All of the readers of this blog – and by that I mean myself only – know that I recently moved to a new home. After lugging my server rack across the country, I had to take the time to assemble everything and to do it a little better this time.
First comes the wiring.
I bought a cheap rack from Amazon and a “patch panel” (it doesn’t actually have a punch – it takes ethernet on both sides). I wrote some labels and plugged things in. I’ve got some extra gear here that I had for CCNA studying that I may use in the future. For now I’ve got a full unifi stack, a UPS, and a Dell server. That Dell server has ESXi on it for hosting VMs. That was already done and I won’t be getting further into how that is done – plenty of other guides online!
Next I planned my network:
Pretty basic network setup! The USG is my firewall that feeds internet from the WAN into the switch which separates my network into different VLANs. I am using the 10.0.0.0 IP space and segmenting my devices from each other. Essentially I don’t trust the IOT devices and if they get infected I don’t want them to be able to communicate outside of my normal network. Outside of VLAN hopping, this mostly keeps me secure. I’ll be doing some packet captures and analyzing them in my SIEM in a later blog post.
Building these settings out in Unifi is pretty easy
You might notice that those subnets don’t match up with my diagram above – good thing this isn’t production or professional documentation!
The firewall rules are pretty basic and won’t be pictured here. Eventually as I start analyzing the traffic I’ll start restricting the IOT network to only communicate to the proper hosts on the proper ports – that will require some analysis
Josh's Cybersecurity Blog 