Hello guys !
First of all sorry for my English if there are some mistakes, English is not my native language.
I looked for this topic with the search tool and didn’t find anything really useful. I’m currently trying to grow up in the IT field, especially in the security field, so I’m working on home labs to increase my skills.
Regarding that, I’m looking to install Suricata and learn how it works, but in a professional way (didn’t read the documentation for the time being but I’m gonna for sure, the entire documentation !).
However, I would first like to know where I should put my NIPS system on my network’s topology ?
I’m currently working from my main computer, through VMware Workstation, but I’m pretty sure I’ll encounter lot of problems regarding the network part as I’m not able to configure the entire TCP/IP spectrum on it. So I plan to build a new host machine, which will run ESX, and then run my VMs over it, however I’m thinking that having a dedicated host with Suricata installed on it, and 2 NIC, could be greater option, what do you think about ? Which option is the most appropriated on a real case scenario (like in companies, etc) ?
Should I bother to install it on a VM, without being able to configure the network part as I’m only on VMware workstation, or should I wait to get a dedicated host ?
My current topology is WAN > ISP ROUTER > FORTIGATE > LAN, and I think the best place for Suricata would be between the Fortigate and the LAN.
I though about Minisforum’s computers, as most of them have 2 built-in NIC (one for external traffic, and the other for internal traffic).
Let me know, if there are any documentations to read, it doesn’t bother me, I want to learn as much as I can about Suricata in order to get more skills and one day to work in security :bust_in_silhouette:
Thanks guys, I hope to learn lot of things here !