4.1 Network Diagrams
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:00
>> Welcome back to the summary course
00:00
in building your InfoSec lab.
00:00
I'm your host and Instructor, Kevin Hernandez.
00:00
In the beginning of the course,
00:00
we started planning how to build our lab.
00:00
We'd look at different technologies, tools,
00:00
etc, to incorporate into
00:00
>> the system that we're building.
00:00
>> Up to that point, we consider
00:00
only the hardware requirements of
00:00
the tools and the features they offer.
00:00
In today's lesson, we're actually going to do
00:00
a network diagram of our lab.
00:00
How are we going to interconnect
00:00
the different devices that
00:00
we're going to be using in our lab?
00:00
Now let's get started. As we
00:00
have utilized mostly free tools,
00:00
are free variants of tools for our labs we'll also be
00:00
utilizing free tools in
00:00
order to make our network diagrams.
00:00
I understand that there's products out there such as
00:00
Microsoft Visio that you might have access to.
00:00
You're more than welcome to use
00:00
this software if you wish to do so.
00:00
However, for those that don't have options,
00:00
draw.io is a very good tool and free of charge.
00:00
One of the key elements and
00:00
features that I really appreciate out of
00:00
this application is that I can open
00:00
and create a dark room on my desktop,
00:00
save it, e-mail it to myself,
00:00
open it in the web browser
00:00
and continue from there when I'm on the go.
00:00
Also it works pretty well across
00:00
platform from Mac to Windows.
00:00
If you're in Linux, you can also use the browser.
00:00
Now let's go ahead and create a new diagram.
00:00
As you can see you have several options.
00:00
You have business, you have some type of charts,
00:00
engineering diagrams and of course, we've got network.
00:00
Let's go ahead and create one, networking.
00:00
Now, which one you pick it's based on your preference.
00:00
We might actually be required
00:00
>> to create several of these.
00:00
>> You can see this, this map itself,
00:00
it's more targeted towards wireless access devices,
00:00
while this is more towards VLANs.
00:00
Let's actually opened up
00:00
so you can see them a little bit better.
00:00
See Internet, firewall, wireless access point,
00:00
and then all your systems connected to it.
00:00
Now let's go ahead and open a new one.
00:00
See what other options we have.
00:00
Creating diagram, network.
00:00
Now let's pick this one with
00:00
pretty colors and see what it is.
00:00
This is more like grouping.
00:00
This one, it looks a little bit complicated.
00:00
But at the same time,
00:00
this will more properly
00:00
present what we might be required from our network.
00:00
As we scan, for example,
00:00
Repurposed this and say for example,
00:00
this will be our webcams,
00:00
this will be our applications,
00:00
it will be our video game consoles, etc.
00:00
This is not a bad example to utilize.
00:00
Let's go back to network
00:00
and see what other options we have.
00:00
You can go obviously like a more
00:00
classic route, such as this.
00:00
[NOISE] This is most likely
00:00
where you're familiarized with if you have to
00:00
work with diagrams at work.
00:00
It will also open the last one on the left.
00:00
This one doesn't look that bad actually.
00:00
It's organize.
00:00
You do have to router. This one is
00:00
very high potential candidate
00:00
for what we're looking to do.
00:00
Now we have two strong
00:00
>> candidates for a network diagram.
00:00
>> Now, here's the thing.
00:00
We have to do two types of drawings.
00:00
The first one will have to be
00:00
our current network infrastructure.
00:00
The second one are expected or what we
00:00
really want to accomplish from our new network.
00:00
Now, let's properly look at our network.
00:00
If you, for example, have
00:00
a wireless router, such as this one,
00:00
and you have all your systems and a firewall,
00:00
it will look not so different from this.
00:00
Actually, your current home might look more like this,
00:00
where the firewall is included as
00:00
part of your modem or router.
00:00
Therefore, very limited on what you do.
00:00
Yes, you might, for example,
00:00
could have this as a wired connection instead
00:00
of wireless right here.
