I have been using all these sites (TryHackMe, BlueLabsOnline, HacktheBox) to try and learn but I think the best way to get some knowledge is to monitor my own internet and see what kind of alerts I am getting and research them. The other day I purchased a new switch (16 ports) up from the 8 port switch that I currently use. Really I only needed like 10 ports but it was hard to find a 10 or 12-port switch. The Zyxel GS-1100 16 switch I purchased was used (40$ vice MSRP of about 100$).
I figured I could use it to create a spanning port for now, or try and acquire a cheap TAP (whereas I would not need the extra ports). In the TAP scenario, I figure the best place to TAP would be between the router and the modem. For spanning, I would span port 1 (the one coming from the router).
I already have an extra NIC in my main computer, and planning on building a new SecurityOnion 2.3 VM to start with. I thought of SecurityOnion 16.04, but believe it's better to go newer. I might also build a few other VMs. Currently thinking also of building a Splunk VM, but curious to think of what other VMs for monitoring traffic might be best.
I have seen other systems like OpenNSM, and DynamiteNSM, or I could try and roll something myself. That could be interesting, not sure I know what I would be doing or what I would want in the system.
No comments:
Post a Comment