Skip to content

This project is a practical simulation focused on securing a segmented network environment using Cisco Packet Tracer. It demonstrates key cybersecurity practices including VLAN segmentation, DHCP snooping, port security, ARP inspection, ACLs, attack simulation, and incident response

Notifications You must be signed in to change notification settings

Manar-Hossam/cyber-shield-network-simulation

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 

Repository files navigation

Cyber Shield: A Practical Cyber Security Project

This is a simulated cybersecurity project built in Cisco Packet Tracer. It demonstrates network segmentation, threat detection, logging, access control, and incident response using a multilayer switch and multiple VLANs.


🧠 Objective

To implement core cybersecurity concepts in a simulated enterprise network environment using practical tools such as VLAN segmentation, ACLs, port security, DHCP snooping, ARP inspection, syslog, and simulated attacks.


🖥️ Topology Overview

Network Topology


🧩 Network Structure

  • Multilayer Switch (MLS) used for Inter-VLAN Routing
  • Switch0–Switch3 for VLAN distribution
  • 4 VLANs:
    • VLAN 10: Management
    • VLAN 20: HR
    • VLAN 30: Finance
    • VLAN 40: Guests
  • VLAN 99: Isolated attacker network

🔒 Security Implementations

1. Network Security

  • VLAN Segmentation
  • Port Security (restrict MACs on ports)
  • DHCP Snooping (on Switch1 and Switch0)
  • Dynamic ARP Inspection (on Switch0)
  • Access Control List (ACL) to block attacker (BLOCK_ATTACKER)

2. Threat Simulation

  • Attacker in VLAN 99 assigned static IP
  • Spoofing attempt simulated and blocked

3. Logging & Monitoring

  • Syslog Server receives security logs
  • NTP used for time synchronization

🔄 Failover and Testing

  • Tested attacker’s ability to reach sensitive VLANs
  • Verified ACL functionality using ping tests
  • Verified blocking via DHCP Snooping & ARP Inspection
  • show log, show ip dhcp snooping binding, show mac address-table used for validation

⚙️ Configuration Highlights

Access Control List:

ip access-list extended BLOCK_ATTACKER
 deny ip 192.168.99.10 0.0.0.0 any
 permit ip any any

DHCP Snooping:

ip dhcp snooping
ip dhcp snooping vlan 10,20,30,40,99
int fa0/5
 ip dhcp snooping trust

DAI:

ip arp inspection vlan 99
int fa0/4
 ip arp inspection trust

🧪 Verification Commands

show vlan brief
show ip interface brief
show running-config
show mac address-table
show ip dhcp snooping binding
show ip arp inspection
show log

📁 Files Included

  • CyberShield.pkt: Main Packet Tracer file
  • README.md: This documentation file
  • topology.png: Network topology image

✅ Conclusion

This simulation offers a full-stack view of how security can be layered in an enterprise network. From segmentation and ACLs to logging and spoofing defense, it serves as a strong foundational project for entry-level network security learning and demonstration.

About

This project is a practical simulation focused on securing a segmented network environment using Cisco Packet Tracer. It demonstrates key cybersecurity practices including VLAN segmentation, DHCP snooping, port security, ARP inspection, ACLs, attack simulation, and incident response

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published