How do I get some hands on experience of expensive Information Security Devices

I want to significantly enhance my knowledge of several InfoSec tools and devices such as IPS/IDS/ Firewalls/ UAM / WAF/ DLP/ Load Balancers, SIEM (QRadar) etc.
However all these are very expensive. I don't have any chance of using these in my current job. Most educational places I called dont have these. I have tried to gain as much insight as possible from online books/ videos on udemy/ youtube etc. BUT how do I get some real time hands on experience?

Comments

  • IristheangelIristheangel CCIEx2 (Sec + DC), CCNP RS, CCNA V/S/R/DC, CISSP, CEH, MCSE 2003, A+/L+/N+/S+, and a lot more from m Pasadena, CAMod Posts: 4,124 Mod
    Virtualize where possible, talk to sales engineers to get free virtualized software and/or eval licenses, etc. Usually requires a bit of resourcefulness and a virtualized environment you can stand up.
    BS, MS, and CCIE #50931
    Blog: www.network-node.com
  • scaredoftestsscaredoftests Security +, ITIL Foundation, MPT, EPO, ACAS, HTL behind youMod Posts: 2,742 Mod
    you can pay for 'labs' at measure up. Worth it.
    Never let your fear decide your fate....
  • TechGromitTechGromit A+, N+, GSEC, GCIH, GREM, Ontario, NY Member Posts: 1,975 ■■■■■■■■□□
    kabooter wrote: »
    I want to significantly enhance my knowledge of several InfoSec tools and devices such as IPS/IDS/ Firewalls/ UAM / WAF/ DLP/ Load Balancers, SIEM (QRadar) etc.
    However all these are very expensive. I don't have any chance of using these in my current job.

    These devices are basically just servers with software.

    1. Get yourself a used server off Ebay, something with two network interfaces.
    2. Install some version of Linux
    3. Get free / open source Linux software to practice on, Firewall, IDP, IPS, are all available, not sure about load balancers. The software may be different, but the principals are the same.
    Still searching for the corner in a round room.
  • 636-555-3226636-555-3226 Member Posts: 976 ■■■■■□□□□□
    download & play with security onion, opendns, splunk
  • dmoore44dmoore44 Member Posts: 646
    For commercial software (ArcSight, QRadar, DLP), you don't.

    However, there are usually open source equivalents to commercial software. Or, in some cases, the commercial software is just open source software sold with a support contract, or as some sort of pre-packaged appliance (Bro and SourceFIRE/Snort come to mind).

    If you want experience with tools found in a SOC, give this a look: https://www.tripwire.com/state-of-security/security-data-protection/sweet-security-part-2-creating-a-defensible-raspberry-pi/
    Graduated Carnegie Mellon University MSIT: Information Security & Assurance Currently Reading Books on TensorFlow
  • kabooterkabooter Member Posts: 115
    Thank you all for the informative replies, specially dmoore44 and TechGromit. I have quite a bit to look at now and hopefully this will be enough for me to have a good understanding of these devices and how they work.
    On a related note, can someone please let me know how is TippingPoint 200E Intrusion Prevention System? I can buy one of these off a site for under $100
  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    Buy the equipment.

    -Get a server with atleast 64 gigs of ram.
    -Build out a network.
    -Buy some actual security products
    -Get some trial/free security products
    -Use VMs when you can


    It's gonna cost some money but the more you can get your hands on, the better you're off.
    I don't know where you live but Davenport University has hands on stuff. The networking program that they have is with Cisco and they have some good equipment and some security appliances from Cisco (ASAs) as well.
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • shochanshochan Member Posts: 903 ■■■■■■□□□□
    kabooter wrote: »
    I want to significantly enhance my knowledge of several InfoSec tools and devices such as IPS/IDS/ Firewalls/ UAM / WAF/ DLP/ Load Balancers, SIEM (QRadar) etc.
    However all these are very expensive. I don't have any chance of using these in my current job. Most educational places I called dont have these. I have tried to gain as much insight as possible from online books/ videos on udemy/ youtube etc. BUT how do I get some real time hands on experience?

