Spinning Up Your First Virtual Machine

Virtual machines, emulations of computers, are an amazing learning tool. If you have a single computer and want to learn about computer networking, web application pen-testing, or try a new Linux distro, virtual machines are your very best friend. By setting up one or more servers as virtual machines you can experiment with quite a bit!

All you need is a hypervisor, a program to run the virtual machines, and installation media for your virtual machine.

The two main options you’ll hear a lot about are the lovely open source Oracle Box [https://www.virtualbox.org/] and VMWare. You can get VMWare Workstation Player for free (Windows), or get a trial of VMWare Fusion (Mac) or VMWare Workstation Pro (Windows). But Orcale Box is free, and can run on any OS.

Let’s say you install Oracle box on your personal computer. Now you need installation media to install the operating system. This is pretty similar to installing an operating system on a ‘real’ computer. There are a lot of options as far as that goes. For example:

  • Kali Linux : Built with the security pro/nerd in mind, Kali comes with a ton of tools like Burpsuite already installed.   https://www.kali.org/downloads/
  • FreeBSD : University of California Berkeley Unix https://www.freebsd.org/where.html
  • Free BSD also provides an open source firewall called pfsense
  • Ubuntu: A noob friendly Linux distro https://www.ubuntu.com/download

Of course, you’re welcome to pay for Windows too…

Once you have your system image (your copy of the OS) you can install it on a virtual machine quite easily. Below I’ve included a guide for Oracle Box.

1. Open up virtual box and, naturally, click “New” to begin setting up a virtual machine. After clicking 'New' button, you can enter the new virtual machine name, type of operating system and OS version. Memory size and whether the hard disk should be created now, later, or whether to use an existing virtual hard disk.

Give it a snazzy name, and make sure to set ‘type’ and ‘version’ appropriately.

Screen Shot 2018-10-31 at 3.05.58 AM

2. Determine how much memory to allocate to the VM. This will depend on your hardware specs, OS requirements, and how many virtual machines you want to be able to run on your hardware in the first place.

Screen Shot 2018-10-31 at 3.11.33 AM

Guided Mode isn’t that different than ‘Expert Mode’ by the way. It gives more detail about the options, and makes suggestions for the values, but provides the same options in reality. 

Screen Shot 2018-10-31 at 3.14.15 AM.png

3) If you’ve selected ‘create virtual hard disk now’ , and if this is your first vm you’ll need to, then you’ll be confronted with the following:

Screen Shot 2018-10-31 at 3.16.21 AM

It’s worth noting that you may find you have difficulty exporting the VM from Oracle Box either way. Your mileage will vary but there always seems to be some sort of hiccup in my experience. If you think you might want to try VMWare later, you can create it as a VMDK which is compatible with both programs.

The allocation on your local disk is pretty self-explanatory since Oracle gave such a thorough description. I prefer dynamic allocation to save space on my hard drive until I need it, but it’s up to you. Just make sure wherever you create the file, you don’t tamper with it later.

Screen Shot 2018-10-31 at 3.20.18 AM.png

Simply give that file a recognizable name and choose its size.

Screen Shot 2018-10-31 at 3.23.32 AM

From here, it’s more or less dependent on which OS you are installing and what virtualized hardware you’ll want.

For example, you can alter the virtual machine settings to add an optical drive (think CD player), which you can load a .iso file into. ISO is often used for operating system images or other archives.

I’m not sure how helpful this is or not, but if you have questions about basic set up let me know in comments. At some point, I’ll get started on an article to follow this one to explain various settings or options in depth, that may be confusing the first time you see them. My real agenda is to provide instructions on hosting a website from your virtual machine, in order to introduce tools like Burpsuite or OWASP’s testing tools.

Advice for first year IT students

          Maybe you always knew you wanted to pursue a career in computing, or maybe computers are a new love for you. But when I started my IT degree I had already put years into a fine art degree. I had no idea how computers, or networks, worked but my curiosity had been piqued by increasing advances in technology and its impact on our daily lives. When I realized how intimately connected my life was with various technologies that were each essentially a black box to me, I had to know more about them!

