Jump to content

HomeLab advice

Psykologe
 Share
Posted

Hallo Guys,

 

I just signed up and this is my first post here so I hope I don't mess up too much.

At the moment I am planning to build a homeserver to avoid buying to many raspberry pis.

My plans were to use 1 raspberry pi as a honeypot, 1 raspberry pi to host a database for programming projects, one to monitor system activities.... would it be possible to replace the raspberry pis with one server that hosts multiple VMS? (thinking about proxmox for example).

Would every VM in Proxmox need a different hard drive or can they share one?

 

Generally looking for any tips.

Thx in advance!!

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

All the physical drives on a hypervisor like Proxmox get bundled into one storage pool, then each virtual machine gets its own disk image to work with.

 

For the price of two Raspberry Pis (if you can even find any at MSRP), you could get something like a Dell Optiplex 7020 with an i7 and some extra RAM. That's plenty for just messing around with some small VMs. 

 

Craft Computing on YouTube (and Floatplane) has a lot of good homelab-y videos about Proxmox.

 

 

I sold my soul for ProSupport.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
16 minutes ago, Psykologe said:

Hallo Guys,

 

I just signed up and this is my first post here so I hope I don't mess up too much.

At the moment I am planning to build a homeserver to avoid buying to many raspberry pis.

My plans were to use 1 raspberry pi as a honeypot, 1 raspberry pi to host a database for programming projects, one to monitor system activities.... would it be possible to replace the raspberry pis with one server that hosts multiple VMS? (thinking about proxmox for example).

Would every VM in Proxmox need a different hard drive or can they share one?

 

Generally looking for any tips.

Thx in advance!!

Single proxmox host is definitely the way to go, but no offense, based on these level of questions I am not sure hosting a honeypot is the best idea right off the bat. 
 

Proxmox as does every hypervisor host, lets you instal VM’s all on the same drive. I would do more research into it, but I am a very happy proxmox user who recently converted from ESXi. 
 

But again, honeypots should really be firewalled off, and should be used by someone who fully understands what they are doing. With all of the current CPU vulnerabilities, it may not be smart to put this on the same hardware as the rest of the homelab, theoretically someone may be able to exfiltrating data from the VM’s hosted next to it unless you have proper protections in place (this is above my head, but I know enough to know I wouldn’t host a honeypot even tho I would consider myself somewhat knowledgeable and run a full pfsense managed network). 

Rig: i7 13700k - - Asus Z790-P Wifi - - RTX 4080 - - 4x16GB 6000MHz - - Samsung 990 Pro 2TB NVMe Boot + Main Programs - - Assorted SATA SSD's for Photo Work - - Corsair RM850x - - Sound BlasterX EA-5 - - Corsair XC8 JTC Edition - - Corsair GPU Full Cover GPU Block - - XT45 X-Flow 420 + UT60 280 rads - - EK XRES RGB PWM - - Fractal Define S2 - - Acer Predator X34 -- Logitech G502 - - Logitech G710+ - - Logitech Z5500 - - LTT Deskpad

 

Headphones/amp/dac: Schiit Lyr 3 - - Fostex TR-X00 - - Sennheiser HD 6xx

 

Homelab/ Media Server: Proxmox VE host - - 512 NVMe Samsung 980 RAID Z1 for VM's/Proxmox boot - - Xeon e5 2660 V4- - Supermicro X10SRF-i - - 128 GB ECC 2133 - - 10x4 TB WD Red RAID Z2 - - Corsair 750D - - Corsair RM650i - - Dell H310 6Gbps SAS HBA - - Intel RES2SC240 SAS Expander - - TreuNAS + many other VM’s

 

iPhone 14 Pro - 2018 MacBook Air

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
3 hours ago, LIGISTX said:

Single proxmox host is definitely the way to go, but no offense, based on these level of questions I am not sure hosting a honeypot is the best idea right off the bat. 
 

Proxmox as does every hypervisor host, lets you instal VM’s all on the same drive. I would do more research into it, but I am a very happy proxmox user who recently converted from ESXi. 
 

But again, honeypots should really be firewalled off, and should be used by someone who fully understands what they are doing. With all of the current CPU vulnerabilities, it may not be smart to put this on the same hardware as the rest of the homelab, theoretically someone may be able to exfiltrating data from the VM’s hosted next to it unless you have proper protections in place (this is above my head, but I know enough to know I wouldn’t host a honeypot even tho I would consider myself somewhat knowledgeable and run a full pfsense managed network). 

