Network Security, Build & Pentest a Network on Linux, Cumulus, NAC, clustered nftables, pfSense, Kali Linux & Wireshark
When it comes to open-source, the sky is the limit!
In a nutshell, You will build a company-like network with headquarter and branch office on Unix-like OSs and open-source tools.
From switches to endpoints, clustered firewalls, servers incl. Network Access Control, shortly NAC server, jumpers, and anything else are all built on a flavor of Linux OS such as openSUSE, AlpineLinux, Debian, Ubuntu, etc., or a Unix-like OS such as FreeBSD.
Network security should be embedded into the nature of the corporate's network and that is what we learn in this course.
We do not care much about vendors and logos, but practical concepts. For example, we dive into Shell commands, TCP/IP and networking fundamental concepts, and core network security principles using open-source, yet industry-proven products.
We aim to teach you how standard networking concepts are "designed" and are also "applied" in work environments.
Why a pure Linux-based network? Besides the fact that Linux runs the world, if you learn the secure networking using Linux, Unix, and open-source tools, you will feel pretty confident about their commercial equivalents. For example, if you learn network firewalling using iptables and nftables, you won't have any issues with Cisco FirePower, FortiGate, or Juniper firewalls.
As said, we are not into vendors, we are interested in standardized theoretical concepts and practical technics. This method will give you a firm conceptual understanding of underlying technologies and ideas about how finished products like Cisco switches, Fortigate Firewalls, Cisco ISE NAC, HPE Aruba, and so on, actually work behind the scene.
In the end, you will run the most common network attacks using Kali Linux against the network you built yourself.
Your Learning Key-Terms:
GNS3 Lab (with Hyper-V & VirtualBox Integration)
LAGG (Link Aggregation)
MLAG (Multi-Chassis Link Aggregation)
Bond Modes: Active-Backup, 802.3ad (LACP)
Routing & ARP Tables
IEEE 802.1X & MAB (MAC Address Bypass)
Network Access Control (NAC)
PacketFence (Open Source NAC)
Extensible Authentication Protocol (EAP) (EAPoL)
Linux Open Source Networking
Nvidia Cumulus Linux Switch
Linux Shell Command Line
Packet Capture Analysis
Wireshark, TShark, Termshark, and TCPDump
Virtual Private Network (VPN)
strongSwan IPSec (swanctl)
pfSense Firewall (FreeBSD)
Demilitarized Zone (DMZ)
Ethical Hacking Network Attacks and Technics
SSH BruteForce Attack
MITM with Mac Spoofing Attack
MITM with DHCP Spoofing Attack
DOS Attack (POD, SYNFLOOD, BPDUs, CDP)
Offensive Packet Sniffing
ARP spoofing, ARP cache poisoning attack
Network Hardening Solutions