Internet security is becoming increasingly important, in our quickly growing world of technology. You definitely want to keep your data safe from people on the internet with malicious intent. This is especially important for outward facing networks, and networks allowing users to freely browse any sites. The intent of this write-up is to provide guidance for those curious about network security, and how you can lock down your network from attackers outside, and inside, your network.
The following build is going to provide the security necessary to allow you to monitor usage, watch for incoming malicious attacks, monitor data flowing through for potentially malicious softwares being downloaded, bandwidth usage, mitigate DDoS attacks, and use one workstation/desktop as a router. All of these things will happen on one computer, and I’ll walk you through the things necessary to implement each of these features. This post will provide information about the build, upcoming posts, over the next week(ish), will provide additional information about how exactly you can implement each of these services. Additionally, I’ll teach you how to set up a web interface for each of these services, so you can manage everything in one place without having to remote in to the machine.
Recommended Computer – Adamant Desktop
This computer will provide the necessary performance needed to perform all of these tasks, without running into any bottlenecks in performance. A substitute for this machine is this computer, it’s the same setup without the GTX 1070(not required).
Recommended Operating System – CentOs
This is the operating system I will be using during this whole walkthrough. I’ve always preferred CentOs, as RedHat Enterprise Linux is based off of community contributions to this OS. You will be able to use other operating systems, but the commands will be different when using others.
Snort will monitor the network for potential threats, this includes viruses that are in files being downloaded. It can be a replacement for antivirus software, but it’s not recommended. I would use this as a replacement for antivirus, when you don’t have control over what users are installing on their machines.
ntopng will analyze and log traffic, and has a web interface for viewing what is going on in your network.
DDoS Prevention – Following This Tutorial
This is a tutorial on a different blog, but I’ll write up a new one later on. We’ll be using IPTables, which is built in to Linux, for DDoS prevention. These will be guidelines to provide hardened security to our Linux system, and our network.
Linux Hardening – Following This Tutorial
This is another tutorial on a different blog. I’ll write my own version of this one as well. What we’re doing here is hardening CentOs, and removing any possible holes in our security.
CentOS Router – Following This Tutorial
You guessed it, another external blog link. I’m going to rewrite this one, and go a little more in depth with it. This tutorial kind of does a very brief overview of what we’ll actually be doing.
WebUI for Snort – Snorby
Snorby is a web interface for Snort, and we’ll be using this to access snort without having to remote into the Linux machine.
Uptime Monitoring – Monit
Monit provides a solution for monitoring of services, and reporting via email or sms when a service has been interrupted.
This is just the plan for the build, I have parts coming in today – and I’ll be adding more info regarding the usage and build for everything. Please subscribe below to watch it all unfold!