Updated Home Network

I’ve updated my home network security posture.  I’m pleased with it.  Prior to the update, I was monitoring my traffic using a span from my internal router to Security Onion.  My home network is an external router (from my ISP), my DMZ equipment (Set Top Box), an internal router (DD-WRT), and then my internal network.

The span was giving me performance issues on my router.  I disabled it.  I’m back to using a physical tap on the external interface of the DD-WRT interface.  I’m losing visibility due to the NAT, but my environment is limited enough that I should be able to infer who is doing what.

My sensor is now a CentOS box with Bro, Splunk, and Nessus.  Bro is monitoring the tap.  I’m in the process of configuring Nessus to scan my hosts.  Splunk is Splunk’ing all the data.  I decided to leave Security Onion since I found the full packet capture to be unnecessary for my environment and I strongly prefer Splunk over Elsa.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s