'Re: [security-onion] Lab Network'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       security-onion
Subject:    Re: [security-onion] Lab Network
From:       Leding Tech <ledingtech () gmail ! com>
Date:       2019-05-31 22:06:15
Message-ID: 98aba6fa-864e-43bc-a53c-0c5caac43e31 () googlegroups ! com
[Download RAW message or body]


OK - so first, let me clarify...you have 4 distinct VMs each with a specific purpose \
(in parens).  Please correct as necessary:

(A) CentOS 7 (TARGET)
(B) Windows Server 2016 (TARGET)
(C) Kali (TOOLS machine; exec's nslookup, traceroute, etc.)
(D) Security Onion (SECURITY analysis; SNIFFING, etc.)

Presuming I have the above correct, I see no issues with having all 4 machines in the \
same subnet.  My network is very similar as I have a subnet that contains several \
potential targets as well as the SO-mgmt interface.  In that same subnet, I also have \
several tools machines that run various utilities.  In fact, given your constraints \
re: getting the traffic-to-be-analyzed back to your SO server, keeping the subnet'ing \
simple is probably best for now.  Just be aware that real-world enterprise scenarios \
are rarely that simple. 

Without seeing how the PHY connections are being architected, I can't really comment \
very much on how you will acquire the traffic for analysis.  Are all of the VMs on \
the same physical HW?  If so, then how many PHY ethernets are you using - perhaps 1 \
per VM and then 2 on the SO (for a total of at least 5)?  Please provide more on the \
PHY aspects of the setup and I can comment further.

As to using pfSense to mirror the traffic, this is definitely possible but it may not \
be necessary.  Again, I would need to understand more about the PHY before commenting \
and making any recommendations.

Tag...you're it :=)

-- 
Follow Security Onion on Twitter!
https://twitter.com/securityonion
--- 
You received this message because you are subscribed to the Google Groups \
"security-onion" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to security-onion+unsubscribe@googlegroups.com. To post to this \
group, send email to security-onion@googlegroups.com. Visit this group at \
https://groups.google.com/group/security-onion. To view this discussion on the web \
visit https://groups.google.com/d/msgid/security-onion/98aba6fa-864e-43bc-a53c-0c5caac43e31%40googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic