| 1 | {internet} |
|---|
| 2 | | |
|---|
| 3 | +-+--+ |
|---|
| 4 | | GW | \ / |
|---|
| 5 | +-+--+ +---+ +---+ |
|---|
| 6 | | .254 .251 |ap1| .250 |noc| |
|---|
| 7 | backbone net 10.10.0.0/24 | +-+-+ +-+-+ |
|---|
| 8 | | | | |
|---|
| 9 | +---+-------+----------+-------+-----+-----------+-------+----+-----+-+--+ |
|---|
| 10 | .10 | .1 | .20 | .2 | .60 | .6 | |
|---|
| 11 | +-+--+ +-+--+ +-+--+ +-+--+ +-+--+ +-+--+ |
|---|
| 12 | |ext1| |rtr1| |ext2| |rtr2| |ext6| |rtr6| |
|---|
| 13 | +----+ +-+--+ +----+ +-+--+ +----+ +-+--+ |
|---|
| 14 | |.254 |.254 |.254 |
|---|
| 15 | | | | |
|---|
| 16 | 10.10.1.0/24 | 10.10.2.0/24 | 10.10.6.0/24 | |
|---|
| 17 | --+------+-- --+------+-- --+------+-- |
|---|
| 18 | | | | | | | |
|---|
| 19 | .10 | | .253 .10 | | .253 .10 | | .253 |
|---|
| 20 | +--+-+ +-+--+ +--+-+ +-+--+ +--+-+ +-+--+ |
|---|
| 21 | |dmz1| |fw1 | |dmz2| |fw2 | . . . . . |dmz6| |fw6 | |
|---|
| 22 | +----+ +-+--+ +----+ +-+--+ +----+ +-+--+ |
|---|
| 23 | |.254 |.254 |.254 |
|---|
| 24 | | | | |
|---|
| 25 | 10.10.11.0/24 | 10.10.12.0/24 | 10.10.16.0/24 | |
|---|
| 26 | --+------+-- --+------+-- --+------+-- |
|---|
| 27 | | | | | | | |
|---|
| 28 | +--+-+ +-+--+ +--+-+ +-+--+ +--+-+ +-+--+ |
|---|
| 29 | |pc1 | |srv1| |pc2 | |srv2| |pc6 | |srv6| |
|---|
| 30 | +----+ +----+ +----+ +----+ +----+ +----+ |
|---|
| 31 | .10 .1 .10 .1 .10 .1 |
|---|
| 32 | |
|---|
| 33 | Group 1 Group 2 Group 6 |
|---|
| 34 | |
|---|
| 35 | |
|---|
| 36 | Description: |
|---|
| 37 | |
|---|
| 38 | extX = external host for group X |
|---|
| 39 | rtrX = 7200 border router for group X |
|---|
| 40 | dmzX = dmz services host for group X |
|---|
| 41 | fwX = iptables / pfSense FW for group X |
|---|
| 42 | intX = internal server for group X |
|---|
| 43 | pcX = WinXP victim :) |
|---|
| 44 | |
|---|
| 45 | With this topology, we can pretty much do all we need to do: |
|---|
| 46 | |
|---|
| 47 | - demonstrate firewall functionality |
|---|
| 48 | - demonstrate ACLs on IOS |
|---|
| 49 | - setup OSPF on the backbone |
|---|
| 50 | - demo metasploit and pivoting via the XP box |
|---|
| 51 | - nmap / vulnerability scanning |
|---|
| 52 | - port mirroring / analysis of traffic |
|---|
| 53 | - IDS |
|---|
| 54 | - host based labs (services, SSH/SSL, hardening, etc.) |
|---|
| 55 | |
|---|
| 56 | Budget wise, we can allocate about 400 MB RAM to each of the hosts, |
|---|
| 57 | 512 for the XP, and 192 for the rtr. That is roughly 2.3 GB worst |
|---|
| 58 | case memory usage / group. This leaves 2+ GB for base OS and running |
|---|
| 59 | a couple of hosts for the workshop pages and GW. |
|---|