I'm a third year undergraduate studying computer forensics and it security.
I'm very interested in pen testing/ethical hacking and have decided to do my final year project on the subject.
I'm not exactly a novice on the subject but I am far (like observable universe far) from an expert.
Ideally I want to simulate a small business network (maybe a online retail shop or something) and hack into it, thus simulating/completing a pen test. The goal of the project is to create a pen test report and a document that could be used to improve awareness of vulnerabilities and thus solutions for small local businesses that could suffer greatly from an attack and are looking to beef up security.
I'm having a problem with setting up the network in a realistic way; trying to realistically simulate a online shop is obviously an issue without spewing traffic and my own credit card numbers everywhere so I've decided to go against the online retail idea and use just a generic small business network.
I'm gonna have metasploitable as one of the virtual machines on the network and implement the use of a sonicwall firewall (i can get my hands on one of them) to test the differences in how hard the network is to hack with/without firewalls, but aside from this I'm pretty stumped on what physical/virtual machines to put in the network to simulate a business network.
My question essentially is has anyone here ever via experiment done anything similar? And is there any other simulations like metasploitable out there that could be used on the network?
Also any input would be greatly appreciated and thanks in advance for the help.