13.11.2022, 09:41
![[Bild: zdtm4lsyy4r4ugvu0zdlxihept.jpg]](https://abload.de/img/zdtm4lsyy4r4ugvu0zdlxihept.jpg)
Secure Networking - A Company Network Project On Open-Source
Published 9/2022
MP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHz
Language: English | Size: 7.50 GB | Duration: 15h 16m
Build & pentest a segmented network on Cumulus Linux, PacketFence NAC, clustered nftables, pfSense, VPN, 2FA & Wireshark
What you'll learn
Building up a company-grade segmented network with embeded security, ENTIRELY on Unix-like OS
Project-based learning of configuring firewall clusters on OpenSUSE Linux as well as pfSense
Learn about NAC (802.1X, EAP, EAPoL) using PacketFence to reject or accpet clients on switches
Learn underlying cluster technologies e.g. Keepalived & VRRP
Networking core fundamentals such as Traffic Tagging using VLANs, Trunking, STP, subnetting, LAG, MLAG, etc.
Learn firewall's core functionalities & be able to work with any firewall, no matter what brand
Initial to advanced configuration of Nvidia Cumulus Linux switches
Learn how head & branch offices securely communicate using IPSec site to site VPN
Practicing network segmentation, compartmentalization, & isolation
Learn how to create different VLANs in a company and control their traffic on each other
Setting up Linux based DHCP server to serve IP addresses in different VLANs
Learn network redundency methods e.g. LACP (802.3ad), balance-rr, balance-xor, etc. on Linux, pfSense and Cumulus switch
Learn how to migrate from iptables to nftables
Project-based learning of advanced pfSense firewall features
Project-based learning of packet capture & analysis using Wireshark, TShark, TermShark & TCPDump
Learn about openSUSE, AlpineLinux, Debian, Ubuntu and FreeBSD
Implement IPSec VPN on openSUSE using strongSwan
Configuring openVPN remote access for home office users
Configuring Wireguard remote access for IoT devices (key based authentication)
Learn how to harden SSH logins using two-factor authentication (2FA)
Learn virtualization using VirtualBox and GNS3
Learn most common network attacks and penetration testing technics
Requirements
No prior programming knowledge required
Basic IT & networking skills
A virtualization compatible computer
Internet connection
Passionate curiosity for learning (is a must)
Description
When it comes to open-source, the sky is the limit! In a nutshell, you learn networking and network defense in one go using only open source tools. You will build up a secure network from scratch, entirely on Linux, from switches to endpoints, clustered firewalls, servers incl. Network Access Control, shortly NAC server, are all built on a flavor of Linux OS such as openSUSE, AlpineLinux, Debian, Ubuntu, etc., or a Unix-like OS such as FreeBSD.We do not care much about vendors and logos, but practical concepts. For example, TCP/IP, networking fundamental concepts, and core network security principles using open-source, yet industry-proven products.We aim to teach you how standard networking concepts are "designed" and are also "applied" in work environments. Why a pure Linux-based network? well, besides the fact that Linux runs the world, if you learn the secure networking using Linux, Unix, and open-source tools, you will feel pretty confident when it comes to their commercial equivalents. For example, if you learn network firewalling using iptables and nftables, you won't have any issues with Cisco FirePower, FortiGate, or Juniper firewalls. As said, we are not into vendors, we are interested in standardized theoretical concepts and practical technics. This method will give you a firm conceptual understanding of underlying technologies and ideas about how finished products like Cisco switches, Fortigate Firewalls, Cisco ISE NAC, HPE Aruba Clearpass, and so on, actually work behind the scene.In the end, you will run the most common network attacks against the network you built up yourself.Your Learning Key-Terms:VirtualizationGNS3 Lab (with Hyper-V & VirtualBox Integration)TCP/IPOSI ModelNetwork TopologiesIP SubnettingVLANTraffic TaggingTrunkingNIC TeamingLAGG (Link Aggregation)MLAG (Multi-Chassis Link Aggregation)Bond Modes: Active-Backup, 802.3ad (LACP)BridgingSpanning TreeInter-VLAN RoutingRouting & ARP TablesMAC FloodIEEE 802.1X & MAB (MAC Address Bypass)Network Access Control (NAC)PacketFence (Open Source NAC)Extensible Authentication Protocol (EAP) (EAPoL)RADIUS (FreeRADIUS)Linux Open Source NetworkingNvidia Cumulus Linux SwitchopenSUSE LinuxUbuntu LinuxAlpine LinuxFreeBSD (for pfSense & TrueNAS)Open Source Storage (FreeNAS)Linux Shell Command LineFirewallsNetfilter FrameworkPacket FilteringiptablesnftablesPacket SniffingWireshark, TShark, Termshark, and TCPDumpLinux ClusteringkeepalivedConnTrackVirtual Private Network (VPN)OpenVPNstrongSwan IPSec (swanctl)pfSense Firewall (FreeBSD)pfSense ClusterNext-Gen FirewallDemilitarized Zone (DMZ)Ethical Hacking Network Attacks and TechnicsSSH/Telnet/SMB/ BruteForce AttackMITM with Mac Spoofing AttackMITM with DHCP Spoofing AttackDOS Attack (POD, SYNFLOOD, BPDUs, CDP)VLAN Hopping Attack (Yersinia)STP AttackContent Addressable Memory (CAM) Table Overflows AttackARP spoofing, ARP cache poisoning attackNetwork Hardening Solutions
Overview
Section 1: Fundamentals 1: Building up a GNS3 Virtual Lab
Lecture 1 Skip this section if...