Isolating the honeypot physically seems like a good idea, I will definitely do that. I was just in the process of creating the honeypot when I realized that each project on an raspberry would get very expensive. But good to know I am on the right track.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
3 hours ago, Needfuldoer said:

All the physical drives on a hypervisor like Proxmox get bundled into one storage pool, then each virtual machine gets its own disk image to work with.

 

For the price of two Raspberry Pis (if you can even find any at MSRP), you could get something like a Dell Optiplex 7020 with an i7 and some extra RAM. That's plenty for just messing around with some small VMs. 

 

Craft Computing on YouTube (and Floatplane) has a lot of good homelab-y videos about Proxmox.

 

 

Ah okay. This video is actually where my question arised from. At about 5 minutes he says that to create a VM we need a seperate disk or seperate set of disks. I thought that implied to set up one VM we will need 1 extra disk. If we wanne set up more VMs we will need more.... . After rewatching I understand we have one for the OS and atl east one for the VMs.

 

Thanks that was very helpful.

I was thinking of buying a used Dell Optiplex for about 60 dollars, but there will only be space for once drive...

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
7 minutes ago, Psykologe said:

Isolating the honeypot physically seems like a good idea, I will definitely do that. I was just in the process of creating the honeypot when I realized that each project on an raspberry would get very expensive. But good to know I am on the right track.

So... physical separation is important, but it is a lot less important then network isolation and correct firewalling..... 

 

Do you have it on its own vlan, fully firewalled off from the rest of the network? Is there a way for someone to traverse the honeypot network into any other devices? Are the management interfaces for the honeypot adequately locked down and no one would be able to privilege escalate or gain access to your management surfaces in order to start bypassing whatever security you thought was enough? 

 

I am, by my own admission, smart enough with networking and firewalling to understand how to keep people out at the WAN/LAN boundary and try and have smart vlan and internal firewall rules to help reduce thread surfaces, but I know I am not yet good enough to INVITE PEOPLE IN to my network and give them a playground to try and play in.... As soon as you start opening up ports on firewalls to allow infiltration on purposely insecure surfaces, you really better know what you are doing. Obviously the idea of the honeypot is it is totally sandboxed, but if someone was able to exit the sandbox, and you don't have any of this set up, you just put yourself in a really, really bad position.

 

I am not saying all of this to try and make you feel like this isn't a project you should explore and a hobby that isn't worth investing time and resources into, I am simply saying I would practice an abundance of caution, and I would likely learn a lot more about network security before deploying a honeypot; because again, your literally asking people to try and infiltrate your network...

Rig: i7 13700k - - Asus Z790-P Wifi - - RTX 4080 - - 4x16GB 6000MHz - - Samsung 990 Pro 2TB NVMe Boot + Main Programs - - Assorted SATA SSD's for Photo Work - - Corsair RM850x - - Sound BlasterX EA-5 - - Corsair XC8 JTC Edition - - Corsair GPU Full Cover GPU Block - - XT45 X-Flow 420 + UT60 280 rads - - EK XRES RGB PWM - - Fractal Define S2 - - Acer Predator X34 -- Logitech G502 - - Logitech G710+ - - Logitech Z5500 - - LTT Deskpad

 

Headphones/amp/dac: Schiit Lyr 3 - - Fostex TR-X00 - - Sennheiser HD 6xx

 

Homelab/ Media Server: Proxmox VE host - - 512 NVMe Samsung 980 RAID Z1 for VM's/Proxmox boot - - Xeon e5 2660 V4- - Supermicro X10SRF-i - - 128 GB ECC 2133 - - 10x4 TB WD Red RAID Z2 - - Corsair 750D - - Corsair RM650i - - Dell H310 6Gbps SAS HBA - - Intel RES2SC240 SAS Expander - - TreuNAS + many other VM’s

 

iPhone 14 Pro - 2018 MacBook Air

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
1 hour ago, Psykologe said:

I was thinking of buying a used Dell Optiplex for about 60 dollars, but there will only be space for once drive...

If you get a full size desktop or a tower, you'll have at least a couple 3.5" bays plus the full size 5.25" bays to play with.

I sold my soul for ProSupport.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
19 hours ago, LIGISTX said:

So... physical separation is important, but it is a lot less important then network isolation and correct firewalling..... 

 

Do you have it on its own vlan, fully firewalled off from the rest of the network? Is there a way for someone to traverse the honeypot network into any other devices? Are the management interfaces for the honeypot adequately locked down and no one would be able to privilege escalate or gain access to your management surfaces in order to start bypassing whatever security you thought was enough? 

