Learn how to download and install the GNS3 product and look at its features.
- If you don't have a Cisco device to work with, you can download and run the GNS3 emulator from the website shown here. This is a professional tool, which is widely used by network architects, one which allows testers to really understand networks. It can be used not only for emulation of Cisco, and other vendor devices, but it can also connect to the real world, and include hardware based devices, and the internet in its networks. We'll use GNS3 to gain an initial familiarity with the Cisco Advanced Security Appliance, the ASA, which is a powerful and content perimeter defense device from Cisco.
Whereas the PIX allowed us to learn about home and small business perimeter defenses, the ASA provides an insight into the enterprise level of perimeter defense. We'll take a tour of GNS3, then I'll set up a basic network and show it operating. I'll then create a routed network. And finally, add an ASA into it to provide a secure enclave, and demonstrate how to configure permitted traffic flows. With GNS3, we don't just simulate networks, we run the actual device code in an emulator, so we get the real life experience of managing networks.
By necessity, this will be a whirlwind tour of both the iOS networking capabilities and GNS3, and we'll only scratch the surface of both GNS3 and the ASA within the scope of this course. There's a lot to learn, and to fully understand iOS configuration and networking is a more advanced topic in network security. This will require additional prerequisite experience, and is a set of courses in its own right. However, we will do sufficient to understand how these devices are set up, and perhaps wet your appetite for secure networking.
To appreciate the power of GNS3 means understanding not only how it works, but also its intended configuration for use with large networks. GNS3 is very scalable to networks with 100s of devices. To run in this mode requires that it be deployed in two parts, a dedicated emulation server, and a user interface running on a standard workstation. It can also be deployed as an appliance, and as an all-in-one Windows application. We'll be using only the simplest of configurations, and for this I've downloaded and installed the Windows all-in-one version 1.4.6 from GitHub.
This is not the latest release, but we need to use this version to run the available ASA version 8.4.2 that we'll be using for this course. Let's start up the software. The software can run either a local server or a GNS3 VM, in either VMWare, or Virtual Box. For simplicity, I'll select the local server option. I'll also uncheck the box add an iOS router, as I don't need to use a router at this point, and I'll click finish.
I can close the general preferences screen, and I'll create a new project called my first, and press okay. Let's take a quick tour of the product before we set up our network. The main screen has a set of icons on the left, the devices toolbar, a menu with icons on the top, the GNS3 toolbar, a couple of summary panels on the right, and a console at the bottom. The main canvas in the middle is the workspace, where we build our network diagram.
The icons on the left represent network components, devices and paths, and include both simulated and emulated devices. The top icon is for routers, the arrows below for switches, the screen below that for end devices, and the diode icon below that for security devices. The multi part icon below that will show all devices. At the bottom is the icon we use to link devices together, the cabling, if you like. By clicking one of the device icons, we can see the device is registered in GNS3.
I'll click the multi-part one to show all devices. GNS3 provides a small number of generic network devices as standard, as we can see, cloud, hub, switches, hosts, and virtual PCs. Vendor specific devices have to be imported as images, typically, QMU, VMWare, or Virtual Box virtual machines. The menu and its associated icons at the top provide a range of GNS3 functions. The first group are for creating and managing GNS3 projects.
The second group provides operational project capabilities, such as snapshots, labeling, and connecting consoles. The third group provides controls for managing devices. The fourth and final group provides tools to enhance network presentation, such as comment boxes, and zone perimeter shapes, zoom controls, and so on. These all make the presentation much more readable for complex networks. Okay, let's get a feel for how GNS3 works. I'll drag a couple of virtual PCs onto the main canvas.
We can see they're automatically named PC1 and PC2. I'll also drag a hub onto the canvas, and I'll use the connector to join the PCs to the hub. As we do this, we need to specify which interface we'll use. I can then use the icon in the middle at the top to display interface labels on the canvas, the run icon to start all devices, and the console icon to open consoles for all of them.
The console is how we manage the devices. It's the same as a wide console connection on the physical device. I can now go into the console for each PC and configure its IP address, and I can use the ping command to ping each PC from the other. Okay, we've installed GNS3 and created our first project.
We now have code running for two virtual PCs and a hub. We've created our first running, emulated network.
Note: Learning about ethical hacking for perimeter defenses is part of the Evading IDS, Firewalls, and Honeypots competency from the Certified Ethical Hacker (CEH) body of knowledge.
- Understanding firewalls
- Applying the basics of the Windows Firewall
- Using advanced features in the Windows Firewall
- Reviewing firewall logs
- Understanding Linux iptables
- Setting up an iptables firewall
- Managing rules with Firewall Builder
- Setting up a Cisco PIX firewall
- Creating a secure enclave
- Installing GNS3
- Understanding web application firewalls
- Protecting API services with the WSO2 gateway
- Running the Cowrie honeypot
- Detecting intrusions with Security Onion