Z
Z
Zach's Book
Search
K

Future Goals

These are things I have not implemented yet but want to/have plans to implement in the future
I just want to preface this section by saying yes, some of this is absolutely overkill for a small network and I know that. Some of these projects may never happen and some might get abandoned once I realize they don't work well on my network however I still want to try because all of the below projects will be fun to try to accomplish and I'm sure I'll learn a fair bit in the process of completing them.

Role-Based Access

Since I am running VMWare ESXi on my server, there are quite a few different features than you have at your disposal that might not come up when only 1 person is using the server. While trying to set up access for some classmates to practice for the NCL (National Cyber League) I found out that you could make "roles" and then assign users to those roles to quickly give them very specific permissions on the server. I have not delved too far into it however I would like to get it set up so that I can offer it as a space for friends to remotely connect to and start working alongside me as opposed to just sharing out a screen while I work. I think being able to do this would go extremely far for collaborative learning which I am all about so once I get my new security gateway I definitely plan on setting this up.

Full Active Directory domain

I currently have several Windows Server VMs in my lab that I experiment with however I do not have a full AD environment set up yet. For me to set it up the way I want to, I need to set up a VLAN for my lab to contain the AD environment and then set up an edge router to properly route my traffic out of my home network. Once that is set up I can run more sophisticated attacks on a more sophisticated environment to more closely simulate real attacks.

VLANs

As I mentioned above I need to set up VLANs on my network for several reasons. First, I want to sequester any IOT devices on to their own subnet so they cannot be used to gain access to my primary subnet. Second, as I stated above I want to make a subnet specifically for my lab. This way regardless of what I'm doing, I will not endanger my primary network especially if I'm doing something like analyzing malware that could potentially propagate itself through the network to other devices. Obviously I can disable NICs on VMs but it's always better to be safe than sorry :). I plan on doing this with some Unifi equipment from Ubiquiti once I save up enough to buy what I want (first is the security gateway with a built in unifi controller but they're sold out at the moment). Once I have the proper equipment I'll work on segmenting the network and creating whatever static routes I need so I can still do things like manage my server.

IDS/IPS

I currently have a version of this up and running on my firewall that's currently in place but I want a standalone product that I've been doing some research on. I would like to set up a dedicated box running Suricata on it that will monitor all traffic going in and out of the security gateway. With the Unifi equipment I should be able to set up port mirroring which will allow me to send a copy of all the packets sent in and out of my network to my Suricata device. Once it goes to that device, Suricata will analyze the traffic and report on it. It's a powerful tool that can export in formats like JSON so if I want to incorporate an open-source SIEM down the road like Alien-Vault OSSIM then I have that option with little extra configuration required.

SYSLOG Server

I would like to get a server up and running where I can forward logs from multiple devices to have one easy spot to look for any log information. There are some nice options available that I've seen such as Kiwi however I haven't decided what I want to use yet. Once I have all of the logs in one place it becomes much easier to do any analysis on them and create alerts or forward to a SIEM.

SIEM

As I mentioned in the IDS/IPS section above, I want to eventually get a SIEM up and running that can log any events for me to look at when I have time. Technically I have AlienVault OSSIM running on an old micro-pc in my network rack right now however it's not configured to do much right now and I'm pretty sure I set a few things up incorrectly with it so eventually I'll start over with a fresh install and do it properly.