Our "Isolated" Georgia Tech Information Security Center Experimental and Teaching Network:
History of the network and various pictures and diagrams of the early concepts and construction
The Georgia Tech Information Security Center Experimental and Teaching Network is a realistic isolated stand alone network consisting of the following:
1) an emulated “internet backbone”
2) an emulated enterprise that contains firewalls a DMZ, web servers, and emulated production machines (Note all of this proposal is an instructional and experimental network, not a real production network.)
3) an emulated “good ISP” that contains emulated remote office connections and VPNs
4) an emulated “university” that contains no firewalls, has VPN terminations, IPSEC, some in the clear connections, and an access control list
5) a “bad ISP” which is a haven for originating lots of evil hacker activity that we could never implement and instruct with if we were using a real production network environment
The network is targeted toward a student instructional laboratory where students carry out assigned laboratory exercises. The network is used to construct four Autonomous systems, an emulated “enterprise”, an emulated “good ISP”, an emulated “university”, and an emulated “bad ISP”. These autonomous systems are federated by a fifth autonomous system: an Information Assurance/Internetworking laboratory “Internet backbone” The student laboratory is totally isolated from production networks so that exploits and information assurance laboratory assignments do not have the potential to escape and proliferate on any production networks.
Each Autonomous system tries to represent some of the “typical” network configuration existing in the field:
 | The emulated “enterprise” consists of two redundant connected distribution layer Cisco 1760 routers, an access/edge Cisco 1760-VPN/K9 with firewall capability and VPN capability, and a DMZ with web servers followed by a PIX-515E firewall separating the DMZ from the remainder of the emulated enterprise network. The emulated “enterprise” allows students to experiment with a realistic enterprise topology that uses a recommended Cisco network topology of core, distribution, and access routers. Both OSPF and RIP routing protocols are being run in the emulated “enterprise”. |
| The emulated “good ISP” consists of several access routers including two Cisco 1760-VPN/K9, some Cisco 1720s and two Cisco 1721-VPN/K9 routers. The “good ISP” contains remote office enterprise connections through both VPNs and clear connections. |
| The emulated “university” consists of dual connected Cisco 3550s, a Cisco 3005 VPN concentrator. The emulated “university” has no firewall and terminates VPNs from emulated remote users. An access control list is used in the Cisco 3550. |
| The emulated “bad ISP” is a haven for hackers. It consists of a dual connected Cisco 3550 as well as a Cisco 1721-VPN/K9. |
The network consists of the following equipment along with previously existing networking equipment:
| Part number | Quantity | |||
| CISCO2621XM | 2 | |||
| CAB-AC | 2 | |||
| S26CP-12213 | 2 | |||
| MEM2600XM-32U64D | 2 | |||
| MEM2600XM-16U32FS | 2 | |||
| CVPN3005-E/FE-BUN | 1 | |||
| CVPN3005-SW-K9 | 1 | |||
| CAB-AC | 1 | |||
| PIX-515E-R-BUN | 1 | |||
| CAB-AC | 1 | |||
| PIX-515-VPN-3DES | 1 | |||
| SF-PIX-6.2 | 1 | |||
| PIX-515R-SW | 1 | |||
| CISCO1760-VPN/K9 | 6 | |||
| CAB-AC | 6 | |||
| MEM1700VPN-48U64D | 6 | |||
| MOD1700-VPN | 6 | |||
| S17C7HK9-12215T | 6 | |||
| CISCO1760 | 2 | |||
| CAB-AC | 2 | |||
| S17CP-12213T | 2 | |||
| MEM17XX-32U48D | 2 | |||
| WS-C3550-24-EMI | 5 | |||
| CAB-AC | 5 | |||
| WS-C3550-48-SMI | 1 | |||
| CAB-AC | 1 | |||
| WS-C3550-48-EMI | 2 | |||
