CompTIA SpiceWorld 2018 Demo Project and VM Readme

Author: Lee McWhorter (lee@mcwhortertechnologies.com)

This readme covers the GNS3 portable project and OSSIM VM files used during the CompTIA SpiceWorld 2018 presention and demonstation.

The CompTIA-SpiceWorld2018-Demo.gns3project file is a GNS3 portable project which contains:

1 VyOS router
3 Open vSwitch switches
1 Firefox appliance (IP is 10.1.1.250 via Control panel or BASH script in home directory)
1 KaliLinux-CLI appliance (various command line tools like metasploit framework & hydra)
1 Ntopng (trial) appliance

(Note: The above appliances are standard and available free from the GNS3 Marketplace.  The appliances below were custom created by the author and available from https://hub.docker.com/u/tleemcjr/ though already included in this project.)

1 Net-Def appliance (various scanners and tools such as OpenVAS, Nikto, etc.)
1 Metasploitable2
1 Damn Vulnerable Web Application (DVWA)
1 Darkstat-Snort

The 'Net/Outside' network is 10.1.1.x
The 'DMZ' is 10.10.10.x
The 'Management LAN' is 172.16.10.x

The DMZ switch is set up as follows:
eth0 - eth3 are standard switch ports
eth4 - eth6 have port mirroring set up on eth1 - eth3
eth7 - eth15 are standard switch ports

The topology is open, with no firewall rules or vlans in place.  All IP addresses are static and pre-configured.

The CompTIA-SpiceWorld2018-Demo-OSSIM.ova contains a pre-installed OSSIM VirtualBox virtual machine.  The Management interface has been set to 172.16.10.2 during install with the root user's password simply being password.  Once integrated with the GNS3 project, use the Firefox appliance to naviagate to http://172.16.10.2 (you will have to accept the untrusted certificate) and complete the form, setting up a web interface admin user password of anything you choose or simply again use password. You will also use the wizard to set your copy of OSSIM up to work within the GNS3 network (see below) by configing the monitoring port.

To include the provided OSSIM VM within the GNS3 topology you will need to create two new VirtualBox Host-only adapters.  The first will be for the Management interface, give it the IP address of 172.16.10.250 and a netmask of 255.255.255.0.  The second will be for the monitoring interface, give it the IP address of 10.10.10.250 and a netmask of 255.255.255.0.  You can do this by choosing Host Network Mananger from VirtualBox File menu and clicking the Create button.

Assign these new adapters to the OSSIM VM under Settings and Network.  Assign the first one (likely #2) to the first Adapter and the second (likely #3) to the second Adapter of the VM.  Under Advanced, make sure the Cable connected check box is checked.

NOTE:  You should reboot after adding the new Host-only adapters or it is very likely they will not show up in GNS3.

Then within GNS3, add a Cloud for each OSSIM interface (Management and TAP) to the topology and then right click on it and choose Configure.  Remove any existing interfaces from the list, then click the "Show special Ethernet Intefaces" check box near the bottom and from the drop-down choose the new Virtualbox Host-Only Network #X (where X is the number of the new Host-only adapters, likely #2 and #3).

Once these have been added, click the cabling icon in GNS3 and connect the Cloud representing Management Host-Only adapter to the Management LAN switch.  Then connect the Cloud representing the Monitoring or TAP interface to the DMZ switch on a mirroring port such as eth3.  You should now be able to launch the OSSIM VM from VirtualBox and once it boots up, it should be fully accessible from within the GNS3 topology, finish its setup and use it as you wish.