Module: COMP10014 — Network Security | University of the West of Scotland
Topic: Virtualised Network Lab Infrastructure using VirtualBox
Provision a multi-VM virtualised network lab environment to support all Network Security module labs. The environment simulates a realistic network topology with isolated Client, Server, Attacker, Router, and Mirrored VMs.
| Tool | Version | Role |
|---|---|---|
| Oracle VirtualBox | — | Hypervisor for all VMs |
| Ubuntu | 20.04.4 LTS x64 | Base operating system for all VMs |
Five linked-clone VMs were created from a single master image:
| VM Name | Primary Role | Interface |
|---|---|---|
Client |
End-user workstation | enp0s3 |
Server |
Web/application server | enp0s3 |
Attacker |
Offensive security testing | enp0s3 |
Router |
Inter-subnet routing | enp0s3/8/9/10 |
Mirrored |
Network IDS sensor (Snort) | enp0s3 (promiscuous) |
┌─────────────┐
│ Router VM │
│ 10.0.1.1 │ enp0s3
│ 10.0.2.1 │ enp0s8
│ 10.0.3.1 │ enp0s9
└──────┬──────┘
┌───────────────┼───────────────┐
│ │ │
10.0.1.0/24 10.0.2.0/24 10.0.3.0/24
┌──────┴──────┐ ┌──────┴──────┐ ┌──────┴──────┐
│ Client VM │ │ Server VM │ │ Mirrored VM │
│ 10.0.1.2 │ │ 10.0.2.2 │ │ 10.0.3.2 │
└─────────────┘ └─────────────┘ └─────────────┘
┌─────────────┐
│ Attacker VM │
│ (variable) │
└─────────────┘
Set the default VM storage path to a dedicated NSVMs directory to keep all VM files organised.
Downloaded the Ubuntu 20.04.4 base image from the module VLE. Registered it in VirtualBox as Ubuntu 20.04.4 x64 Master with 2048 MB RAM using an existing virtual disk.
Created five linked clones from the master image — never starting the master VM directly.
Linked Clone vs Full Clone:
- Full Clone — copies the entire disk for each VM (high storage cost)
- Linked Clone — shares the parent virtual disk; only stores differences (efficient, recommended for lab use)
Each clone was created with "Generate new MAC Addresses for all network adapters" enabled — critical to prevent MAC address conflicts on the same network segment, which would cause routing failures and ARP collisions.
Configured VirtualBox internal networks and NAT adapters per VM to match the target topology.
The Mirrored VM interface was set to promiscuous mode — required for Snort to receive traffic not addressed to its own MAC address.
- MAC address uniqueness is mandatory on any shared network segment. Duplicate MACs cause ARP table corruption and communication failures across all affected hosts.
- Linked clones significantly reduce storage overhead in multi-VM lab environments — all VMs share a common base disk.
- Promiscuous mode allows a NIC to process all frames on the wire, not just those addressed to it — essential for passive network monitoring.
- Snapshots were taken before each lab session to provide a safe rollback point.
This environment was used exclusively for authorised academic security lab exercises within the University of the West of Scotland's COMP10014 module.