Secure Networking - A Company Network Project on Open-Source
- Description
- Curriculum
- FAQ
- Reviews
When it comes to open-source, the sky is the limit!
In a nutshell, you will build a company-like network with headquarter and branch office on Unix-like OSs and open-source tools, then try to hack its vulnerabilities.
From switches to endpoints, clustered firewalls, servers incl. Network Access Control, shortly NAC server, jumpers, and anything else are all built on a flavor of Linux OS such as openSUSE, AlpineLinux, Debian, Ubuntu, etc., or a Unix-like OS such as FreeBSD.
Network security should be embedded into the nature of the corporate’s network and that is what we learn in this course.
We do not care much about vendors and logos, but practical concepts. For example, we dive into Shell commands, TCP/IP and networking fundamental concepts, and core network security principles using open-source, yet industry-proven products.
We aim to teach you how standard networking concepts are “designed” and are also “applied” in work environments.
Why a pure Linux-based network? Besides the fact that Linux runs the world, if you learn the secure networking using Linux, Unix, and open-source tools, you will feel pretty confident about their commercial equivalents. For example, if you learn network firewalling using iptables and nftables, you won’t have any issues with Cisco FirePower, FortiGate, or Juniper firewalls.
As said, we are not into vendors, we are interested in standardized theoretical concepts and practical technics. This method will give you a firm conceptual understanding of underlying technologies and ideas about how finished products like Cisco switches, Fortigate Firewalls, Cisco ISE NAC, HPE Aruba, and so on, actually work behind the scene.
In the end, you will run the most common network attacks using Kali Linux against the network you built yourself.
Your Learning Key-Terms:
Virtualization
GNS3 Lab (with Hyper-V & VirtualBox Integration)
TCP/IP
OSI Model
Network Topologies
IP Subnetting
VLAN
Traffic Tagging
Trunking
NIC Teaming
LAGG (Link Aggregation)
MLAG (Multi-Chassis Link Aggregation)
Bond Modes: Active-Backup, 802.3ad (LACP)
Bridging
Spanning Tree
Inter-VLAN Routing
Routing & ARP Tables
MAC Flood
IEEE 802.1X & MAB (MAC Address Bypass)
Network Access Control (NAC)
PacketFence (Open Source NAC)
Extensible Authentication Protocol (EAP) (EAPoL)
RADIUS (FreeRADIUS)
Linux Open Source Networking
Nvidia Cumulus Linux Switch
openSUSE Linux
Ubuntu Linux
Alpine Linux
Linux Shell Command Line
Firewalls
Netfilter Framework
Packet Filtering
iptables
nftables
Packet Capture Analysis
Wireshark, TShark, Termshark, and TCPDump
Linux Clustering
keepalived
VRRP
ConnTrack
Virtual Private Network (VPN)
OpenVPN
strongSwan IPSec (swanctl)
WireGuard
pfSense Firewall (FreeBSD)
pfSense Cluster
Next-Gen Firewall
Demilitarized Zone (DMZ)
Ethical Hacking Network Attacks and Technics
SSH BruteForce Attack
MITM with Mac Spoofing Attack
MITM with DHCP Spoofing Attack
DOS Attack (POD, SYNFLOOD, BPDUs, CDP)
Yersinia
DHCP Starvation
DNS Spoofing
Offensive Packet Sniffing
ARP spoofing, ARP cache poisoning attack
Network hacking
Cyber security
Network Hardening Solutions
-
4Network Topologies - Bus, Ring, Mesh and HybridVideo lesson
-
5Network Types - LAN, WLAN, WAN, SAN, MPLS and SDWANVideo lesson
-
6OSI Network Model vs. TCP/IP ModelVideo lesson
-
7Network Protocols and ServicesVideo lesson
-
8IP AddressingVideo lesson
-
9IP SubnettingVideo lesson
-
10Routing - ANDing, Default, Static, Dynamic RoutesVideo lesson
-
11Switching - VLANs, STP, LAG and MLAGVideo lesson
-
12Network Architecture - 3 Tiers vs. Spine Leaf DesignVideo lesson
-
1350 years of Unix-like heritage: Research Unix, BSD, GNU, Linux and macOSVideo lesson
-
14Part 1: 50 "must-know" shell commands working on any Unix-like OS since 70sVideo lesson
-
15Part 2: 50 "must-know" shell commands working on any Unix-like OS since 70sVideo lesson
-
16Part 3: 50 "must-know" shell commands working on any Unix-like OS since 70sVideo lesson
-
17Part 4: 50 "must-know" shell commands working on any Unix-like OS since 70sVideo lesson
-
18vi basics - a ubiquitous screen-oriented text editor on any Unix-like OSVideo lesson
-
19net-tools and/or iproute2 - Networking tools on any Unix-like OSVideo lesson
-
20Quick-tour of packet capture analysisVideo lesson
-
21Clarifying Wireshark vs. TShark vs. TermShark vs. TCPDumpVideo lesson
-
22Why learning packet analysis? A use-case exposing RCE attack payloadVideo lesson
-
23Installing Wireshark, Termshark, TShark and TCPDump on Kali LinuxVideo lesson
-
24Installing Wireshark and TShark on MS WindowsVideo lesson
-
25TCPDump use-cases: credentials, Cookies, headers, URL, remote packet captureVideo lesson
-
26Wireshark interafce walkthrough and possibilitiesVideo lesson
-
