the second switch. I can now have multiple machines connected to my lab switch where they pull IP addresses from my DHCP pool of 10.0.1.100-200. The same thing applies for my home network on 10.0.0.100-200. As was the original intention, devices on VLAN 2 are unable to ping, browse to or otherwise access anything on VLAN 1 and vice versa.