00:00
But at the end of the day,
00:00
most home networks are not that different from this.
00:00
Based on this, let's start building
00:00
what I currently have in my environment.
00:00
I encourage you to do
00:00
>> something similar as we move along.
00:00
>> Now before we start drawing or
00:00
pretending we know exactly
00:00
how our infrastructure is internally,
00:00
let's try to use some tools to help us with this.
00:00
Let's go ahead and open
00:00
Google and looks for Nmap for Windows.
00:00
Let's go for here, Nmap.
00:00
Let's look for a variant we can always use for Windows.
00:00
It also actually included in it.
00:00
Let's go ahead and download it.
00:00
You can see it's downloading right here in the bottom,
00:00
let's go ahead and install it as well.
00:00
I want to install, yes, yes agree.
00:00
Here's Nmap, start
00:00
from default, wait for it to extract.
00:00
It's says NP cap is already installed,
00:00
but let's rewrite it just in case.
00:00
This is NP cap now.
00:00
Let's wait for it to finish.
00:00
Now, obviously you don't necessarily need this,
00:00
but I'm just going to go with
00:00
this option first and then show you
00:00
alternatives of what could have been
00:00
accomplished without the installation of this tool.
00:00
It looks like it's already installed.
00:00
Let's go ahead and open it, and Nmap.
00:00
It's open here on the side.
00:00
Let's move it along. Now there's
00:00
different scan options here.
00:00
You have Internet intense scan, UDP.
00:00
In this case, I want to do
00:00
>> a ping scan just to see what's
00:00
>> out there. Let's select that.
00:00
Now before we start any scan,
00:00
we got to make sure that we have
00:00
all our devices and virtual
00:00
>> boxes and systems and tools,
00:00
>> whatever we want to call them up and running.
00:00
Let's put our network range.
00:00
Here we go. Now let's go ahead and hit scan.
00:00
Now this will take a little bit of time,
00:00
but it's not going to be that bad. Here we go.
00:00
Oh my God. Did not
00:00
intend to do that, but let's keep it like that.
00:00
This would be the equivalent of our texts.
00:00
Let's look for text,
00:00
to a text here on labels, here we go.
00:00
In reality, if you think about it,
00:00
anything that comes from here, and we will have,
00:00
let's say sign this up,
00:00
here will be our curator.
00:00
[NOISE] I'll say this is BY.
00:00
Here it will be
00:00
our PF sense,
00:00
[NOISE] and here will be our IP fire as such.
00:00
This is like a set of currently out.
00:00
Even now we do have like a physical barrier now,
00:00
logical, it's pretty much
00:00
>> flat if you want to be honest.
00:00
>> But here's where the things come through.
00:00
Here's where you have to start planning.
00:00
This is where paint comes through,
00:00
just go ahead and
00:00
do this for a solid color. Put light colors in.
00:00
We're going to have here a little box.
00:00
[NOISE] Two boxes,
00:00
three boxes, four boxes,
00:00
give or take and another box here.
00:00
Give or take. Why do I want to do this like this?
00:00
Well, there's different aspects
00:00
that we want out of the network.
00:00
We're going to be programming the VLANS,
00:00
you have to be really careful how you want to do this.
00:00
We do have eight switches
00:00
or eight ports in our smart switch.
00:00
We have one, two, three,
00:00
four, five little boxes here.
00:00
That means we have around three more
00:00
that we can actually add stuff to, if we want to.
00:00
I'm sorry, I have a line there. There we go.
00:00
We have that. I'm going to have a little brown here.
00:00
It doesn't mean we're going to use them.
00:00
It's just that the options are there.
00:00
[NOISE]
00:00
>> Three, six, seven and
00:00
obviously one of them is not going to really
00:00
be used because it's the one that's
00:00
going to be connected in and
00:00
out or actually two of them might not be used at all.
00:00
There we go. Let's go ahead and actually use
00:00
text for now and say this is really big.
00:00
Here 26 Modem/ ISP and that's going to
00:00
be the first thing that's going to come right here.