    You could download & install Kali Linux on to a VM or physical server/beefy wkstn.
    AND
    https://kali.training/

    Cheers & HI5!



    "It's not good when it's done, it's done when it's good" ~ Danny Carey
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,871 Mod
    Tons of free stuff out there: Security Onion, pfSense, Splunk, ELK stash, OSSIM, SNORT, SIFT, Kali, etc. In regards to equipment, if resources are limited feel free to start small and don't overthink it. Unless you want super speed, you don't need to go too crazy on hardware right from the get-go. My lab runs on a small Shuttle machine with an i7 and 16GB RAM. I spin things up and down as needed. Not the fastest in the world but when labbing I rarely need crazy amounts of CPU and RAM simultaneously. But if you can afford a good strong lab then definitely go for it. Once you master those free tools, the knowledge directly transfers to the big ticket tools that everyone and their mother uses.

    I want to add that every single time I interview candidates for a security analyst position and ask about a lab, the vast majority (85%+) who claim to have one can't say what they have done. Saying "sure, I have a lab with Kali" is not the same as saying "I have installed Snort and Security Onion, sent the logs to Splunk, and created some intelligence and visualizations".
  • kabooterkabooter Member Posts: 115
    cyberguypr, shochan, jamesleecoleman - Thank you for your replies. I have already setup up a lab by buying a server with 16 GB and am dong CEH course labs on it. I also have router/ switch. However some of the more expensive but commonly used devices like IPS/IDS etc seemed to be out of reach. I will look into Security Onion, pfSense, Splunk, ELK stash, OSSIM, SNORT, SIFT. Hopefully this alongwith online videos will provide me with enough firepower to overcome interview challenges.
  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    I also want to add that if you can, try to learn how this stuff works. Such as how information goes through the network and how websites works. It will help with troubleshooting and knowing whats going on in the background.
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • olaHaloolaHalo Member Posts: 748 ■■■■□□□□□□
    Most vendors have virtual images you can download.
    Setup a lab using something like Eve-NG or the better versions of VMware
  • kabooterkabooter Member Posts: 115
    Nice. Thank you all for replying. Quite a bit of info here. So it looks like that being self study would be a very good option for getting some hands on experience. I did setup a lab on dell workstation with i5 quad core, 1 TB HD and 12 GB RAM. Do I need 32 GB or 64 GB RAM if i need to setup some virtual windows vms on it?
  • tripleatriplea SSCP, MCP, MCTS, MSDST, Sec+, ITIL-Fv3, CCA, eJPT UKMember Posts: 179 ■■■□□□□□□□
    This is a great thread.



    Im also wanting to grab some hands on knowledge here so is this feasible?


    Thinking of building a microserver on a decent spec and having server 2012 or similar running on it and adding maybe 5 VMs so I can use the nessus home version to try out vunerabilities assesment. I could setup WSUS but Im fairly familiar so is there any other well known patching software out there that is free/free for home/30 day etc?


    Im presuming I can add another VM to be my firewall, recommendations etc? Again presuming the firewall would have its outbound address as the internet address from the ISP and the internal network address as the one that is 'virtual' shared network for my server and VMs. Giving my guests the proxy of the server and pointing my server to the firewall then out to the web. Hope that makes sense.

    Best monitoring software to use/report?


    Im also going to try to VPN into this from other locations so is there a recommended VPN software for this the big companies use ( again demos please icon_smile.gif or free )


    I dont pay for a fixed IP address so is there anything that forwards via software ( I think there was something called noip before )
    Really would like to get as much hands on as poss that relates to real experience same as OP

    Cheers.
  • jamthatjamthat Member Posts: 303 ■■■□□□□□□□
    Haven't seen AWS mentioned yet. It's pay to play, but a lot of what you listed has pre-built AMI's you can spin up and screw around with for a few hours to at least become familiar with them. You'll also be getting exposure to AWS itself which is extremely good knowledge to have in general these days.

    Just don't accidentally leave everything powered on!
Sign In or Register to comment.