This project aims to implement various aspects of a security operations center,tools used & methodologies using various open source technologies.This is simply my form of project based learning.
The main functions of a SOC are as follow:
- Take Stock of Available Resources.
- Preparation and Preventative Maintenance.
- Continuous Proactive Monitoring.
- Alert Ranking and Management.
- Threat response.
- Recovery and Remediation.
- Log Management.
- Intrusion prevention & detection with Snort.
- Vulnerability Scanner (OpenVAS).
- Network monitoring with Nagios. ----> Done.
- Maltego.(Perfoming reconnaisance)
- Firewall:
- Bandwidth control and monitoring.
- Web filtering.
- Internet aggregation and SD WAN.
- Logging.
- Sandboxing.
- Deep Packet Inspection.
- Splunk.
- ELK Stack for Log monitoring
To achieve practically I will have to set-up several virtual machines that will be act as independent servers.
Ubuntu server will be the logical choice because of its lightweight minimum requirments:
-
RAM: 512MB.
-
CPU: 1 GHz.
-
Storage: 1 GB disk space (1.75 GB for all features to be installed)