Sunday, May 8, 2022

Home Setup - Initial

 I have been using all these sites (TryHackMe, BlueLabsOnline, HacktheBox) to try and learn but I think the best way to get some knowledge is to monitor my own internet and see what kind of alerts I am getting and research them.   The other day I purchased a new switch (16 ports) up from the 8 port switch that I currently use.   Really I only needed like 10 ports but it was hard to find a 10 or 12-port switch.  The Zyxel GS-1100 16 switch I purchased was used (40$ vice MSRP of about 100$).  

I figured I could use it to create a spanning port for now, or try and acquire a cheap TAP (whereas I would not need the extra ports).     In the TAP scenario, I figure the best place to TAP would be between the router and the modem.  For spanning, I would span port 1 (the one coming from the router). 

I already have an extra NIC in my main computer, and planning on building a new SecurityOnion 2.3 VM to start with.  I thought of SecurityOnion 16.04, but believe it's better to go newer. I might also build a few other VMs.  Currently thinking also of building a Splunk VM, but curious to think of what other VMs for monitoring traffic might be best.  

I have seen other systems like OpenNSM, and DynamiteNSM, or I could try and roll something myself.  That could be interesting, not sure I know what I would be doing or what I would want in the system.


No comments:

Post a Comment