After a few reloads I have SecurityOnion 2.3 on my home network. I have set up a TAP between my Netgear Mesh MR60 and the TP-LINK SG108 Switch. 90% of my traffic is WiFi, with only a few dedicated hard-wired machines.
Hardwired machines: My desktop, My Work Computer, Phillips Hue, and backhaul for one of the MS60 (Netgear Mesh).
Wifi: Everything else (TVs, Garage Door, Roku's, Apple TV, Phones (a lot), Tablets, 4x Laptops)
Currently, I am wondering if I should move the TAP from between the LAN/Switch, to the WAN/Modem side. From there I could possibly create a spanning port on the switch (Which is getting replaced soon with Zyxel GS1100 16) for the rest of the traffic.
Below is my current alerts (I cut off the IPs).
The first alert I noticed (not in the image) was:
ET POLICY Incoming Basic Auth Base64 HTTP Password detected unencrypted. (IP was my router).
I think I was expecting more alerts on my network, but it could be just the TAP placement.
No comments:
Post a Comment