[prev in list] [next in list] [prev in thread] [next in thread]
List: security-onion
Subject: Re: [security-onion] Lab Network
From: Leding Tech <ledingtech () gmail ! com>
Date: 2019-05-31 22:06:15
Message-ID: 98aba6fa-864e-43bc-a53c-0c5caac43e31 () googlegroups ! com
[Download RAW message or body]
OK - so first, let me clarify...you have 4 distinct VMs each with a specific purpose \
(in parens). Please correct as necessary:
(A) CentOS 7 (TARGET)
(B) Windows Server 2016 (TARGET)
(C) Kali (TOOLS machine; exec's nslookup, traceroute, etc.)
(D) Security Onion (SECURITY analysis; SNIFFING, etc.)
Presuming I have the above correct, I see no issues with having all 4 machines in the \
same subnet. My network is very similar as I have a subnet that contains several \
potential targets as well as the SO-mgmt interface. In that same subnet, I also have \
several tools machines that run various utilities. In fact, given your constraints \
re: getting the traffic-to-be-analyzed back to your SO server, keeping the subnet'ing \
simple is probably best for now. Just be aware that real-world enterprise scenarios \
are rarely that simple.
Without seeing how the PHY connections are being architected, I can't really comment \
very much on how you will acquire the traffic for analysis. Are all of the VMs on \
the same physical HW? If so, then how many PHY ethernets are you using - perhaps 1 \
per VM and then 2 on the SO (for a total of at least 5)? Please provide more on the \
PHY aspects of the setup and I can comment further.
As to using pfSense to mirror the traffic, this is definitely possible but it may not \
be necessary. Again, I would need to understand more about the PHY before commenting \
and making any recommendations.
Tag...you're it :=)
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups \
"security-onion" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to security-onion+unsubscribe@googlegroups.com. To post to this \
group, send email to security-onion@googlegroups.com. Visit this group at \
https://groups.google.com/group/security-onion. To view this discussion on the web \
visit https://groups.google.com/d/msgid/security-onion/98aba6fa-864e-43bc-a53c-0c5caac43e31%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic