Do You Monitor Your Home Network?

the_Grinch

So do you monitor your home network? If so to what extent? Full tilt? Netflow, IDS, etc?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

Doyen

Putting labbing aside (has access to online if needed), I really do not monitor my home network with IDS, IPS, netflow, and such. The only real monitoring I do is through my firewall and through my router seeing what devices are wireless connected to my devices or ports to close/open.

YFZblu

I would, if I wasn't already doing network security monitoring for a living. I have to draw the line somewhere, otherwise I'd go insane.

wastedtime

I use too.... I have been wanting to set it up again. I had a FreeBSD box that had rotating pcap, BroIDS, few other small tools running. The box had bridged ports and would capture off of that. I had a bash script I that I could use to query the rotating pcap when I found something interesting in the IDS logs. The script would use tcpdump or tshark to parse through the required logs for the time frame specified and **** the pcap. I could then ssh the pcap back to my system. Only thing I remember finding was:
- Someone infected with SQL Slammer that tried to hit me with it
- Some odd CDN stuff that wasn't anything malicious
- My network printer sending runt packets due to not padding
- My access point sending packets to 127.0.0.1

Other then that the only thing I ran was some fairly extensive access/access-list logging on my router.

Qord

I do, but not extensively. I allow incoming rdp to a couple machines at home from a handful of remote networks, and I'm adequately paranoid about it. I also have some work at home for testing (aruba gear) and can have multiple wireless networks going at any time, so I definitely pay attention to who has or has tried to connect to any wireless network I've got here.

DevilWAH

quite enough of that at work !!

Deathmage

I took the Sonicwall Certification and I use dual TZ 210 Sonicwall Firewalls at home.

When the Zero Day a few days ago hit, my girlfriend was surfing on IE and she got attacked but I had IPS enabled on the Sonicwall and they block it.

as some of you know I also employ a few used 2nd generation R610's and countless switches and AP's so I like to keep current with stuff, lets just say the 48U Dell rack with 48 port punchdown in the basement is a bit overkill for a house... :P - but I do have a RJ45 in every room.

QHalo

My Palo Alto is the only thing monitoring anything.

Doyen

That is quite impressive DeathMage!

cyberguypr

I monitor uptime and do alerting using the free tier from Monitor.us. I deployed security onion to a VM on my DMZ just to see what kinds of crap are out there.

OfWolfAndMan

I check my router for unusual connected devices occasionally. Other than that, I know where I shouldn't tread. I'll probably know when someone's out to get me.:D

gbdavidx

Deathmage wrote: »

I took the Sonicwall Certification and I use dual TZ 210 Sonicwall Firewalls at home.

When the Zero Day a few days ago hit, my girlfriend was surfing on IE and she got attacked but I had IPS enabled on the Sonicwall and they block it.

as some of you know I also employ a few used 2nd generation R610's and countless switches and AP's so I like to keep current with stuff, lets just say the 48U Dell rack with 48 port punchdown in the basement is a bit overkill for a house... :P - but I do have a RJ45 in every room.

Do you need two? Could you just get away with one?

paul78

gbdavidx wrote: »

Do you need two? Could you just get away with one?

Doesn't everyone have 2 of everything?

How else would you handle the high-availability scenarios if the monitoring detected a failure of a component?