# Network with DMZ # # An example network configuration with an internal network, a DMZ network and a couple of external networks. # # ............................................................................ # . . # . Internal Network . # . . # . -------------- -------------- -------------- . # . | client_1 |------| switch_1 |--------| router_1 | . # . -------------- -------------- -------------- . # . (Computer) | . # ........................................................|................... # | # | # ........................................................|................... # . | . # . DMZ Network | . # . | . # . ---------------- -------------- -------------- . # . | dmz_server |------| switch_2 |------| firewall | . # . ---------------- -------------- -------------- . # . (Server) | . # ........................................................|................... # | # External Network | # | # | # ----------------------- -------------- --------------------- # | external_computer |------| switch_3 |------| external_server | # ----------------------- -------------- --------------------- # io_settings: save_step_metadata: false save_pcap_logs: true save_sys_logs: true game: max_episode_length: 256 ports: - ARP - DNS - HTTP - POSTGRES_SERVER protocols: - ICMP - TCP - UDP agents: - ref: defender team: BLUE type: ProxyAgent observation_space: type: CUSTOM options: components: - type: NODES label: NODES options: hosts: - hostname: client_1 num_services: 1 num_applications: 0 num_folders: 1 num_files: 1 num_nics: 2 include_num_access: false include_nmne: true routers: - hostname: router_1 num_ports: 0 ip_list: - 192.168.0.10 wildcard_list: - 0.0.0.1 port_list: - 80 - 5432 protocol_list: - ICMP - TCP - UDP num_rules: 10 - type: LINKS label: LINKS options: link_references: - client_1:eth-1<->switch_1:eth-1 - type: "NONE" label: ICS options: {} action_space: action_list: - type: DONOTHING - type: FIREWALL_ACL_ADDRULE - type: FIREWALL_ACL_REMOVERULE - type: NETWORK_PORT_DISABLE - type: NETWORK_PORT_ENABLE action_map: 0: action: DONOTHING options: {} 1: action: FIREWALL_ACL_ADDRULE options: target_firewall_nodename: firewall firewall_port_name: internal firewall_port_direction: inbound position: 1 permission: 1 source_ip_id: 2 # client 1 dest_ip_id: 1 # ALL source_port_id: 1 dest_port_id: 1 protocol_id: 1 source_wildcard_id: 0 dest_wildcard_id: 0 2: action: FIREWALL_ACL_REMOVERULE options: target_firewall_nodename: firewall firewall_port_name: internal firewall_port_direction: inbound position: 1 3: action: FIREWALL_ACL_ADDRULE options: target_firewall_nodename: firewall firewall_port_name: internal firewall_port_direction: outbound position: 1 permission: 2 source_ip_id: 2 # client 1 dest_ip_id: 1 # ALL source_port_id: 2 dest_port_id: 3 protocol_id: 2 source_wildcard_id: 0 dest_wildcard_id: 0 4: action: FIREWALL_ACL_REMOVERULE options: target_firewall_nodename: firewall firewall_port_name: internal firewall_port_direction: outbound position: 1 5: action: FIREWALL_ACL_ADDRULE options: target_firewall_nodename: firewall firewall_port_name: dmz firewall_port_direction: inbound position: 1 permission: 2 source_ip_id: 3 # dmz_server dest_ip_id: 2 # client_1 source_port_id: 4 dest_port_id: 4 protocol_id: 4 source_wildcard_id: 0 dest_wildcard_id: 0 6: action: FIREWALL_ACL_REMOVERULE options: target_firewall_nodename: firewall firewall_port_name: dmz firewall_port_direction: inbound position: 1 7: action: FIREWALL_ACL_ADDRULE options: target_firewall_nodename: firewall firewall_port_name: dmz firewall_port_direction: outbound position: 2 permission: 2 source_ip_id: 3 # dmz_server dest_ip_id: 2 # client_1 source_port_id: 4 dest_port_id: 4 protocol_id: 3 source_wildcard_id: 0 dest_wildcard_id: 0 8: action: FIREWALL_ACL_REMOVERULE options: target_firewall_nodename: firewall firewall_port_name: dmz firewall_port_direction: outbound position: 2 9: action: FIREWALL_ACL_ADDRULE options: target_firewall_nodename: firewall firewall_port_name: external firewall_port_direction: inbound position: 10 permission: 2 source_ip_id: 4 # external_computer dest_ip_id: 3 # dmz source_port_id: 5 dest_port_id: 5 protocol_id: 2 source_wildcard_id: 0 dest_wildcard_id: 0 10: action: FIREWALL_ACL_REMOVERULE options: target_firewall_nodename: firewall firewall_port_name: external firewall_port_direction: inbound position: 10 11: action: FIREWALL_ACL_ADDRULE options: target_firewall_nodename: firewall firewall_port_name: external firewall_port_direction: