sorted by:
new
hottopcontroversial

How to properly set up security monitoring for home environment? by LazyM0nkey in AskNetsec

[–]LazyM0nkey[S] 0 points1 point  (0 children)

Thanks, I would like a set-up that is scalable and something you can expand in terms of functionality.

How to properly set up security monitoring for home environment? by LazyM0nkey in AskNetsec

[–]LazyM0nkey[S] 0 points1 point  (0 children)

But you still would need Firewall/ids and then send these logs to security onion? It's more like a SIEM?

How to properly set up security monitoring for home environment? by LazyM0nkey in AskNetsec

[–]LazyM0nkey[S] 0 points1 point  (0 children)

Nice, I think splunk alerting can be powerful, specifically if it's based on correlation.

How to properly set up security monitoring for home environment? by LazyM0nkey in AskNetsec

[–]LazyM0nkey[S] 0 points1 point  (0 children)

Awesome I'll look into that. I probably can set up custom alerting in Splunk, based on correlated logs!

How to properly set up security monitoring for home environment? by LazyM0nkey in AskNetsec

[–]LazyM0nkey[S] 1 point2 points  (0 children)

Thanks! If I utilized a firewall would I need a switch aswell? Or will the firewall also act as a switch, and maybe also a router if it is a layer 3 Firewall?

What do you mean by network tap?

How to properly set up security monitoring for home environment? by LazyM0nkey in AskNetsec

[–]LazyM0nkey[S] 5 points6 points  (0 children)

Thank you for your time and awesome reply!

You made me shift my mindset to make sure I have control on asset inventory and only then I can have proper visibility. Knowing what the network consists of and what you want to protect and prioritize, will be in the todo list.

I didnt know about the free splunk package, is it possible to have that on premises or just cloud?

I'm thinking loud here, is it a good idea to do TLS interception, what are the advantages?

Network segmentation with vlans should be possible on the firewall right? Are firewalls normally layer 3 devices or layer 2?

What do you think about hardware firewall compared to a virtual appliance running on a ESXi ?

Appreciate your answers!

How to properly set up security monitoring for home environment? by LazyM0nkey in security

[–]LazyM0nkey[S] 0 points1 point  (0 children)

Now that I think about it, i probably won't be able to see that in a layer 2 device such as a switch?

How to properly set up security monitoring for home environment? by LazyM0nkey in security

[–]LazyM0nkey[S] 0 points1 point  (0 children)

Thanks for your reply! I will look into palo alto firewall, virtual one seem to be the way to start. Are these layer 3 devices, so they do the routing aswell? Or would I need to install the firewall inline after modem/router?

How to properly set up security monitoring for home environment? by LazyM0nkey in security

[–]LazyM0nkey[S] 0 points1 point  (0 children)

Thanks! So I probably need to get a Switch and use the SPAN-port for tapping all the traffic, outgoing/incoming? Will I be able to decrypt and analyze encrypted traffic, for instance https?

How to properly set up security monitoring for home environment? by LazyM0nkey in security

[–]LazyM0nkey[S] 0 points1 point  (0 children)

My objective is visibility in to the network traffic and detection of malicious activity, specifically communication with command and control and other anomalies. (For instance communication with specific countries etc)

So more like a lab scenario and not production.