Shulou(Shulou.com)06/02 Report--

As we all know, VMareWorkStion is a powerful desktop virtualization software, which can build Windows virtual machine, Linux virtual machine, and even various network operating systems, such as CISCO ASA, Juniper SRX and so on. And VMWare's own virtual network card host can be used to establish different network segments to build a test platform. The following is on the VMWare with Linux system, Juniper SRX to simulate the Internet and the company's internal network, to do a security test platform. Of course, this test platform linux + DVWADamn Vulnerable Web Application), dvwa is a WEB vulnerability combat platform with XSS, SQL injection and so on. How to test this platform is not discussed here, you can refer to its official website http://www.dvwa.co.uk/. The architecture of the experiment is as follows:

This architecture is relatively simple, with Juniper SRX firewall in the middle (Note: all experiments are built and tested by virtual machine). I have used the Cisco ASA firewall for more than 10 years, and I have always felt that the Cisco ASA wall is very hanging. Since the upgrade from 7.x version to 8.4 version, I can only say FUCK to Cisco's firewall. Small J gives me the feeling that the logic is relatively strong, a bit similar to the modular configuration, it is easy to use, of course, I am still a rookie, still trying to climb the wall.

Experimental requirements:

This architecture is divided into trust (inside) region IP Address 172.16.100.0 IP Address 24 and untrust (outside) region IP Address 10.133.83.0 Universe 24.

Users in the trust (inside) region, that is, internal users, can only defend against the Internet by NAT, except for 80,443 ports.

Users in the untrust (outside) region are prohibited except for 80,443 internal servers that Internet users can only ask through NAT.

This experiment only shows how to use VMWare to build all kinds of platforms, and the firewall configuration is relatively simple.

The way to implement this is relatively simple, that is, create a network with two new host hosts on VMWare, as shown below:

Create three Linux virtual hosts, two of which belong to the Internet and one belongs to the company's internal network. The Internet host network card is connected to the VMnet4 network card (172.16.100.0), and the internal host network card of the company is connected to the VMnet8 network card. The gateway of all hosts points to the default IP of the automatic virtual network card on the physical machine. For example, the default gateway of VMnet4 is 172.16.100.1.

Build a Juniper SRX fire prevention host, one network card is connected to VMnet4, and the other network is connected to VMnet8.

The WWW service is enabled on the internal server, and two other websites are set up, such as cacti and dvwa. In addition, this platform is only used for testing, so it does not do an optimization for apache.

Simply configure firewall NAT settings

Firewall policy setting

Firewall routing Settin

The above environment has been built, and there are a variety of commands to test whether it is reachable, such as nmap to check whether port 80 is open, and curl to test whether the website defense is normal. This level is only used for dvwa testing, so you can use system tools on kali linux to simulate Internet users to test whether an enterprise's website has security vulnerabilities, such as using sqlmap to test SQL injection on this platform, hping3 to simulate network bandwidth testing, and so on. As shown below:

Of course, why use the Juniper firewall in the middle. With the purpose of the firewall, I can see the traffic on the firewall, can also do logs into the log server to observe, of course, mainly familiar with the configuration of small J.

In the end, my test platform goes like this. Still use VMWare to bridge into the internal network of EVE-NG, the external use of kali Linux tools to test the penetration of the internal website, get the management authority and analyze the structure of the internal network.

In the end, the VMWare platform is very powerful and can be tested according to the way you want to build different architectures. As shown below, I built two server test platforms a long time ago. The first architecture uses only one host host network, and the second architecture utilizes five host host networks.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.