I say start small and build up. Start with two computers, the attacker and the target. For the attacker use whatever operating system you are most comfortable using and for the target start with windows or linux. The target os is a choice you can make.

Start with installing defualt setups and find out what you can break in to on the other computer. Once you figure out the flaws, fix them and try again. Once you have your target to the point where you are unable to do anything to it but it is still functional (i.e. can still surf web and operate without issues) then change the operating system on the target and start over.

When you get the hang of attacking one computer and know how to secure it from attack then try creating a target computer and have someone else try to get in. If they can't then that is good. Then have someone else setup the target and secure it the best they can and see if you can get in to it then.

I don't see why you would need more than 2 or 3 machines to do this and of course your network setup is going to affect what you can or can't do as well. Try a direct connection or hub setup first and move up from there. If you have the luxury try using someone elses internet connection and computer and see if you can get in that way.

Some may disagree with my post but this is how I started and seems to be the easiest way for me but then I learn much easier by example than reading about or being told about how to do something.

Please feel free to ask questions or provide constructive feedback about my post.