Skip to content

Host‐based network infrastructure

Jump to bottom
reubenajohnston edited this page Feb 15, 2025 · 70 revisions

Network design

This network is used to explore malicious attacks against servers running within this private network. E.g., it is a safe area to perform denial-of-service attacks on a private www server that is also hosted by this network. The general network design is depicted in the diagram below.

Design above was created using yed. Its design file is self-hosted infrastructure.graphml.

The network design is implemented using a combination of virtual machines and containers. The image below illustrates how they are used together.

The concept above can run identical operating systems on host or VM or container, and is not unlike the layered planes of reality presented in The Matrix movie. E.g., a process named Neo that is running from within any of them would not know otherwise, as from its perspective, they are all the same OS. Below is an image from The Matrix where Neo visualizes that his current form of reality is a virtual environment in a computer program (one could do the something similar in Linux by checking for hypervisor flag being present in /proc/cpuinfo to identify one is running in a VM or by checking for the existence of /.dockerenv to identify one is running in a container).

The network architecture details are depicted in the diagram below. image

General steps

Setup

  1. Create a VMs folder
  2. Obtain VMware and install it (see here)
  3. Setup VMnet1 private network as detailed here.

Create Ubuntu Server VM base

  1. Create a subfolder in your VMs folder for an Ubuntu server VM (e.g., VMs/Ubuntu-24.04.1)
  2. Create a VM inside your folder created above, as detailed here
  3. Install Ubuntu Server with Docker into the VM created above
    1. Follow steps here to install Ubuntu Ubuntu-x86-64-VM
    2. Install Docker in the Ubuntu server VM as described on Docker-on-Ubuntu
  4. Optional step: Create a subfolder in your VMs folder for an Ubuntu server VM archive (e.g., VMs/archives/Ubuntu-24.04.1)
  5. Optional step: Clone the Ubuntu Server VM to an archive copy inside your folder created above

Create Kali VM

  1. Create a subfolder in your VMs folder for a Kali VM (e.g., VMs/Kali-2024.4)
  2. Create a VM inside your folder created above, as detailed here
  3. Install Kali with Docker into the VM created above
    1. Follow steps here to install Kali Kali-x86-64-VM
    2. Install Docker in the Kali VM as described on Docker-On-Kali

Clone the Ubuntu VM and setup names

  1. Create another folder in your VMs folder for an Ubuntu server VM to use for your target VM (e.g., VMs/archives/Ubuntu-24.04.1-target)
  2. Clone the original Ubuntu Server VM into a second instance inside your folder created above that will be used for the target host (e.g., name it Ubuntu-24.04.1-target)
  3. In VMware, rename your initial Ubuntu Server VM to designate it as the infrastructure host (e.g., Ubuntu-24.04.1-infrastructure)

Setup networking services for the Ubuntu VMs

  1. Follow the infrastructureVm-README.md to setup networking in the main infrastructure host
  2. Follow the targetVm-README.md to setup networking in the target host

Setup networking in the Kali attack host

1. Open nm-connection-editor and setup eth0 and eth1 adapters
1. Install a localhost resolver by following the instructions [here](https://github.com/jhu-information-security-institute/infrastructure/wiki/Localhost-resolver).  It is also possible that we can configure NetworkManager to address the DNS resolution problem in Kali, to eliminate this step.

Install Portainer

  1. Install Portainer as described here

Verify VM setup

Perform the following steps on your VMs to confirm DNS and routing are working in our netsec-docker.isi.jhu.edu subnet and with the Internet.

  • Run ifconfig to confirm ip addresses are correct
  • Ensure DNS is setup properly by testing both an internet host and netsec-docker host
    • $ nslookup www.google.com
    • $ nslookup dhcp.netsec-docker.isi.jhu.edu
  • Ensure routing is setup properly by testing both an internet host and netsec-docker host
    • $ ping www.google.com
    • $ ping dhcp.netsec-docker.isi.jhu.edu
  • Note that public DNS is not setup in the containers. See the Troubleshooting section below.

Installation of security mechanisms

  1. Follow the Suricata for Ubuntu instructions to install an intrusion detection system in the infrastructure VM
  2. This is not ready yet!! Follow the FreeIPA instructions to setup an identity management system in the CentOS VM
  3. This is not ready yet!! Follow the SELKS instructions to setup a security information event monitoring system in the infrastructure VM (Note, this replaces the Suricata container described above)

Troubleshooting

  • Containers should have Internet connectivity but are not configured with public domain name servers (e.g., see their /etc/resolv.conf).
    • Temporarily add nameservers if you need to install something by updating /etc/resolv.conf within the container 
      nameserver <IPADDRESSOFINTERNETROUTER>
nameserver 8.8.8.8
    • Make sure to revert it back afterwards; otherwise, your netsec-docker.isi.jhu.edu DNS might have issues
  • If your container build fails due to DNS not working, follow the 'Specify DNS servers for Docker' here
  • Misconfiguration or improper execution of steps in the sequence might result in loss of internet connectivity for your VM. If this happens, check that you do not have multiple default routes. If that is the case, your VM might be using a non-existent route to try and reach the internet.
    • Query the routes by using: $ ip route show
    • Delete an extra default route by using the information above to diagnose the one that should be removed and then running a similar command to the following: ip route delete default via <ROUTE-IP-ADDRESS-TO-DELETE> dev <VIRTUAL-INTERFACE-DEVICE>
Clone this wiki locally