How do I get some hands on experience of expensive Information Security Devices

kabooter · September 2017

I want to significantly enhance my knowledge of several InfoSec tools and devices such as IPS/IDS/ Firewalls/ UAM / WAF/ DLP/ Load Balancers, SIEM (QRadar) etc.
However all these are very expensive. I don't have any chance of using these in my current job. Most educational places I called dont have these. I have tried to gain as much insight as possible from online books/ videos on udemy/ youtube etc. BUT how do I get some real time hands on experience?

Iristheangel · September 2017

Virtualize where possible, talk to sales engineers to get free virtualized software and/or eval licenses, etc. Usually requires a bit of resourcefulness and a virtualized environment you can stand up.

scaredoftests · September 2017

you can pay for 'labs' at measure up. Worth it.

TechGromit · September 2017

kabooter wrote: »

I want to significantly enhance my knowledge of several InfoSec tools and devices such as IPS/IDS/ Firewalls/ UAM / WAF/ DLP/ Load Balancers, SIEM (QRadar) etc.
However all these are very expensive. I don't have any chance of using these in my current job.

These devices are basically just servers with software.

Get yourself a used server off Ebay, something with two network interfaces.
Install some version of Linux
Get free / open source Linux software to practice on, Firewall, IDP, IPS, are all available, not sure about load balancers. The software may be different, but the principals are the same.

636-555-3226 · September 2017

download & play with security onion, opendns, splunk

dmoore44 · September 2017

For commercial software (ArcSight, QRadar, DLP), you don't.

However, there are usually open source equivalents to commercial software. Or, in some cases, the commercial software is just open source software sold with a support contract, or as some sort of pre-packaged appliance (Bro and SourceFIRE/Snort come to mind).

If you want experience with tools found in a SOC, give this a look: https://www.tripwire.com/state-of-security/security-data-protection/sweet-security-part-2-creating-a-defensible-raspberry-pi/

kabooter · September 2017

Thank you all for the informative replies, specially dmoore44 and TechGromit. I have quite a bit to look at now and hopefully this will be enough for me to have a good understanding of these devices and how they work.
On a related note, can someone please let me know how is TippingPoint 200E Intrusion Prevention System? I can buy one of these off a site for under $100

jamesleecoleman · September 2017

Buy the equipment.

-Get a server with atleast 64 gigs of ram.
-Build out a network.
-Buy some actual security products
-Get some trial/free security products
-Use VMs when you can

It's gonna cost some money but the more you can get your hands on, the better you're off.
I don't know where you live but Davenport University has hands on stuff. The networking program that they have is with Cisco and they have some good equipment and some security appliances from Cisco (ASAs) as well.

shochan · September 2017

kabooter wrote: »

I want to significantly enhance my knowledge of several InfoSec tools and devices such as IPS/IDS/ Firewalls/ UAM / WAF/ DLP/ Load Balancers, SIEM (QRadar) etc.
However all these are very expensive. I don't have any chance of using these in my current job. Most educational places I called dont have these. I have tried to gain as much insight as possible from online books/ videos on udemy/ youtube etc. BUT how do I get some real time hands on experience?

You could download & install Kali Linux on to a VM or physical server/beefy wkstn.
AND
https://kali.training/

Cheers & HI5!

cyberguypr · September 2017

Tons of free stuff out there: Security Onion, pfSense, Splunk, ELK stash, OSSIM, SNORT, SIFT, Kali, etc. In regards to equipment, if resources are limited feel free to start small and don't overthink it. Unless you want super speed, you don't need to go too crazy on hardware right from the get-go. My lab runs on a small Shuttle machine with an i7 and 16GB RAM. I spin things up and down as needed. Not the fastest in the world but when labbing I rarely need crazy amounts of CPU and RAM simultaneously. But if you can afford a good strong lab then definitely go for it. Once you master those free tools, the knowledge directly transfers to the big ticket tools that everyone and their mother uses.

I want to add that every single time I interview candidates for a security analyst position and ask about a lab, the vast majority (85%+) who claim to have one can't say what they have done. Saying "sure, I have a lab with Kali" is not the same as saying "I have installed Snort and Security Onion, sent the logs to Splunk, and created some intelligence and visualizations".

kabooter · September 2017

cyberguypr, shochan, jamesleecoleman - Thank you for your replies. I have already setup up a lab by buying a server with 16 GB and am dong CEH course labs on it. I also have router/ switch. However some of the more expensive but commonly used devices like IPS/IDS etc seemed to be out of reach. I will look into Security Onion, pfSense, Splunk, ELK stash, OSSIM, SNORT, SIFT. Hopefully this alongwith online videos will provide me with enough firepower to overcome interview challenges.

jamesleecoleman · September 2017

I also want to add that if you can, try to learn how this stuff works. Such as how information goes through the network and how websites works. It will help with troubleshooting and knowing whats going on in the background.

olaHalo · September 2017

Most vendors have virtual images you can download.
Setup a lab using something like Eve-NG or the better versions of VMware

kabooter · September 2017

Nice. Thank you all for replying. Quite a bit of info here. So it looks like that being self study would be a very good option for getting some hands on experience. I did setup a lab on dell workstation with i5 quad core, 1 TB HD and 12 GB RAM. Do I need 32 GB or 64 GB RAM if i need to setup some virtual windows vms on it?

triplea · October 2017

This is a great thread.

Im also wanting to grab some hands on knowledge here so is this feasible?

Thinking of building a microserver on a decent spec and having server 2012 or similar running on it and adding maybe 5 VMs so I can use the nessus home version to try out vunerabilities assesment. I could setup WSUS but Im fairly familiar so is there any other well known patching software out there that is free/free for home/30 day etc?

Im presuming I can add another VM to be my firewall, recommendations etc? Again presuming the firewall would have its outbound address as the internet address from the ISP and the internal network address as the one that is 'virtual' shared network for my server and VMs. Giving my guests the proxy of the server and pointing my server to the firewall then out to the web. Hope that makes sense.

Best monitoring software to use/report?

Im also going to try to VPN into this from other locations so is there a recommended VPN software for this the big companies use ( again demos please

or free )

I dont pay for a fixed IP address so is there anything that forwards via software ( I think there was something called noip before )
Really would like to get as much hands on as poss that relates to real experience same as OP

Cheers.

jamthat · October 2017

Haven't seen AWS mentioned yet. It's pay to play, but a lot of what you listed has pre-built AMI's you can spin up and screw around with for a few hours to at least become familiar with them. You'll also be getting exposure to AWS itself which is extremely good knowledge to have in general these days.

Just don't accidentally leave everything powered on!

How do I get some hands on experience of expensive Information Security Devices

Comments