Updated Home Network

I’ve updated my home network security posture.  I’m pleased with it.  Prior to the update, I was monitoring my traffic using a span from my internal router to Security Onion.  My home network is an external router (from my ISP), my DMZ equipment (Set Top Box), an internal router (DD-WRT), and then my internal network.

The span was giving me performance issues on my router.  I disabled it.  I’m back to using a physical tap on the external interface of the DD-WRT interface.  I’m losing visibility due to the NAT, but my environment is limited enough that I should be able to infer who is doing what.

My sensor is now a CentOS box with Bro, Splunk, and Nessus.  Bro is monitoring the tap.  I’m in the process of configuring Nessus to scan my hosts.  Splunk is Splunk’ing all the data.  I decided to leave Security Onion since I found the full packet capture to be unnecessary for my environment and I strongly prefer Splunk over Elsa.

Gift Ideas

These are both pretty cool gift ideas.

A seller named GiantEye offers Lock Pick Earrings on Etsy for $40.  They seem like a good gift idea.  I’m unfamiliar with GiantEye, but the site is advertising the picks can be used.  I don’t know if I’d ever try using them though given their decorative purpose.

Rift Recon is offering a set of small picks called a Bogota.  I was unfamiliar with the term.  It is used to reference smaller lock picks that can be discretely hidden.  These smaller picks are also $40.  I was introduced to Rift Recon at DefCon.  They were demonstrating their Red Team Kit at the Security Sociability party.

I’m considering abandoning Security Onion.  I can’t justify the full packet capture.  I don’t have the hardware resources.  I’m thinking about using a standard Linux install with just Bro and Splunk.  I can’t get in to ELSA and Bro is my favorite part of Security Onion.