Vnx-labo-fw

From VNX
Revision as of 15:53, 6 June 2015 by David (talk | contribs)
Jump to: navigation, search

VNX Security laboratory

This scenario has been designed to allow 16 student groups to work together configuring firewalls and using security related tools and Linux security oriented distributions like Kali Linux and Metasploitable.

The full scenario is divided on 8 basic scenarios (Fig. 1) that include the virtual machines used by two student groups. Each student pod is made of a simple corporate network with a DMZ network running a vulnerable server and an internal network with some hosts, as well as an attacker host on Internet with Kali Linux. Additionaly, a server on Internet is included to allow testing connectivity from inside the corporate network to Internet.

Figure 1: basic scenario for two student groups

Installation

  • Download the escenario bundle and unpack it:
  • wget idefix.dit.upm.es/vnx/examples/fw/fw-v01.tgz
    vnx --unpack fw-v01.tgz
    
  • Download and create the root filesystems needed:
  • cd fw/filesystems
    # Create LXC rootfs for firewalls and clients
    ./create-rootfs
    # Download Kali rootfs for attackers
    vnx_download_rootfs -l -r vnx_rootfs_kvm_kali-1.1.0-v025.qcow2 -y
    # Download metasploitable for DMZ server
    vnx_download_rootfs -l -r vnx_rootfs_kvm_ubuntu-8.04-metasploitable-v023.qcow2 -y
    

Starting the scenario

The whole scenario is made of 8 basic scenarios (fw-A.xml, fw-B.xml ... fw-H.xml). Depending on the number of student pods required, start as much scenarios as you need.

There is also an scenario named "fw.xml" designed to be used individually that includes only the first pod of fw-A.xml scenario.

To start a basic scenario:

vnx -f fw-A.xml -v -t


Figure 2: fw-A scenario topology

fw-A scenario