Vnx-labo-fw
VNX Security laboratory
This scenario has been designed to allow 16 student groups to work together configuring firewalls and using security related tools and Linux security oriented distributions like Kali Linux and Metasploitable.
The full scenario is divided on 8 basic scenarios (Fig. 1) that include the virtual machines used by two student groups. Each student pod is made of a simple corporate network with a DMZ network running a vulnerable server and an internal network with some hosts, as well as an attacker host on Internet with Kali Linux. Additionaly, a server on Internet is included to allow testing connectivity from inside the corporate network to Internet.
Installation
- Download the escenario bundle and unpack it:
wget idefix.dit.upm.es/vnx/examples/fw/fw-v01.tgz vnx --unpack fw-v01.tgz
cd fw/filesystems # Create LXC rootfs for firewalls and clients ./create-rootfs # Download Kali rootfs for attackers vnx_download_rootfs -l -r vnx_rootfs_kvm_kali-1.1.0-v025.qcow2 -y # Download metasploitable for DMZ server vnx_download_rootfs -l -r vnx_rootfs_kvm_ubuntu-8.04-metasploitable-v023.qcow2 -y
Starting the scenario
The whole scenario is made of 8 basic scenarios (fw-A.xml, fw-B.xml ... fw-H.xml). Depending on the number of student pods required, start as much scenarios as you need. All the basic scenarios share the "Internet" subnet, so if you start several of them you will get automatic connectivity among all systems (routers run quagga OSPF daemon to provide it).
There is also an scenario named "fw.xml" designed to be used individually that includes only the first pod of fw-A.xml scenario.
To start a basic scenario:
vnx -f fw-A.xml -v -t