 

I am, by my own admission, smart enough with networking and firewalling to understand how to keep people out at the WAN/LAN boundary and try and have smart vlan and internal firewall rules to help reduce thread surfaces, but I know I am not yet good enough to INVITE PEOPLE IN to my network and give them a playground to try and play in.... As soon as you start opening up ports on firewalls to allow infiltration on purposely insecure surfaces, you really better know what you are doing. Obviously the idea of the honeypot is it is totally sandboxed, but if someone was able to exit the sandbox, and you don't have any of this set up, you just put yourself in a really, really bad position.

 

I am not saying all of this to try and make you feel like this isn't a project you should explore and a hobby that isn't worth investing time and resources into, I am simply saying I would practice an abundance of caution, and I would likely learn a lot more about network security before deploying a honeypot; because again, your literally asking people to try and infiltrate your network...

Well I wouldn't consider myslelf an expert I am very novice. But I am following this project:

 

When I have honeypot running localy I am not "inviting everyone" to hack my since if they are finding this honeypot they are already in my network trying to hack me but I can realize it much faster an "defend".

The project itself offers a way to notify me via a e-mail when sb tries to connect to the pot in any way. The pot itself in my understanding will answer very vulnerable to scans via tools like nmap but the services that seem vulnerable aren't actually running.

After I have been e-mailed I am planing to script sth. that restarts my router so my network has a new IP.

 

I am not planning to open any ports myself, I am just installing the project. The honeypot should also not run in a different network since I want to see when my network is attacked.

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
22 hours ago, Psykologe said:

Well I wouldn't consider myslelf an expert I am very novice. But I am following this project:

 

When I have honeypot running localy I am not "inviting everyone" to hack my since if they are finding this honeypot they are already in my network trying to hack me but I can realize it much faster an "defend".

The project itself offers a way to notify me via a e-mail when sb tries to connect to the pot in any way. The pot itself in my understanding will answer very vulnerable to scans via tools like nmap but the services that seem vulnerable aren't actually running.

After I have been e-mailed I am planing to script sth. that restarts my router so my network has a new IP.

 

I am not planning to open any ports myself, I am just installing the project. The honeypot should also not run in a different network since I want to see when my network is attacked.

 

I don’t think your network is going to be attacked… just use a decent firewall and don’t expose untrusted services to the internet.

 

The ways in which individuals get hacked is via downloading malicious code from opening spam emails, bad websites, or IoT devices going roque. The chance of someone actually penetrating your network just for fun is very low, and if they are inside your network they likely will have gotten there via infecting a device. And the first thing anyone who gains access to a network assuming they want to come back is set up a way for it to phone home. So even if you did force a new public IP, the new IP would just be sent to whomever is attacking anyways. 
 

My point is, trying to protect against extremely sophisticated network intrusion isn’t really something that is worth while to do as a home user with little experience. Honeypots make sense in enterprise because the network is large, and you hopefully have time to stop things from getting worse. I’m a home network that will likely be compromised via malicious email or website, your main PC will likely be where they gain a foothold from, so the damage is likely already done. 
 

Just something to think about…

Rig: i7 13700k - - Asus Z790-P Wifi - - RTX 4080 - - 4x16GB 6000MHz - - Samsung 990 Pro 2TB NVMe Boot + Main Programs - - Assorted SATA SSD's for Photo Work - - Corsair RM850x - - Sound BlasterX EA-5 - - Corsair XC8 JTC Edition - - Corsair GPU Full Cover GPU Block - - XT45 X-Flow 420 + UT60 280 rads - - EK XRES RGB PWM - - Fractal Define S2 - - Acer Predator X34 -- Logitech G502 - - Logitech G710+ - - Logitech Z5500 - - LTT Deskpad

 

Headphones/amp/dac: Schiit Lyr 3 - - Fostex TR-X00 - - Sennheiser HD 6xx

 

Homelab/ Media Server: Proxmox VE host - - 512 NVMe Samsung 980 RAID Z1 for VM's/Proxmox boot - - Xeon e5 2660 V4- - Supermicro X10SRF-i - - 128 GB ECC 2133 - - 10x4 TB WD Red RAID Z2 - - Corsair 750D - - Corsair RM650i - - Dell H310 6Gbps SAS HBA - - Intel RES2SC240 SAS Expander - - TreuNAS + many other VM’s

 

iPhone 14 Pro - 2018 MacBook Air

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Servers, NAS, and Home Lab

×