My First Virtual Network Architecture

Introducing notes on a minimal viable product for my first network architecture I built on UTM, serving as a foundation for further development and exploration.

Cybersecurity Ventures expects global cybercrime costs to increase by 15 percent per year over the next five years, reaching $10.5 trillion USD annually by 2025. Due to growing threats that can disrupt the flow of data and business operations, a cybersecurity approach is essential to protect the confidentiality, integrity, and availability (CIA triad) of a computer network. When building a network, it is important to consider which tools and processes will contribute to the CIA triad.

Virtualization is the process of running a virtual instance of a computer system; virtualized machines can run applications that are isolated from the host operating system. On my Mac OS, I used UTM to virtualize several machines, including Ubuntu 22.04.1 LTS (Jammy Jellyfish). Ubuntu server is an open-source operating system that offers container deployment, cloud services, database servers, and more. I configured Ubuntu by upgrading and setting a static IP address to 192.168.64.13. I used Nano Text Editor to edit the netplan file with sudo nano /etc/netplan/01-network-manager-all.yaml. I installed pfSense, a software that remembers information about connections flowing through the firewall to automatically allow reply traffic. Next, I connected Ubuntu with pfSense. Firewalls monitor and filter incoming and outgoing network traffic based on predetermined security rules. After setting pfSense’s IP static address of 192.168.64.6, I successfully pinged Ubuntu and pfSense to confirm connectivity.

Secure Shell (SSH) is an encrypted protocol to connect and control other servers, allowing administrators to modify servers remotely. I enabled SSH on Ubuntu (See Image 2) and am able to log in to other machines, including pfSense and vice versa.

Then, I installed Splunk on Ubuntu and connected Splunk, a platform that searches, monitors, and analyzes machine-generated data, as security information and event management (SIEM) for my network. SIEM offers real-time monitoring and analysis of events as well as tracking and logging of security data for compliance or auditing purposes. Splunk is currently installed (see Image 3, 4). I also bound Suricata with pfSense (see Image 1). Suricata is an open-source Intrusion Detection System (IDS) project to help detect and stop network attacks based on rules. (IDS) automates the inspection of logs and real-time system events to detect intrusion attempts and system failures. On pfSense’s Package Manager, I installed the Suricata plugin. On Suricata’s Global Settings, I used the ET Open rules and The Snort Community Ruleset. Then, I set up the interface on WAN and enabled all the rules. Rules can be adjusted based on business needs or project scope. Under Alerts, I could view logs of activities. Companies will usually have a playbook, or a system to follow to monitor log entries. The logs may flag false positives so diligently investigating entries is crucial. On many IDS, engineers review logs and decide if traffic is an actual threat or if a rule needs to be modified due to a false positive result.

I also connected Snort with pfSense (see Image 1). Snort is an open-source network intrusion prevention system, capable of performing real-time traffic analysis and packet logging on IP networks. Under Snort’s Global Settings, I enabled the GPLv2 Community rules and Emerging Threats Open rules. I launched the GUI Snort and entered my Oinkmaster code. Then, I updated the rules. I added and enabled the WAN interface. Under the Categories tab, I enabled all the rules. Dependent on business needs, I would fine-tune the rules. Then, I started Snort on the interface. Under Alerts, I could view logs of activities. There may be false positives so diligently investigating entries is necessary.

I intend to expand my topology to include Kali Linux, a security distribution aimed at advanced penetration testing and security auditing. Penetration testing is a form of ethical hacking, where you can perform a simulated cyberattack on a computer system to gain intelligence and insights on how to mature a security organization. I also will add Metasploitable, a virtual machine based on Linux that contains several intentional vulnerabilities for you to exploit. I will place Kali Linux outside my network to target my network.

Ultimately, I set a foundation for my security network but am also monitoring it and critically thinking of ways to improve it. As the cyber security field rapidly changes, my network must be open to adjustments to produce the most secure network.

Screenshot 2023-05-16 at 5 35 43 PM

^{Image 1}

Screenshot 2023-05-16 at 5 36 49 PM

^{Image 2}

Screenshot 2023-05-16 at 5 37 34 PM

^{Image 3}

Screenshot 2023-05-16 at 5 38 00 PM

^{Image 4}