00:00
Let's leave that. Sorry. How do
00:00
you want to accomplish this? It's really important.
00:00
First of all, say
00:00
what works where we wanted to put different things?
00:00
For example, I want to have cameras in one division.
00:00
Actually let me put the cameras down here.
00:00
This one will be my servers which entitle Curator,
00:00
Essim, Splunk, Kali and Sift.
00:00
Now, I also want one specific block for my firewall.
00:00
Right there.
00:00
Let's say I'm going to pick pfsense.
00:00
Let's say these are my wireless.
00:00
This will be my MacBook,
00:00
it will be my phones for example in devices.
00:00
This will the Xbox and
00:00
desktop and PlayStation if you want to put PlayStation.
00:00
This is the only box, we're going to
00:00
have a high security.
00:00
A tight security.
00:00
In here we have our exploitable boxes right there.
00:00
The reason is we want to make sure that
00:00
the rule for this port or this role in
00:00
the firewall is to only allow
00:00
connection from Kali to it and that's it.
00:00
Make sure that only for example our wireless devices,
00:00
in this case, MacBook can access this area.
00:00
Let's start drawing this on Draw.io.
00:00
Let's go ahead and open a new diagram,
00:00
and we're going to select Blank Diagram
00:00
so we can actually learn to use this tool better.
00:00
We do have several options here.
00:00
You can see I have a few of them picked.
00:00
However, you can always come to more shapes.
00:00
For example, Clipart is really good.
00:00
I like the new design of systems, and you can check it.
00:00
You can see I have also Cisco devices,
00:00
Citrix devices and [inaudible].
00:00
Hit "Apply" and you can either expand these.
00:00
You search or you
00:00
can also search here in the top, for example, Internet.
00:00
We have a little cloud here for the Internet
00:00
and we're actually
00:00
>> going to utilize this in our drawing.
00:00
>> Now that we have our cloud, let's add a modem.
00:00
First thing, always Internet will be our modem.
00:00
Let's go here and drag and drop it.
00:00
The one thing you can do is you can
00:00
actually select the arrow and
00:00
then connect that straight to the modem as such.
00:00
Now we have a modem. Let's add our switch.
00:00
Let's utilize this one. Let's search.
00:00
Let's add some little rectangles
00:00
here for our areas right off the VLANs.
00:00
Add two of them. The other thing
00:00
we're going to do is we're
00:00
>> going to add some style to it.
00:00
>> That way it's easier to know them.
00:00
Let's make sure we reconnect them.
00:00
The modem's going to connect directly to the switch.
00:00
In order to help us,
00:00
I'm going to say it's going to connect to Port 1.
00:00
This is very important as we draw our diagram.
00:00
As we we're starting to also design our lab,
00:00
you're going to be assigning VLANs.
00:00
For this, before any outside interference run
00:00
to VLAN 30.
00:00
Afterwards, we're going to connect,
00:00
right to our firewall.
00:00
Let's look up for our firewall.
00:00
This one looks pretty good.
00:00
Pfsense, let's search.
00:00
I'm going to connect them together as such.
00:00
There we go and we're going to assign
00:00
this Port 2 as such.
00:00
I look for a desktop and we're going to pick one.
00:00
Show us one that looks futuristic
00:00
like these one for like similar.
00:00
There we go that looks good.
00:00
Let's say this goes here. Let's connect them.
00:00
Let's call it Port 8 in our scenario for now.
00:00
We're going to keep the drawing on
00:00
this level because we're
00:00
going be adding it as we move
00:00
along and integrate more and more things.
00:00
The first step, as I said,
00:00
is going to be connecting pfsense into it,
00:00
so what we learn today? We basically
00:00
started developing a network diagram for our lab.
00:00
We started connecting the dots,
00:00
looking into tools, [inaudible] and Draw.io.
00:00
In future lessons, we'll keep expanding this
00:00
as well as start incorporating and connecting our lab.
00:00
Hope to see you soon. Have a great day.
Up Next
Instructed By
Similar Content
