Skip to content

VenalityXT/SOC-Network-Topology

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

30 Commits
Documentation
Documentation
Β 
Β 
Network-Topology.svg
Network-Topology.svg
Β 
Β 
README.md
README.md
Β 
Β 

Repository files navigation

SOC-Network-Topology & Firewall Architecture

This repository documents the design and implementation of a segmented, security-focused home network using pfSense, VLANs, and managed switches. It demonstrates enterprise-level network architecture practices with detailed configuration and zone isolation to simulate secure real-world environments.

Table of Contents

Project Overview

This lab simulates a secure home network using pfSense to manage six isolated VLANs (Client, IoT, Server, DMZ, Admin, and HoneyNet), configured with strict firewall rules, service zoning, and access control. The project replicates core enterprise network principles for training, experimentation, and practical demonstration of security architecture.

Network Topology

Technologies Used

  • pfSense – Firewall, VLAN routing, OpenVPN, Captive Portal
  • Kea DHCP – IP address management and host reservations
  • Unmanaged/Managed Switch – VLAN tagging and traffic segmentation
  • Ubuntu – OS for connected services, log processing, and lab operations
  • OpenVPN – Secure remote access
  • Wireshark – Network traffic analysis

Objectives

  • Design and document a secure, scalable home network topology
  • Segment the network using VLANs and enforce inter-zone firewall policies
  • Deploy core services including DHCP, DNS, VPN, and a captive portal
  • Simulate a DMZ and HoneyNet for threat modeling and response testing
  • Provide professional-grade documentation for review and reproducibility

Key Achievements

  • Implemented a fully segmented VLAN-based network
    Created six VLANs aligned with security roles and enforced routing rules via pfSense to isolate traffic and restrict access.

  • Built modular service zones for lab and simulation use
    Configured isolated zones including a Captive Portal (HoneyNet), OpenVPN-enabled Admin VLAN, and dedicated IoT VLAN.

  • Developed comprehensive documentation and diagrams
    Included logical/physical diagrams, detailed service breakdowns, and configuration notes for each network component.

  • Secured internal traffic and access flows
    Applied firewall rules and DHCP static mappings to prevent unauthorized lateral movement or service misuse.

  • Established groundwork for logging and security automation
    Designed the layout for centralized monitoring, allowing future Splunk or syslog integration.

[Insert Logical Topology Diagram or Firewall Rule Chart Here]

Skills Demonstrated

  • Secure Network Design
    Built a robust, layered topology emphasizing defense-in-depth and role-based segmentation.

  • Firewall Configuration and Policy Enforcement
    Created strict allowlist-based rules between VLANs, simulating zero-trust principles.

  • Service Deployment and Zoning
    Deployed and documented OpenVPN, Captive Portal, DNS, and DHCP in isolated zones.

  • Access Control and Remote Access
    Enabled remote access via VPN while maintaining strict zone boundaries internally.

  • Professional Documentation and Diagramming
    Maintained readable configuration guides, service maps, and architectural diagrams.

Setup and Configuration Guide

  1. Network Topology Design

    • Designed physical and logical layouts with six VLANs
    • Mapped VLANs to physical switch ports and pfSense interfaces

  2. pfSense Configuration

    • Created VLAN interfaces for each zone
    • Configured DHCP (via Kea) for each subnet with static host mapping
    • Defined firewall rules to control inter-zone traffic and outbound access

  3. Service Deployment

    • OpenVPN configured for secure Admin access
    • Captive Portal assigned to HoneyNet for unauthorized device sinkhole
    • DNS and DHCP integrated across zones

  4. Device Assignment

    • Defined static IPs for laptops, servers, and IoT devices
    • Used MAC-based reservations for critical hosts

  5. Testing and Validation

    • Verified isolation between VLANs (e.g., IoT can’t reach Admin)
    • Tested remote VPN access and captive portal behavior

Repository Structure

## Repository Structure

SOC-Network-Topology/

β”œβ”€β”€ diagrams/
β”‚   β”œβ”€β”€ physical-topology.png
β”‚   β”œβ”€β”€ logical-topology.png
β”‚   └── vlan-overview.png

β”œβ”€β”€ docs/
β”‚   β”œβ”€β”€ topology-overview.md
β”‚   β”œβ”€β”€ vlan-breakdown.md
β”‚   β”œβ”€β”€ firewall-rules.md
β”‚   β”œβ”€β”€ services-config.md
β”‚   β”œβ”€β”€ remote-access.md
β”‚   └── recommendations.md

β”œβ”€β”€ configs/
β”‚   β”œβ”€β”€ pfSense/
β”‚   β”‚   β”œβ”€β”€ interfaces.conf.txt
β”‚   β”‚   β”œβ”€β”€ vlans.conf.txt
β”‚   β”‚   β”œβ”€β”€ dhcp-kea.conf.txt
β”‚   β”‚   β”œβ”€β”€ openvpn.conf.txt
β”‚   β”‚   └── firewall-rules.conf.txt
β”‚   β”œβ”€β”€ switch/
β”‚   β”‚   └── vlan-ports-config.txt
β”‚   └── dns-dhcp/
β”‚       └── host-reservations.yaml

β”œβ”€β”€ scripts/
β”‚   └── pfSense-backup.sh

β”œβ”€β”€ README.md  
β”œβ”€β”€ LICENSE

Recommendations for Future Enhancements

  • Deploy a centralized syslog or SIEM solution (e.g., Splunk or Graylog)
  • Integrate Snort or Suricata for IDS/IPS functionality
  • Automate configuration backups and version control using Git
  • Introduce IPv6 support and dual-stack compatibility
  • Expand HoneyNet with honeypots and alerting mechanisms
  • Implement high availability (HA) using pfSense CARP or VRRP

License

This project is licensed under the MIT License – see the LICENSE file for details.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published