          Even if you have some experience, you may not be sure where to start, how to prepare for higher level courses or what is expected of you outside of school. Like with foreign language the best way to learn and understand something thoroughly is through immersion and hands on practice. So your first priority should be to get a lot of exposure and have as much fun as possible getting it!

Starting from Square One

This is simply a list of suggestions I would give to myself a few years ago. These are mostly things I’ve been advised to do and have already done myself, as well as a few things I’m working towards myself (like contributing to open source projects and teaching others).

  • Build good foundational knowledge. To understand networking you need to understand at least a little about computers, operatings systems, browsers and networking devices. You may go into shock at the sheer amount of acronyms but trust me, they will seem second nature after a while.
  • Comptia A+ and Network+ exam objectives or test prep books can give you a good idea of what you should know. Comptia provides vendor neutral tests that certify a certain level of IT knowledge and skill. A+ essentially certifies that you have basic technical support and troubleshooting skills. Network+ is a step above and focuses more on troubleshooting and design of networks than A+ does. Even if you know most of this already it’s worth looking into in order to address any gaps in your knowledge.
  • Balance book-learning with hands-on learning. Don’t just plow through a textbook or training manual without trying things out yourself. You do need to understand the general ideas before you can build your own lab but don’t over do theory at the expense of application. Which brings us to…
  • Make yourself a home lab. This is one of the best things you could do for yourself as an IT student. The easiest way to experiment with different operating systems and networking configurations is to set up virtual machines with software like Virtualbox or VMware Player. Virtualization gives you so much freedom to experiment without additional cost. Your biggest limits are how much RAM, storage space, and imagination. Everything makes more sense and sticks better when you go through the process of doing it yourself.
  • Make one of your VMs Kali Linux. Kali is chock-full of hack tools and if you’re anything like me it can make it way more fun and easy to learn how things work. For example, reading about how websites work often makes me want to pluck out my eyes. But fire up Burpsuite to learn how to map and exploit a website and suddenly it’s 100% more interesting.
  • If you have the funds and time build your own desktop. It’s fun, it’s custom and it’s educational.
  • Find technology conferences in your area and go to them. It’s a great chance to see what professionals are talking about and learn from them. Most security conferences have various “villages” focused on different skills like lockpicking, badge building, hardware hacking, social engineering or other areas of interest. You can hang-out and learn something new in a laid back environment. There will certainly be presentations and maybe some workshops, competitions or Capture-The-Flag contests (basically jeopardy style computer nerd puzzles).
  • If there are no conferences in your area, or within driving distance there Your school may  have a computer engineering, information technology, or cybersecurity club you could attend and learn from. There may be Python, Linux, security or otherwise techie meetups you can participate in. Look for your local DefCon group as well [something like DC 123 ].
  • Consider checking out infosec twitter, or finding subreddits in your area of technological interest.
  • Don’t psych yourself out. Often, when I invite someone to check out the security club at school they tell me they are worried they don’t know enough. Everyone feels that way at some point, but the whole point of the club is to learn together! What you’re doing to progress, and whether you have the drive to do so, matters more than what you know at this exact moment. If you put in serious effort, and don’t act entitled to other people’s time, you’ll find there are plenty of people who want to share what they know or are willing to give some general guidance.
  • Come up with projects that are fun for you! Build a website, set up a VPN on your raspberry pi. Consider donating your services to a non-profit to contribute to your community and gain experience. 
  • Find an open-source project you love and want to contribute to and use it to learn to code. It might sound crazy but it can be, and has been done.
  • Learn something teach something.  Whether that means a lightning talk, tutoring, blogging, or starting a club!

          What this whole list really comes down to is relax, explore, experiment, and get involved in the community. If you can have fun and work hard at the same time there is really no limit to what you can accomplish.