Byzantium Install Guide

The Byzantium server acts as the barrier between the WAN and LAN in the Kali Purple Reference Architecture.

Network Interfaces

Because Byzantium acts as a firewall, it is important that it is connected to both the LAN and WAN networks. The reference architecture also recommends making a “Secure Server Net” (SSN) for Violet, Purple, and Eminence, then connecting Byzantium to these SSNs.

These network interfaces can be physical interfaces if you are running Byzantium on bare metal, or virtual networks provided by your hypervisor. Before you install Byzantium, you must have a WAN and LAN interface installed on the machine, virtual or otherwise.

Prerequisites

• OPNsense DVD disk image
• Machine (Virtual or bare metal) with AT LEAST 2 separate network interfaces.

Installation

The host operating system for Byzantium is OPNsense

1. Download the OPNsense DVD disk image
2. Set Up Machine
3. Ensure that the virtual machine is connected to both the WAN and LAN networks.
4. When you reach the OPNsense installation prompt, login as installer with password opnsense
5. Select your desired keyboard layout, “US” is the default
6. Choose “Install (UFS)”
7. Choose the correct disk, name may differ by hypervisor
8. Accept the default swap partition size
9. Select “Yes”, then wait for the install to complete.
10. Select “Change root password”
11. Give it a very secure password, then confirm on the next prompt
12. Select “Complete Install”
13. Wait for the system to reboot

Setup

1. Login with root and the password you set before
2. Enter 2 to set the IP address for your LAN network
3. Disable DHCP
4. Assign it the IP 192.168.1.1 and subnet bit count 24
5. When prompted for an upstream gateway address, just press <ENTER>
6. Do not configure an IPv6 address!
7. Do not enable the DHCP server on LAN
8. Select y for changing the web GUI protocol and restoring web GUI access defaults
9. Log into the web interface at 192.168.1.1 with username root and the password you set earlier. You should be redirected to the system setup wizard. If you are not, you can find it in the sidebar under System > Wizard
10. Enter the desired information such as hostname and DNS servers.
11. Set the server time zone
12. Don’t make any changes on “Configure WAN Interface” or “Configure LAN Interface”
13. Skip the root password prompt and click “Reload” to apply the changes
14. Navigate to System > Settings > Administration. Here you can enable HTTPS for the web GUI and make other changes that control access to the OPNsense server.

More Tools

In order to complete a Byzantium setup as shown in the Kali Purple Reference Architecture, follow these linked guides to install & set up the the other tools included in Byzantium.

• Suricata - Intrusion Detection/Prevention System
• Unbound - DNS
• Squid - Proxy
• NGINX - Reverse Proxy
• NAXSI - Web Application Firewall

Notes

OPNsense has an online manual you can read here

Updating

OPNsense will occasionally have updates, when updates are available it is recommended to log into OPNsense by VGA or Serial, simply choose option 12 after logging in as root.

Some plugins may require a system update in order to install, if this is the case the required version will be displayed in the plugin install log output.

Monitoring & Alerts

Monit