Our intentions here are to provide a number of layers that we, as an externally located attacker, may have to penetrate to get to the target. This is the reality of external testing; many of the targets will have multiple protections in place between the attacker and the target. Fortunately, as these machines are required to allow access to services from the outside, they will also provide access to us as we conduct our testing.
We will build our network architecture to provide the layers that are shown in the following diagram:
As the diagram shows, we are using the OWASP Broken Web Application (BWA) machine for our target at the different layers. This can be any machine that you want to test; for now, we will use this one as an example. The research you have done up to this point will assist in what machines you need to configure within the architecture. Once you have the switches defined and the layers created, the...