In the first part of my homelab upgrade series, we assembled the hardware for the homelab. Our next step is to design the network topology and come up with an appropriate network addressing scheme. We also need to have a rough idea of what we intend to do with the different network segments. The lab is intended for the following purposes:
- To simulate traffic similar to that of an actual production environment
- For malware analysis and threat research
- For Threat Hunting
- For testing new tools and / or technologies
To ensure that the lab is robust enough and to avoid having to redo networking frequently, I plan to segment my lab using a pfSense firewall and OpenWRT router into a couple of networks.
|Attacker Network||The purpose of this network is to simulate an external adversary that is trying to gain access to the production environment. In this network, we will place tools like Kali or Parrot Linux, Atomic Red Team and etc.|
|DMZ Network||The DMZ network will host services that are normally available to the external network such as an FTP server, web server and the like. I plan on hosting the vulnerable VMs like metasploitable, DVWA and Vulnhub in this network.|
|VPN Clients||In a normal environment, we would have a couple of users connecting via VPN to the production environment. For this reason, I will probably have a linux and Windows machine located in this segment to allow for connectivity via openVPN or other vpn client to production network.|
|Malware Analysis||This segregated vlan is designed for DFIR activity and specifically malware detonation and analysis. For safety, I’d prefer to keep this environment segmented by a firewall from the rest of my lab.|
|Server Network||This network hosts production servers like Windows Domain controller, a mail and proxy server, certificate and file server etc.|
|NetSec Management||In the management network, I plan on housing an IDS, network and security tools used for management of systems, log collection, signature creation etc.|
|User Network||In this network, I plan on installing a couple of machines with EndPoint protection and sysmon just like in normal user environments.|
|Playground||Just as the name states, this messy environment is for any new tools or technologies that I would like to quickly spin up and test and perhaps tear down or that I have no clear plans for.|
The planned network topology is shown below. There may be some changes when it comes to the actual segmentation and installation of the lab components depending on the hypervisor I choose (wither Proxmox or ESXi) but I believe the planned network segmentation is achieve-able in either scenarios.
That’s all for today. See you in part 3: Hypervisor installation.