Skip to content

cybergirlApurva/SASEforge

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
architecture
architecture
 
 
docs
docs
 
 
phase1-network
phase1-network
 
 
phase2-perimeter
phase2-perimeter
 
 
phase3-proxy-casb
phase3-proxy-casb
 
 
phase4-identity
phase4-identity
 
 
phase5-siem
phase5-siem
 
 
README.md
README.md
 
 

Repository files navigation

SASEforge

A hands-on implementation of a Secure Access Service Edge (SASE) security platform built from scratch using open-source tools. This project simulates a real enterprise network with multiple security layers including firewall, VPN, proxy, CASB, ZTNA, and SIEM — all running on Docker and VirtualBox.

MS Computer Networks semester project | Built for learning, portfolio, and real-world relevance.

Architecture Overview

[ Remote Users / Internet ]
         |
   [ WireGuard VPN ]
         |
   [ pfSense Firewall ]
         |
   [ Suricata IDS/IPS ]
         |
   [ Squid Proxy + CASB Rules ]
         |
   [ Keycloak IdP + OPA (ZTNA) ]
         |
   [ Internal Resources: DMZ / App / DB ]
         |
   [ ELK Stack - SIEM + Kibana Dashboard ]

Components

Layer Tool Purpose
Firewall pfSense Perimeter policy enforcement, network segmentation
VPN WireGuard Encrypted remote access tunneling
IDS/IPS Suricata Intrusion detection with custom rules
Proxy Squid + mitmproxy SSL inspection, content filtering
CASB Custom proxy rules Cloud app traffic control (block/allow)
Identity Keycloak OAuth2, MFA, SSO
ZTNA Open Policy Agent Per-request, attribute-based access control
SIEM ELK Stack Log aggregation, dashboards, alerting

Project Structure

SASEforge/
├── README.md
├── architecture/
│   └── architecture.svg
├── phase1-network/
│   └── docker-compose.yml
├── phase2-perimeter/
│   ├── wireguard/
│   └── suricata/
├── phase3-proxy-casb/
│   └── squid/
├── phase4-identity/
│   ├── keycloak/
│   └── opa-policies/
├── phase5-siem/
│   └── elk/
└── docs/
    └── threat-model.md

Build Roadmap

  • Phase 0 - GitHub repo setup
  • Phase 1 - Network foundation (Docker + VLANs)
  • Phase 2 - Perimeter security (pfSense + WireGuard + Suricata)
  • Phase 3 - Proxy and CASB (Squid + SSL inspection)
  • Phase 4 - Identity and ZTNA (Keycloak + OPA)
  • Phase 5 - SIEM and attack simulation (ELK + Kibana)
  • Phase 6 - Documentation and demo video

Tech Stack

Docker pfSense WireGuard Elastic Keycloak

Tools: pfSense, WireGuard, Suricata, Squid, mitmproxy, Keycloak, Open Policy Agent, Elasticsearch, Logstash, Kibana

Platform: macOS, Docker, VirtualBox

Threat Model

Threats are mapped to the MITRE ATT&CK framework. See docs/threat-model.md for full details.

Key attack scenarios simulated:

  • Port scanning and reconnaissance (T1046)
  • Brute force login attempts (T1110)
  • Unauthorized cloud app access (T1567)
  • Lateral movement across VLANs (T1021)

Getting Started

Prerequisites

  • macOS with Docker Desktop installed
  • VirtualBox installed
  • Git

Clone the repo

git clone https://github.com/cybergirlApurva/SASEforge.git
cd SASEforge

Each phase folder contains its own setup instructions. Start with phase1-network/.

Why SASE?

This project demonstrates hands-on implementation of every major SASE component in a working lab environment.

Author

Apurva | MS Computer Networks
GitHub

License

MIT License

About

No description or website provided.

Topics

docker keycloak cybersecurity suricata network-security wireguard elk-stack casb sase ztna

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages