Red de seguridad (VLAN 50)

19 May, 2025

Hola!

This time i finish the network configuration for the network security lab Aticle 1: Network Segmentation in Proxmox: VLANs, Namespaces & Firewalls Aticle 2:Laboratorio seguro para análisis de malware con VLAN 99 ready to keep it up?? ⊂◉‿◉つ

Security Measures for VLAN 50

VLAN 50 (aligned with VLAN 400 in our topology for what??... look here previous article) is configured to support security operations with controlled access to the corporate LAN (VLAN 300) and the internet. Below are the iptables rules to enforce secure connectivity:

Description of GIF

Allow specific outbound ports for internet access

ip netns exec security-ops iptables -A FORWARD -i vlan50 -o veth-sec1 -p tcp --dport 80 -j ACCEPT   # HTTP
ip netns exec security-ops iptables -A FORWARD -i vlan50 -o veth-sec1 -p tcp --dport 443 -j ACCEPT  # HTTPS
ip netns exec security-ops iptables -A FORWARD -i vlan50 -o veth-sec1 -p udp --dport 53 -j ACCEPT   # DNS

Add other necessary ports as required

Set default FORWARD policy to DROP

ip netns exec security-ops iptables -P FORWARD DROP

Note: Implement a default-deny policy and explicitly allow only necessary ports and protocols to minimize the attack surface. Use Cases for VLAN 50 (Security Operations)

VLAN 50 (mapped to VLAN 400) supports critical security operations, including:

Threat Intelligence Gathering
Query online services like VirusTotal, AbuseIPDB, and MXToolbox.
Access OSINT resources and security blogs.
Tool Management
Securely download and update tools, scripts, and signatures from trusted repositories.
Internal Investigations
Collect logs, forensic images, and evidence from systems in VLAN 300.
Perform network traffic analysis securely.
Vulnerability Scanning
Conduct authorized scans against assets in VLAN 300.
Incident Response
Access systems for containment, eradication, and recovery.
Communicate securely with incident response teams or platforms. Validation

Verify the configuration and connectivity using the following commands:

Check IP configuration

ip netns exec security-ops ip addr show

Verify routing table

ip netns exec security-ops ip route show

Review iptables rules (filter and NAT tables)

ip netns exec security-ops iptables -L -v -n -t filter
ip netns exec security-ops iptables -L -v -n -t nat

Connectivity Tests

Ping an external IP (e.g., 8.8.8.8) from a VM in VLAN 50. Access a service in VLAN 300 (e.g., internal web server) from VLAN 50. Confirm that access to VLAN 50 from the internet is blocked. Attempt to access restricted VLANs (e.g., VLAN 999) from VLAN 50 (should be blocked).

Discuss this post: Bluesky

Description of GIF

Assisted by AI