Updated Home Network

I’ve updated my home network security posture.  I’m pleased with it.  Prior to the update, I was monitoring my traffic using a span from my internal router to Security Onion.  My home network is an external router (from my ISP), my DMZ equipment (Set Top Box), an internal router (DD-WRT), and then my internal network.

The span was giving me performance issues on my router.  I disabled it.  I’m back to using a physical tap on the external interface of the DD-WRT interface.  I’m losing visibility due to the NAT, but my environment is limited enough that I should be able to infer who is doing what.

My sensor is now a CentOS box with Bro, Splunk, and Nessus.  Bro is monitoring the tap.  I’m in the process of configuring Nessus to scan my hosts.  Splunk is Splunk’ing all the data.  I decided to leave Security Onion since I found the full packet capture to be unnecessary for my environment and I strongly prefer Splunk over Elsa.