
Set up a virtual lab for a two-site network using a GNS3 VM and server, with Linux node templates, Cumulus VX, pfSense, VBox integration, and VLAN segments.
Explore bus, ring, star, mesh, and hybrid topologies and how they connect nodes via backbone and switches, highlighting single points of failure and redundancy.
Explore network types by defining LAN, WLAN, WAN, SAN, MPLS, and SD-WAN, and explain their geographic scope, wired versus wireless connectivity, and private, secure networks.
Compare three-tier and two-tier (spine-leaf) network architectures, and build secure open-source networks with cores, aggregations, access layers, VLANs, NAC, and VPNs.
Trace the 50-year unix-like heritage from research UNIX to BSD, Darwin, Linux, and macOS, and explore how FreeBSD and other BSD families and Linux shape today's devices and open-source projects.
Vi basics on any Unix-like OS by switching between command and insert modes, editing and saving files, and navigating, searching, and replacing text efficiently.
Compare net-tools and iproute2 on Unix-like systems, showing how modern Linux favors ip commands over ifconfig, ip addr, and ip route, while net-tools remain optional and deprecated.
Capture packets over GNS3 links with Wireshark by setting up Debian client and server, running an HTTP server, and observing DHCP, ICMP, and HTTP traffic with follow-stream analysis.
Create a GNS3 project with basic shapes and color codes to model office buildings, assign VLAN-inspired colors, duplicate layouts, and place a firewall and provider between Frankfurt and Stuttgart.
Configure leaf switches with a bridge and VLAN IDs 10, 20, 30, 40, assign ports as access or trunk, and verify lldp connectivity across spine and leaf.
Create and configure layer 3 virtual interfaces for management VLAN 40 on switches using Cumulus Linux, assign management IP addresses, enable SSH access from the management VLAN, and verify connectivity.
Create a two-node openSUSE leap 15.3 firewall cluster in headquarters by importing the server image from OSBoxes into Janus three and planning interfaces and cabling for Frankfurt and branch office.
Configure hardware and set the network adapters to paravirtualized network I/O to enable interfaces on MX lac switches in this simulated environment, adjusting CPUs, RAM, and adapters as needed.
Set default iptables policies to drop for input and forward, keep output open, and test with ping. Learn to persist these rules with iptables-persistent on Ubuntu.
Learn to visualize firewall rules by piping iptables output into gressgraph to generate a clear graph of interfaces, sources, and destinations, enabling quick interpretation of your rules.
Migrate iptables rules to nf tables on the master firewall, back up first, validate on the backup, then enable nf tables and disable iptables.
Configure pfSense DHCP for branch clients and management VLANs by enabling DHCP on VLAN ten and VLAN 40 and the server VLAN, setting ranges and gateways, and using internal DNS.
Enable reverse nat through port forwarding on the firewall to expose the dmz web server to the internet via the wan interface, using an alias for the IP.
Prepare OpenVPN on pfSense by configuring a CA server, issuing a server certificate, and installing the OpenVPN client export plugin for management VLAN access.
Install PacketFence NAC server on a Debian 11 system using VirtualBox, configure network interfaces, update apt sources, add the PacketFence PGP key, and complete the installation.
Deploy nas and freeradius with mab profiles by configuring an authenticator, switch groups, vlan ten, and map-based mac address authentication to manage unknown and accepted devices.
When it comes to open-source, the sky is the limit!
In a nutshell, you will build a company-like network with headquarter and branch office on Unix-like OSs and open-source tools, then try to hack its vulnerabilities.
From switches to endpoints, clustered firewalls, servers incl. Network Access Control, shortly NAC server, jumpers, and anything else are all built on a flavor of Linux OS such as openSUSE, AlpineLinux, Debian, Ubuntu, etc., or a Unix-like OS such as FreeBSD.
Network security should be embedded into the nature of the corporate's network and that is what we learn in this course.
We do not care much about vendors and logos, but practical concepts. For example, we dive into Shell commands, TCP/IP and networking fundamental concepts, and core network security principles using open-source, yet industry-proven products.
We aim to teach you how standard networking concepts are "designed" and are also "applied" in work environments.
Why a pure Linux-based network? Besides the fact that Linux runs the world, if you learn the secure networking using Linux, Unix, and open-source tools, you will feel pretty confident about their commercial equivalents. For example, if you learn network firewalling using iptables and nftables, you won't have any issues with Cisco FirePower, FortiGate, or Juniper firewalls.
As said, we are not into vendors, we are interested in standardized theoretical concepts and practical technics. This method will give you a firm conceptual understanding of underlying technologies and ideas about how finished products like Cisco switches, Fortigate Firewalls, Cisco ISE NAC, HPE Aruba, and so on, actually work behind the scene.
In the end, you will run the most common network attacks using Kali Linux against the network you built yourself.
Your Learning Key-Terms:
Virtualization
GNS3 Lab (with Hyper-V & VirtualBox Integration)
TCP/IP
OSI Model
Network Topologies
IP Subnetting
VLAN
Traffic Tagging
Trunking
NIC Teaming
LAGG (Link Aggregation)
MLAG (Multi-Chassis Link Aggregation)
Bond Modes: Active-Backup, 802.3ad (LACP)
Bridging
Spanning Tree
Inter-VLAN Routing
Routing & ARP Tables
MAC Flood
IEEE 802.1X & MAB (MAC Address Bypass)
Network Access Control (NAC)
PacketFence (Open Source NAC)
Extensible Authentication Protocol (EAP) (EAPoL)
RADIUS (FreeRADIUS)
Linux Open Source Networking
Nvidia Cumulus Linux Switch
openSUSE Linux
Ubuntu Linux
Alpine Linux
Linux Shell Command Line
Firewalls
Netfilter Framework
Packet Filtering
iptables
nftables
Packet Capture Analysis
Wireshark, TShark, Termshark, and TCPDump
Linux Clustering
keepalived
VRRP
ConnTrack
Virtual Private Network (VPN)
OpenVPN
strongSwan IPSec (swanctl)
WireGuard
pfSense Firewall (FreeBSD)
pfSense Cluster
Next-Gen Firewall
Demilitarized Zone (DMZ)
Ethical Hacking Network Attacks and Technics
SSH BruteForce Attack
MITM with Mac Spoofing Attack
MITM with DHCP Spoofing Attack
DOS Attack (POD, SYNFLOOD, BPDUs, CDP)
Yersinia
DHCP Starvation
DNS Spoofing
Offensive Packet Sniffing
ARP spoofing, ARP cache poisoning attack
Network hacking
Cyber security
Network Hardening Solutions