Folks,
This is a bit of a placeholder thread that will be added to as I go on and might be interesting for those so inclined.
My home network is, intentionally, relatively simple right now. I'm about to blur the distinction between my MSc lab, my work lab and the home network.
What's about to happen is:
Replace Virgin Media Business with 2 x VDSL lines.
Build an SD-WAN using full IKE-less IPSEC across those two carriers to an SD-WAN instance running in AWS. The edge of my network will be an SD-WAN appliance, with VDSL modems on its two WAN ports. The AWS instance will be the hub of the network.
Along with this having a hardware appliance coming on the road with me as I travel for business that will also be part of the fabric.
Have 4 virtual SD-WAN appliances, with public IPs on one WAN port and private addressing on the other to simulate MPLS, each with a single Linux VM behind them as a virtual client machine.
A wireless access point will of course be present.
The 4 publicly addressed SD-WAN VMs will actually use an L2TP tunnel so that they are logically outside the LAN of the edge SD-WAN appliance. It will just see a stream of L2TP which it will be required not to send to AWS.
As part of the build SSL decryption will be used, zone-based security, DPI firewalling and proprietary application identification.
There will then be various attacks on provisioning process and externally to try and spoof nodes, DoS them or compromise their communication.
Might make an interesting thread.