Home Lab for IPS/IDS, SNORT, PFSENSE etc or a commercial product?

KapitalKapital Posts: 33Member ■■□□□□□□□□
I need to get more hands on experience of IPS/IDS, FIREWALLS, SIEM etc. and was wondering should I choose option 1 or 2.
1. Set up home lab on old but powerful PC with Virtualbox, SNORT, SURICATA, pfsense and Splunk.
2. Try to find a similar configuration available commercially (cloud?) which will help me come upto speed without hassles.
Those of you who have tried similar setups, what would you recommend? Which path will be least painless and quicker to get me more exposure?

Comments

  • KapitalKapital Posts: 33Member ■■□□□□□□□□
    Please PM me if anyone has experience of setting up home lab and can walk me through the basic usage of packet capture, event triggers etc. to understand the devices. I can do it myself but obviously will stumble several times. Instead, I can happily pay for your time and effort.
  • KapitalKapital Posts: 33Member ■■□□□□□□□□
    paul78 wrote: »
    paul78 - Thanks a lot for the youtube links. I did come across them earlier but noticed that there will be lot of hair pulling involved if I tried to do it myself icon_smile.gif hence the request to engage someone experienced.
    if push comes to shove then I will roll up the sleeves.
  • cyberguyprcyberguypr Senior Member Posts: 6,637Mod Mod
    I have to put here what I told you via PM for the benefit of others. Tust me, you don't want anyone to do this for you. The greatest value for you IS that hair pulling. Sure someone can do it and then you look at the results, but deploying this and banging your head against a wall will be the best experience you can get. You know what they say: no pain, no gain.
  • paul78paul78 Posts: 2,856Member ■■■■■■■■■■
    cyberguypr wrote: »
    I have to put here what I told you via PM for the benefit of others. Tust me, you don't want anyone to do this for you. The greatest value for you IS that hair pulling. Sure someone can do it and then you look at the results, but deploying this and banging your head against a wall will be the best experience you can get. You know what they say: no pain, no gain.
    I will second that statement.

    @Kapital - if your intent is to learn the technology - there is no substitute for doing it yourself. And when you are stuck - that's a good time to ask the question.
  • tedjamestedjames Scruffy-looking nerfherdr Posts: 878Member ■■■■□□□□□□
    You'll learn and retain more by doing it yourself. I usually document these things so I'll have a repeatable process. You might not need to perform a specific task for another year; so if you document the process, you won't have to relearn.
  • yoba222yoba222 Posts: 889Member ■■■■□□□□□□
    The book titled Building Virtual Machine Labs by Tony Robinson covers everything you're looking for.
    Obtained: A+ | Network+ | Security+ | CySA+ | PenTest+ | CAPM | eJPT | CCNA R&S | CCNA CyberOps | GCIH | LFCS
    2018: Virtual Hacking Labs
    2019: eCPPT &/or OSCP | CISSP
  • victor.s.andreivictor.s.andrei Posts: 70Member ■■■□□□□□□□
    Kapital wrote: »
    I need to get more hands on experience of IPS/IDS, FIREWALLS, SIEM etc. and was wondering should I choose option 1 or 2.
    1. Set up home lab on old but powerful PC with Virtualbox, SNORT, SURICATA, pfsense and Splunk.
    2. Try to find a similar configuration available commercially (cloud?) which will help me come upto speed without hassles.
    Those of you who have tried similar setups, what would you recommend? Which path will be least painless and quicker to get me more exposure?

    Install Snort and tcpdump on a Debian or Red Hat AMI in your own VPC in the AWS cloud. Use t2.micro instances or t2.nano instances - they are both inexpensive or free (if you sign up for the AWS Free Tier).

    Cut your teeth on them. Don't go straight for the GUI applications. Google can be your friend.

    Bonus points if you get Kerberos, LDAP, NFS, and BIND/ISC DHCP set up too.
    Q4 '18 Certification Goals: Cisco ICND2; JNCIA-Junos; Linux+; Palo Alto ACE

    2018-2020 Learning Goals: non-degree courses in math (Idaho, Illinois NetMath, VCU) and CS/EE (CU Boulder, CSU)
    in preparation for an application to MS Math + CS/EE dual-master's degree program at a US state school TBD by Q4'21

    To be Jedi is to face the truth...and choose.
    Give off light...or darkness, Padawan.
    Be a candle...or the night.
    (Yoda)
  • victor.s.andreivictor.s.andrei Posts: 70Member ■■■□□□□□□□
    paul78 wrote: »
    I will second that statement.

    @Kapital - if your intent is to learn the technology - there is no substitute for doing it yourself. And when you are stuck - that's a good time to ask the question.

    I can third that statement!

    There's a reason that it's challenging to teach troubleshooting (or debugging, if you're managing software code) - the only way to really learn it is, well, trial by fire. Better to experience trial by fire for the first time in a lab than in a production environment as the primary on-call at a Fortune 500, LOL.
    Q4 '18 Certification Goals: Cisco ICND2; JNCIA-Junos; Linux+; Palo Alto ACE

    2018-2020 Learning Goals: non-degree courses in math (Idaho, Illinois NetMath, VCU) and CS/EE (CU Boulder, CSU)
    in preparation for an application to MS Math + CS/EE dual-master's degree program at a US state school TBD by Q4'21

    To be Jedi is to face the truth...and choose.
    Give off light...or darkness, Padawan.
    Be a candle...or the night.
    (Yoda)
  • airzeroairzero Posts: 126Member
    I just bought an old HP proliant from Ebay (savemyserver.com has some great deals) and set up an small active directory environment on it. Once the domain was up and running, I added in a security onion server and throw a few sensors in the network for monitoring. Now I run through red teaming type scenarios using Kali linux and other tools (Powershell Empire, Cobalt Stike, etc.) to practice my pentesting skills, then go back and look through the alerts from snort and logs in the ELK stack. Great experience for learning more about windows, firewalls, routing, etc. as well as offensive/defensive practice. All it cost me was $200 and a bunch of time.

    Edit: The server may be a bit big and loud as a home lab, but I compensate by only having it turned on only when I'm using it so it's really not that bad.
  • KapitalKapital Posts: 33Member ■■□□□□□□□□
    I have managed to installed security onion but still facing configuration issues as mine is all in virtual box. I wish we had some cyber security labs setup for intrusion detection, SIEM, NSM etc. which one could access via web to practice the skills. Vulnhub is a similar lab that I know of but i dont think anyone has a lab similar to yours.
    airzero wrote: »
    I just bought an old HP proliant from Ebay (savemyserver.com has some great deals) and set up an small active directory environment on it. Once the domain was up and running, I added in a security onion server and throw a few sensors in the network for monitoring. Now I run through red teaming type scenarios using Kali linux and other tools (Powershell Empire, Cobalt Stike, etc.) to practice my pentesting skills, then go back and look through the alerts from snort and logs in the ELK stack. Great experience for learning more about windows, firewalls, routing, etc. as well as offensive/defensive practice. All it cost me was $200 and a bunch of time.

    Edit: The server may be a bit big and loud as a home lab, but I compensate by only having it turned on only when I'm using it so it's really not that bad.
Sign In or Register to comment.