Cybersecurity Lab Architecture

An isolated, multi-layered environment for honing offensive and defensive security skills.

Core Virtual Machines

A Complete Ecosystem

This lab provides a comprehensive platform featuring dedicated machines for attack, defense, and monitoring. The entire environment is segmented into a private network, ensuring all activities are contained and can be analyzed safely. The only connection to the outside world is through a managed Next-Generation Firewall.

Network Topology & Data Flow

☁️

Internet

OPNsense NGFW

192.168.170.1

(Gateway & Firewall)

Internal LAN (192.168.170.0/24)

Kali Linux

192.168.170.133

(Attacker) 🐧

Metasploitable 2

192.168.170.134

(Target) 🎯

OWASP BWA

192.168.170.131

(Web Target) 🕸️

ModSecurity

192.168.170.136

(WAF) 🛡️

Security Onion

192.168.170.12

(SIEM) 🧅

Lab Component Roles

⚔️ Attacker

Kali Linux

The primary workstation for launching simulated attacks, equipped with a full suite of penetration testing tools.

🎯 Targets

Metasploitable 2 & OWASP BWA

Intentionally vulnerable machines designed to be the focus of security assessments and exploitation practice.

🛡️ Network Defense

OPNsense & ModSecurity

A layered defense providing firewalling at the network edge and a WAF to protect web applications from common exploits.

👁️ Monitoring & Analysis

Security Onion SIEM

The central nervous system of the lab. It passively monitors all internal traffic, collecting logs and network data for intrusion detection, threat hunting, and forensic analysis. Its dual-homed configuration allows it to see everything without participating directly in the traffic flow.

Security Layer Focus

Each security tool provides a different layer of visibility and protection, from the network perimeter to the application itself. The SIEM provides overarching monitoring across all layers.

Site Menu

Defense-in-Depth Security Lab