sec.lab

Current Home Lab Setup

Proxmox Server

https://www.proxmox.com/en/

Configuration

  • ZFS Mirrored OS boot

  • LVM Storage for VMs & Containers

    • Network Interfaces managed with OpenVSwitch (OVS)

      Interface
      Device
      Comment

      eno1

      OVS Port

      Proxmox Host NIC

      vmbr0

      OVS Bridge

      Local Network

      vmbr0_mgmt

      OVS IntPort

      Proxmox Management

      vmbr1

      OVS Bridge

      Subnets Bridge

      vmbr1_vlan_2

      OVS IntPort

      Test Network

      vmbr1_vlan_3

      OVS IntPort

      Isolated Network

    • OVS Mirrors all traffic on each VLAN to specified application hosts

Hosts

pfSense

https://pfsense.org

Acts as the firewall for the LAB network and VLANs

owlh

https://documentation.owlh.net/en/0.17.0/

Manages IDS probes using Suricata and Zeek. Handles centralized rule management and configuration management of IDS nodes.

2 network interfaces are configured to receive mirrored traffic from the Test and Isolated networks.

Wazuh

https://wazuh.com

Open Source SIEM

Monitors and alerts on threats throughout the network via ossec agents installed on each host.

MISP

https://www.misp-project.org

Malware Information Sharing Platform

Tracks and shares threat intelligence information.

Provides enrichment information regarding IOC's and malware via dns, ip, strings, etc.

theHive & Cortex

https://thehive-project.org

Manages threat case-management and relationships between organization, SIEM alerts, and MISP's API.

OpenCTI (in progress)

Open Cyber Threat Intelligence

https://docs.opencti.io/latest/

Miniflux

https://miniflux.app/

Self-hosted RSS feed aggregator

Used to keep track of current security trends, threats, and general cybersecurity information.

Windows 11

For testing purposes

Previous2. Users ManagementNextRSS Feeds

Last updated