Lecture 2 GNS3 VM & Server, templates for Linux nodes, pfSense, Cumulus & VBox Integration
Section 2: Fundamentals 2: Networking Basics
Lecture 3 Network Topologies - Bus, Ring, Mesh and Hybrid
Lecture 4 Network Types - LAN, WLAN, WAN, SAN, MPLS and SDWAN
Lecture 5 OSI Network Model vs. TCP/IP Model
Lecture 6 Network Protocols and Services
Lecture 7 IP Addressing
Lecture 8 IP Subnetting
Lecture 9 Routing - ANDing, Default, Static, Dynamic Routes
Lecture 10 Switching - VLANs, STP, LAG and MLAG
Lecture 11 Network Architecture - 3 Tiers vs. Spine Leaf Design
Section 3: Fundamentals 3: Unix-like OS Basics
Lecture 12 50 years of Unix-like heritage: Research Unix, BSD, GNU, Linux and macOS
Lecture 13 Part 1: 50 "must-know" shell commands working on any Unix-like OS since 70s
Lecture 14 Part 2: 50 "must-know" shell commands working on any Unix-like OS since 70s
Lecture 15 Part 3: 50 "must-know" shell commands working on any Unix-like OS since 70s
Lecture 16 Part 4: 50 "must-know" shell commands working on any Unix-like OS since 70s
Lecture 17 vi basics - a ubiquitous screen-oriented text editor on any Unix-like OS
Lecture 18 net-tools and/or iproute2 - Networking tools on any Unix-like OS
Section 4: Fundamentals 4: Packet Capture Analysis using TCPDump, Wireshark and TShark
Lecture 19 Quick-tour of packet capture analysis
Lecture 20 Clarifying Wireshark vs. TShark vs. TermShark vs. TCPDump
Lecture 21 Why learning packet analysis? A use-case exposing RCE attack payload
Lecture 22 Installing Wireshark, Termshark, TShark and TCPDump on Kali Linux
Lecture 23 Installing Wireshark and TShark on MS Windows
Lecture 24 TCPDump use-cases: credentials, Cookies, headers, URL, remote packet capture
Lecture 25 Wireshark interafce walkthrough and possibilities
Lecture 26 Wireshark filters, syntax glossary, PCAP investigation, chaining, HTML rebuild
Lecture 27 TCP/IP Model revisited in Wireshark
Lecture 28 Packet analses with PCAP visualization
Lecture 29 Capturing packets on GNS3 links using Wireshark
Section 5: Company Network Project Kickoff
Lecture 30 Project requirements gathering and specifications document
Lecture 31 Project's basic shapes and colour codes in GNS3
Section 6: Adding Open Source Switches (Cumulus Linux)
Lecture 32 Nvidia Cumulus Linux - An Open-Source Linux-based Switch
Lecture 33 Headquarter - Creating physical connectivity with spine-leaf design
Lecture 34 Headquarter - Adding Alpine Linux clients
Lecture 35 Headquarter - Layer 2 Configuration - Interfaces and VLANs - Part1
Lecture 36 Headquarter - Layer 2 Configuration - Interfaces and VLANs - Part2
Lecture 37 Headquarter - Spanning Tree Protocol (STP) on Cumulus Linux switches
Lecture 38 Headquarter - Creating virtual layer 3 interfaces for management VLAN
Lecture 39 Headquarter - Configuring Bond interfaces, LAG and MLAG in Cumulus Linux - P1
Lecture 40 Headquarter - Configuring Bond interfaces, LAG and MLAG in Cumulus Linux - P2
Lecture 41 Branch Office - Network Prepration in GNS3
Lecture 42 Branch Office - Switches Trunk & Access ports, VLAN interfaces, Bonds & MLAG
Section 7: Adding 2 Firewall Clusters: Linux nftables (Keepalived VRRP) & pfSense HA (CARP)
Lecture 43 Read me first
Lecture 44 Headquarter - Create a custom VM for the openSUSE Linux Server cluster
Lecture 45 Headquarter - Change network adapters type to Paravirtualized Network I/O
Lecture 46 Headquarter - Creating bond interfaces on openSUSE Linux with LACP mode
Lecture 47 Headquarter - Troubleshooting inter-cluster Bond connectivity issues on Linux FW
Lecture 48 Headquarter - Configure MLAG on Cumulus switches for firewall cluster bond links
Lecture 49 Headquarter - Configure virtual VLAN interfaces on linux firewall cluster
Lecture 50 Headquarter - Disable IPv6 on the Linux firewalls
Lecture 51 Headquarter - Installing keepalived (VRRP) on both OpenSUSE Linux firewalls
Lecture 52 Headquarter - Configuring keepalived (VRRP) for OpenSUSE firewall HA cluster
Lecture 53 Introduction to netfilter framework - Part 1
Lecture 54 Introduction to netfilter framework - Part 2
