I'm creating a lab for a project that will test a network security defense product's effectiveness in detecting various attacks. I have a physical server with 32GB of RAM and VirtualBox to create the network. I have one Windows server as a domain controller, DNS server, and maybe DHCP server, five Windows 7 machines to represent typical workstations, a Ubuntu server to run an internal website, probably email, and a probably a few other services, a network security defense project to analyze network traffic (I have Security Onion running Snort and will likely include other vendor products), and a Kali Linux box to represent an attacker trying to get into the network.
I don't want the Kali box already in the internal network as I don't think that would be very realistic- I want the attacker coming in from the outside. The network defense product needs to see network traffic inside the LAN so it can try to pick up the exploitation and post exploitation network activity, and it also needs to see C2 traffic going to and from the Kali box.
I will be testing attack vectors like email phishing with file format exploits, links to client side attacks, weak credentials in network services, exploitable and misconfigured network services, etc. and various post exploitation activities like escalating privileges, moving laterally across the network, and exfiltrating data.
I'm wondering how I can configure the network so that the Kali box is on the outside trying to break into the LAN of the lab network. I have created a network diagram, but I want to know if it will work, if there will be certain issues, or there is a better way to implement this. Please try to note that this will be implemented on a remote server. Here is the diagram I have created: http://gyazo.com/4d714084b9fe04f82cfd78a89a3d664a
Please let me know if you have any questions. Any help would be greatly appreciated. Thank you.
