A secret benefactor at GDT saw my efforts to build a really cool lab, and let me borrow a Meraki MX65W, Meraki MS220-8, and an ASA 5506-X. For those of you following along, my lab now includes 3 security appliances, a switch, a VM server, a Raspberry Pi 3, and a wireless router. Actually, 2 wireless routers since the MX65W has wireless AP capabilities onboard. I came up with an architecture that I thought would work pretty well but didn’t include the use of either ASA.
A mentor of mine, Brad, gave me some pointers on expanding my design and simulating a “pseudo-public” network that would let me simulate attacks against my internal network without opening up the hardened firewall on the outside. It still leaves one ASA out of the picture, but the 5505 that I’ll be leaving out is 8-year-old hardware anyways. I ended up adding to the design and creating an IoT network that my Echo Dot, PS4, and other IoT devices can use to be segmented from the rest of the network.
The best part of these new architectures is the Meraki devices are all cloud-based! I can remotely modify configs from anywhere in the world.
I still have some fine-tuning to do, but the MX65W is up and running. The ASA5506-X is on, but I can’t access the config. Looks like the previous owner had set a terminal password that I need to bypass. I’m waiting on a console cable to come in to take care of that. The Meraki MS220-8 is plugged in and running, but since the ASA isn’t configured to make use of it, the architecture is really just the MX65W that is active, in a very similar design to the drawing in my previous post.
The Intel NUC I currently have is also not up to the task of running a Kali VM, and all the other crap I want to do, so I’m working on finding a used one that has 16+GB of RAM and a newer i5/i7 processor. Once I find one and get that set up, it’ll get slotted into the DMZ.
Here’s the setup so far!