Lecture 55 Headquarter - Change default policies of iptables chains to explicit drop
Lecture 56 Create IPTables service on openSUSE firewall cluster & TShooting the service
Lecture 57 Headquarter - Create iptables service on the slave firewall
Lecture 58 Headquarter - Providing internet to VLAN 20 using MASQUERADE NAT rules
Lecture 59 Headquarter - Configure Linux DHCP Server to assign each VLAN's own IP range
Lecture 60 Headquarter - Start creating Inter-VLAN iptables rules on OpenSUSE FW cluster
Lecture 61 Headquarter - Continue creating Inter-VLAN iptables policies on firewall cluster
Lecture 62 Headquarter - Creating iptables DNAT rules to publish web server from DMZ VLAN
Lecture 63 Headquarter - Restrict & log SSH Brute-force attacks with iptables RECENT module
Lecture 64 Headquarter - Visualize iptables rules with gressgraph
Lecture 65 Headquarter - nftables basics
Lecture 66 Headquarter - Transform iptables rules into nftables & create an nft service, P1
Lecture 67 Headquarter - Transform iptables rules into nftables & create an nft service, P2
Lecture 68 Headquarter - Restrict SSH Brute-force attacks for 5 minutes with Linux nftables
Lecture 69 Branch Office - Installing pfSense machines in GNS3
Lecture 70 Branch Office - Reassigning the interfaces and start the initial pfSense config
Lecture 71 Branch Office - Configure pfSense interfaces, LAGG, VLAN interfaces and pfSync
Lecture 72 Branch Office - Setup pfSense High-Availibity & MLAG between Cumulus and pfSense
Lecture 73 Branch Office - Configure pfSense DHCP server for clients and management VLANs
Lecture 74 Branch Office - Create aliases in pfSense and add floating & VLAN firewall rules
Lecture 75 Branch Office - Create Inter-VLAN rules from Clients and Mgmt to DMZ on pfSense
Lecture 76 Branch Office - Setup UFW on Ubuntu Web server in DMZ & test inter-VLAN access
Lecture 77 Branch Office - DNAT or Reverse NAT for web server access in DMZ from internet
Section 8: Adding Open Source VPN technologies using Strongswan IPSec, OpenVPN & Wireguard
Lecture 78 Setup Site to Site VPN between OpenSUSE Linux and pfSense using Strongswan - P1
Lecture 79 Setup Site to Site VPN between OpenSUSE Linux and pfSense using Strongswan - P2
Lecture 80 Troubleshooting Site to Site IPSec VPN between OpenSUSE Linux and pfSense
Lecture 81 Preparing OpenVPN server on pfSense - CA server, certificate & export plugin
Lecture 82 Setup OpenVPN remote access on pfSense & setup home-office Ubuntu OpenVPN client
Lecture 83 Setup WireGuard VPN between OpenSUSE firewall and Ubuntu as remote IoT client
Section 9: Adding Open Source Network Access Control (NAC) using PacketFence
Lecture 84 How NAC works? EAP, EAPoL, RADIUS, dot1x - P1
Lecture 85 How NAC works? EAP, EAPoL, RADIUS, dot1x - P2
Lecture 86 Installing PacketFence NAC Server on a Debian Linux
Lecture 87 Initializing PacketFence Web Configurator
Lecture 88 Deplying Network Access Server (NAS) and FreeRADIUS with MAB Profiles
Lecture 89 Configure IEEE 802.1X, Parking & Dynamic VLAN assignment on Cumulus Linux Switch
Section 10: Adding Two-factor authentication (2FA) to SSH servers in management VLAN
Lecture 90 Setting up 2FA for SSH server on Ubuntu jump hosts in management VLAN
Section 11: How secure did we build this network? Let's pentest it!
Lecture 91 Introduction to penetration testing for this project
Lecture 92 Reconnaissance of headquarter network using NMAP
Lecture 93 Implementing SSH brute force against headquarter using our NMAP findings
Lecture 94 ARP Poisoning attack to capture headquarter network traffic e.g. credentials
Lecture 95 DHCP starvation attack agains OpenSUSE DHCP server in headquarter (DOS attack)
Lecture 96 DHCP spoofing by Yersinia in headquarter to deviate the network gateway and DNS
Computer Students, learners and enthusiasts,IT administrators,Network engineers,Linux engineers,Cybersecurity specialists,Firewall administrators
Homepage
![[Bild: 15part350mustknowsheloxeqy.jpg]](https://abload.de/img/15part350mustknowsheloxeqy.jpg)
Download from Rapidgator:
