Threat Detection Lab Series | Episode 1 | Lab Architecture and Installing Firewall (OpnSense) on VM

THOR-HQ
20 May 202413:52

Summary

TLDRIn this video, Sakam introduces a series on building a Threat Detection Lab using VMware Workstation Pro. The lab setup involves configuring a firewall with OPNsense, setting up a Windows VM for malware analysis, and creating isolated networks for safe testing. Sakam walks viewers through downloading and installing OPNsense, adjusting network interfaces, and configuring IP addresses and DHCP. This first part focuses on laying the groundwork for a secure environment to experiment with security tools and malware samples. Stay tuned for future videos where more tools and configurations will be added.

Takeaways

  • 😀 Set up a threat detection lab using VMware Workstation Pro and OPNsense firewall.
  • 😀 The lab architecture includes three virtual machines: Windows (for malware analysis), firewall (OPNsense), and a Linux-based logging server.
  • 😀 VMware Workstation Pro is recommended for its strong performance, especially with Broadcom’s free personal-use license.
  • 😀 The firewall configuration uses OPNsense to isolate networks and control malware containment within the lab environment.
  • 😀 Two types of networks are configured: an internal LAN (using VMnet2) and a bridged WAN for internet connectivity.
  • 😀 The OPNsense firewall installation involves downloading the ISO, creating a VM, and configuring network adapters for LAN and WAN interfaces.
  • 😀 Ensure the correct assignment of interfaces: WAN as EM0 and LAN as EM1, as OPNsense may misconfigure them automatically.
  • 😀 During setup, OPNsense will automatically assign a WAN IP via DHCP and requires manual configuration for the LAN interface IP (e.g., 192.168.10.1).
  • 😀 DHCP for LAN is enabled to assign IP addresses to devices on the internal network, with a range of 192.168.10.5 to 192.168.10.90.
  • 😀 After configuration, the firewall is rebooted to apply the settings and verify connectivity for both LAN and WAN interfaces.
  • 😀 Future videos in the series will add more virtual machines, security tools, and firewall rules to expand the lab’s functionality.

Q & A

  • What is the purpose of the video series presented by Sakam?

    -The video series aims to guide viewers through building a threat detection lab by configuring various security tools within a lab environment.

  • Which three virtual machines are used in the lab setup?

    -The three virtual machines in the setup are a Windows machine, a firewall, and a Linux-based logging server.

  • Why is VMware Workstation Pro recommended for the lab setup?

    -VMware Workstation Pro is recommended because it offers great performance, and Broadcom provides a personal use license for it, making it a cost-effective and efficient option.

  • What role does the firewall play in this lab environment?

    -The firewall isolates the network and controls the containment of malware that may try to escape or move laterally between devices in the lab environment.

  • Which firewall software is used for the lab, and where can it be downloaded?

    -OPNsense is used for the firewall, and it can be downloaded from the OPNsense website (ops.org).

  • What is the purpose of configuring two network interfaces (LAN and WAN) on the firewall?

    -The LAN interface is used for internal network communication, while the WAN interface connects to the internet, allowing traffic to be routed through the firewall for control and monitoring.

  • What issue did the presenter face with the LAN and WAN interface detection during the setup?

    -The firewall auto-detected the wrong interfaces for LAN and WAN. The presenter had to manually assign the correct interfaces to ensure proper configuration.

  • Why is a custom network (VMnet2) used in this setup?

    -VMnet2 is a host-only network used to connect all internal devices (like the Windows machine and Linux box) to the firewall for traffic routing while maintaining internet access through the firewall.

  • What IP addresses are assigned to the LAN and WAN interfaces, and what is their purpose?

    -The LAN interface is assigned the IP address 192.168.10.1, and the WAN interface receives an IP address via DHCP. The LAN IP allows internal communication, while the WAN IP routes traffic to the internet.

  • What other security tools or virtual machines can be added to the lab setup?

    -Additional security tools or virtual machines like CI and Linux boxes for emulating threats can be added, but for the series, the setup will remain minimal with just the three original machines.

Outlines

plate

此内容仅限付费用户访问。 请升级后访问。

立即升级

Mindmap

plate

此内容仅限付费用户访问。 请升级后访问。

立即升级

Keywords

plate

此内容仅限付费用户访问。 请升级后访问。

立即升级

Highlights

plate

此内容仅限付费用户访问。 请升级后访问。

立即升级

Transcripts

plate

此内容仅限付费用户访问。 请升级后访问。

立即升级
Rate This

5.0 / 5 (0 votes)

相关标签
Threat DetectionCybersecurity LabVMware SetupFirewall ConfigurationSecurity ToolsOPNsenseVirtual MachinesMalware IsolationNetwork SecurityLinux ServerWindows Security
您是否需要英文摘要?