outbound position: 1 permission: 2 source_ip_id: 4 # external_computer dest_ip_id: 2 # client_1 source_port_id: 1 dest_port_id: 1 protocol_id: 1 source_wildcard_id: 0 dest_wildcard_id: 0 12: action: FIREWALL_ACL_REMOVERULE options: target_firewall_nodename: firewall firewall_port_name: external firewall_port_direction: outbound position: 1 13: action: NETWORK_PORT_DISABLE options: target_nodename: firewall port_id: 3 14: action: NETWORK_PORT_ENABLE options: target_nodename: firewall port_id: 3 options: nodes: - node_name: client_1 - node_name: dmz_server - node_name: external_computer ip_list: - 192.168.0.10 - 192.168.10.10 - 192.168.20.10 max_folders_per_node: 2 max_files_per_folder: 2 max_services_per_node: 2 max_nics_per_node: 8 max_acl_rules: 10 reward_function: reward_components: - type: DUMMY agent_settings: start_settings: start_step: 5 frequency: 4 variance: 3 simulation: network: nodes: - type: computer hostname: client_1 ip_address: 192.168.0.10 subnet_mask: 255.255.255.0 default_gateway: 192.168.0.1 dns_server: 192.168.20.11 start_up_duration: 0 shut_down_duration: 0 - type: switch hostname: switch_1 num_ports: 8 start_up_duration: 0 shut_down_duration: 0 - type: router hostname: router_1 num_ports: 5 start_up_duration: 0 shut_down_duration: 0 ports: 1: ip_address: 192.168.0.1 subnet_mask: 255.255.255.0 2: ip_address: 192.168.1.1 subnet_mask: 255.255.255.0 acl: 22: action: PERMIT src_port: ARP dst_port: ARP 23: action: PERMIT protocol: ICMP routes: - address: 192.168.10.10 # route to dmz_server subnet_mask: 255.255.255.0 next_hop_ip_address: 192.168.1.2 metric: 0 - address: 192.168.20.10 # route to external_computer subnet_mask: 255.255.255.0 next_hop_ip_address: 192.168.1.2 metric: 0 - address: 192.168.20.11 # route to external_server subnet_mask: 255.255.255.0 next_hop_ip_address: 192.168.1.2 metric: 0 - type: server hostname: dmz_server ip_address: 192.168.10.10 subnet_mask: 255.255.255.0 default_gateway: 192.168.10.1 dns_server: 192.168.20.11 start_up_duration: 0 shut_down_duration: 0 - type: switch hostname: switch_2 num_ports: 8 start_up_duration: 0 shut_down_duration: 0 - type: firewall hostname: firewall start_up_duration: 0 shut_down_duration: 0 ports: external_port: # port 1 ip_address: 192.168.20.1 subnet_mask: 255.255.255.0 internal_port: # port 2 ip_address: 192.168.1.2 subnet_mask: 255.255.255.0 dmz_port: # port 3 ip_address: 192.168.10.1 subnet_mask: 255.255.255.0 acl: internal_inbound_acl: 22: action: PERMIT src_port: ARP dst_port: ARP 23: action: PERMIT protocol: ICMP internal_outbound_acl: 22: action: PERMIT src_port: ARP dst_port: ARP 23: action: PERMIT protocol: ICMP dmz_inbound_acl: 22: action: PERMIT src_port: ARP dst_port: ARP 23: action: PERMIT protocol: ICMP dmz_outbound_acl: 22: action: PERMIT src_port: ARP dst_port: ARP 23: action: PERMIT protocol: ICMP external_inbound_acl: 22: action: PERMIT src_port: ARP dst_port: ARP external_outbound_acl: 22: action: PERMIT src_port: ARP dst_port: ARP routes: - address: 192.168.0.10 # route to client_1 subnet_mask: 255.255.255.0 next_hop_ip_address: 192.168.1.1 metric: 0 - type: switch hostname: switch_3 num_ports: 8 start_up_duration: 0 shut_down_duration: 0 - type: computer hostname: external_computer ip_address: 192.168.20.10 subnet_mask: 255.255.255.0 default_gateway: 192.168.20.1 dns_server: 192.168.20.11 start_up_duration: 0 shut_down_duration: 0 - type: server hostname: external_server ip_address: 192.168.20.11 subnet_mask: 255.255.255.0 default_gateway: 192.168.20.1 start_up_duration: 0 shut_down_duration: 0 services: - type: DNSServer links: - endpoint_a_hostname: client_1 endpoint_a_port: 1 endpoint_b_hostname: switch_1 endpoint_b_port: 1 - endpoint_a_hostname: router_1 endpoint_a_port: 1 endpoint_b_hostname: switch_1 endpoint_b_port: 8 - endpoint_a_hostname: firewall endpoint_a_port: 2 # internal firewall port endpoint_b_hostname: router_1 endpoint_b_port: 2 - endpoint_a_hostname: firewall endpoint_a_port: 3 # dmz firewall port endpoint_b_hostname: switch_2 endpoint_b_port: 8 - endpoint_a_hostname: dmz_server endpoint_a_port: 1 endpoint_b_hostname: switch_2 endpoint_b_port: 1 - endpoint_a_hostname: firewall endpoint_a_port: 1 # external firewall port endpoint_b_hostname: switch_3 endpoint_b_port: 8 - endpoint_a_hostname: external_computer endpoint_a_port: 1 endpoint_b_hostname: switch_3 endpoint_b_port: 1 - endpoint_a_hostname: external_server endpoint_a_port: 1 endpoint_b_hostname: switch_3 endpoint_b_port: 2