27Wireshark filters, syntax glossary, PCAP investigation, chaining, HTML rebuildVideo lesson
-
28TCP/IP Model revisited in WiresharkVideo lesson
-
29Packet analses with PCAP visualizationVideo lesson
-
30Capturing packets on GNS3 links using WiresharkVideo lesson
-
33Important Note: Cumulus Linux Version UpgradeText lesson
-
34Nvidia Cumulus Linux - An Open-Source Linux-based SwitchVideo lesson
-
35Headquarter - Creating physical connectivity with spine-leaf designVideo lesson
-
36Headquarter - Adding Alpine Linux clientsVideo lesson
-
37Headquarter - Layer 2 Configuration - Interfaces and VLANs - Part 1Video lesson
-
38Headquarter - Layer 2 Configuration - Interfaces and VLANs - Part 2Video lesson
-
39Headquarter - Spanning Tree Protocol (STP) on Cumulus Linux switchesVideo lesson
-
40Headquarter - Creating virtual layer 3 interfaces for management VLANVideo lesson
-
41Headquarter - Configuring Bond interfaces, LAG and MLAG in Cumulus Linux - P1Video lesson
-
42Headquarter - Configuring Bond interfaces, LAG and MLAG in Cumulus Linux - P2Video lesson
-
43Branch Office - Network Prepration in GNS3Video lesson
-
44Branch Office - Switches Trunk & Access ports, VLAN interfaces, Bonds & MLAGVideo lesson
-
45Read me firstText lesson
-
46Headquarter - Create a custom VM for the openSUSE Linux Server clusterVideo lesson
-
47Headquarter - Change network adapters type to Paravirtualized Network I/OVideo lesson
-
48Headquarter - Creating bond interfaces on openSUSE Linux with LACP modeVideo lesson
-
49Headquarter - Troubleshooting inter-cluster Bond connectivity issues on Linux FWVideo lesson
-
50Headquarter - Configure MLAG on Cumulus switches for firewall cluster bond linksVideo lesson
-
51Headquarter - Configure virtual VLAN interfaces on linux firewall clusterVideo lesson
-
52Headquarter - Disable IPv6 on the Linux firewallsVideo lesson
-
53Headquarter - Installing keepalived (VRRP) on both OpenSUSE Linux firewallsVideo lesson
-
54Headquarter - Configuring keepalived (VRRP) for OpenSUSE firewall HA clusterVideo lesson
-
55Introduction to netfilter framework - Part 1Video lesson
-
56Introduction to netfilter framework - Part 2Video lesson
-
57Headquarter - Change default policies of iptables chains to explicit dropVideo lesson
-
58Headquarter - Create IPTables service on openSUSE firewall & service TShootsVideo lesson
-
59Headquarter - Create iptables service on the slave firewallVideo lesson
-
60Headquarter - Providing internet to VLAN 20 using MASQUERADE NAT rulesVideo lesson
-
61Headquarter - Configure Linux DHCP Server to assign each VLAN's own IP rangeVideo lesson
-
62Headquarter - Start creating Inter-VLAN iptables rules on OpenSUSE FW clusterVideo lesson
-
63Headquarter - Continue creating Inter-VLAN iptables policies on firewall clusterVideo lesson
-
64Headquarter - Creating iptables DNAT rules to publish web server from DMZ VLANVideo lesson
-
65Headquarter - Restrict & log SSH Brute-force attacks with iptables RECENT moduleVideo lesson
-
66Headquarter - Visualize iptables rules with gressgraphVideo lesson
-
67Headquarter - nftables basicsVideo lesson
-
68Headquarter - Transform iptables rules into nftables & create an nft service, P1Video lesson
-
69Headquarter - Transform iptables rules into nftables & create an nft service, P2Video lesson
-
70Headquarter - Restrict SSH Brute-force attacks for 5 minutes with Linux nftablesVideo lesson
-
71Branch Office - Installing pfSense machines in GNS3Video lesson
-
72Branch Office - Reassigning the interfaces and start the initial pfSense configVideo lesson
-
73Branch Office - Configure pfSense interfaces, LAGG, VLAN interfaces and pfSyncVideo lesson
-
74Branch Office - Setup pfSense High-Availibity & MLAG between Cumulus and pfSenseVideo lesson
-
75Branch Office - Configure pfSense DHCP server for clients and management VLANsVideo lesson
-
76Branch Office - Create aliases in pfSense and add floating & VLAN firewall rulesVideo lesson
-
77Branch Office - Create Inter-VLAN rules from Clients and Mgmt to DMZ on pfSenseVideo lesson
-
78Branch Office - Setup UFW on Ubuntu Web server in DMZ & test inter-VLAN accessVideo lesson
-
79Branch Office - DNAT or Reverse NAT for web server access in DMZ from internetVideo lesson
-
80Setup Site to Site VPN between OpenSUSE Linux and pfSense using Strongswan - P1Video lesson
-
81Setup Site to Site VPN between OpenSUSE Linux and pfSense using Strongswan - P2Video lesson
-
82Troubleshooting Site to Site IPSec VPN between OpenSUSE Linux and pfSenseVideo lesson
-
83Preparing OpenVPN server on pfSense - CA server, certificate & export pluginVideo lesson
-
84Setup OpenVPN remote access on pfSense & setup home-office Ubuntu OpenVPN clientVideo lesson
-
85Setup WireGuard VPN between OpenSUSE firewall and Ubuntu as remote IoT clientVideo lesson
External Links May Contain Affiliate Links read more