Kaizen-R

Setting up a Home Lab (3/n)

Good to have an Access Point and an actual server I go through, indeed. At the very least, I have an iptables firewall blocking all incoming traffic to the AP from the external World.

But that’s not the goal in and of itself. This blog is about IT Security, yes, but ALSO and ABOVE ALL about analyzing data.

I justified this series of posts about “Setting up a Home Lab” PRECISELY because I wanted to set up a machine to GATHER data.

Good News: It works!

You will probably have skipped the details in the past couple of entries. I don’t blame you at all.

But let’s reconnect, shall we?

So one of the things that happened when I set up the AP is that one thing I needed was to bring up a DNS and a DHCP server.

Why is that sooooo great anyway?! Well, because now I see things.

All the connections from my laptop(s) and mobile device(s) can now go through this machine. Yes, I have a personal AND a work laptop AND so it goes for the mobile phones.

So as of now, I have:

  • Logs of the server itself (and other data: uptime, free, top, ps…)
  • Logs for all the blocked traffic coming from the rest of the World to my server
  • Logs for all the DNS connections made by my devices to the Internet
  • Logs for all the DHCP requests, i.e. I can tell who/what connects…

And more logs mean, essentially, more data to go through and analyze…

Without going any further, I can already get ideas for future visualizations to re-create in Shiny (maybe). For example, using Darkstat:

And I haven’t even started playing!

I’ll set up the grounds for future initiatives: let’s install Docker on the server! I just go on and follow the (VERY) easy guidelines from here:

https://docs.docker.com/engine/install/ubuntu/

Deploying our first Docker Container

apt-get remove docker docker-engine docker.io containerd runc

(Just in case)

And then I follow the steps of “Install using the repository”… Nothing to add, your Honor.

I’ll get back to that Docker setup later on. But to begin with, it has modified both the networks and the iptables rules… I’ll have to review those and make the best of it later-on (we’ll get to it eventually).

What else can I do?

I have bored you in the past with Netflow. Yes, I still believe there is value in Netflow (maybe not in my very simple lab, per-se, but the concept stands!). Let’s go for it:

apt-get install nfdump fprobe

Then I configure only a few settings for fprobe to point to the correct WIFI NIC, and to nfdump. A couple of “systemctl restart”, and we’re golden (all maybe a bit simplified):

 

 

Conclusions (for now)

I hope the above will help understand WHY I started working on a Home lab in the first place: To gather data and start analysing it.

Let’s hope I can use part of that data to show some analysis in future entries.

Nico

,
,