I’ve been very busy updating my home network infrastructure lately. I wanted to improve the zone separation, while at the same time providing a reasonably secure connection between my resources at home and my resources on the net.
Some of these changes include:
- Replacing my SSG-140-SH Firewall with a new SRX220H2 w/POE Firewall.
- Replacing my DELL 5448 Switch with a new Netgear GS724T Switch.
- Removing an old 4 port POE switch.
- Replacing my old VLAN setup (Main, Media, Utils) with my new VLAN setup (Main, Wireless, Media, Utils, LAB, VPN, Tunnel).
- Upgrading my old Dell 860 (250GB Raid1 and 8GB RAM) co-located server with a new SuperMicro based server that has 12TB of storage and 32GB of ram. This is split into virtualization images, so I’ll be able to work with Docker/CoreOS/KVM based technologies in my personal cloud. This is tied into my home network via an OpenSwan -> SRX IPSec tunnel. Additionally, the SRX will be able to provide dynamic SSL VPN capability for when I’m on the road.
All of the above gets added to my existing 12TB NAS, multiple POE wireless access points, and virtualization server.
I have a few more tweaks left to handle multicasting and cross-LAN traffic on the network, finishing up my log aggregation and analysis tools, as well CoreOS and Docker work for PaaS deployments. This should provide some nice resources for my security research.