Home lab hardware recommendations

[Walter White]

Hi,

My pfSense box blew up forcing me to rebuild my NSM lab, therefore I am posting for some recommendations because I desperately want to add Security Onion.

My pfSense box was built from an old Lenovo M58P Core2Duo w/8GB of RAM. I also have a Netgear GS108Tv2 switch and Asus RT-N66U WiFi AP. I have a mix of PC's, laptops, tablets and smartphones in the mix.

I'm wondering if I should buy another dedicated PC for SO, or scrap the Lenovo, buy a refurbished server and build an ESXi whitebox. That way I could virtualize both of them? Would SO integrate nicely with pfSense or should I use another Firewall distrubution?

Cost certainly plays a factor. This is just for a home lab where I am looking to run 2 or 3 separate networks with one isolated for malware analysis. I have no idea what the specs should be for my type of setup. Suggestions recommended and appreciated.


Regards,

[Jeff H]

Hi Walter,

I am currently running Security Onion and pfSense (along with a few other VMs) on an ESXi system at home. For about a year everything worked fine, recently I started having some issues but Doug was a huge help and I think we got things sorted out (https://groups.google.com/forum/#!topic/security-onion/1sDHn0AwDXc). I'm not sure where the networking problems were being introduced, pfSense, ESXi, switch, etc. but with the networking changes in the referenced thread things do seem to be working again.

For hardware I'm running a Supermicro Micro ATX board with the Intel Atom C2758 SOC. I spent about $800 on the motherboard/cpu combo, case, RAM, and hard drive. I don't have RAID, but for a home lab system I'm not too concerned about that (I think you could add a RAID 1 card if need be).

I've found it nice to have some extra RAM on the ESXi host so I can spin up other VMs to test things as needed.

If you're interested I can look up the exact parts/specs as I've found this system to be perfect for home use.

Jeff

[Walter White]

Sure, having the specs would be awesome. I've never built an ESXi Whitebox before and would rather avoid buying hardware that doesn't work. I can't afford to spend money just for proof of concept. Especially if I am going to drop a thousand bucks. It's hard enough passing that one by the wife (even though I bought her a new tablet this past xmas). I know I can buy a HP ML350 G6 w/2x Xeon and 72GB RAM refurbished for about $1000. Just gearing up to save for this, but I'm definitely leaning towards the ESXi idea.
How much RAM do you suggest for running SO and pfSense in order to have some decent performance for NSM?

[Kevin Branch]

Hi Walter,

You have lots of options.  I run a standalone Security Onion installation for my home environment as a VirtualBox VM right off of my main Windows 10 business desktop which I leave on all the time.  I normally give that VM a couple of cores, 8GB of memory, and space on a medium-sized SSD I've dedicated for VirtualBox use.  It keeps up very well and leaves me lots of room for snapshots and other VMs.  The dedicated SSD, plus plenty of spare cores and memory makes its impact on my general desktop performance essentially imperceptible.  

Kevin

--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.

[Jeff H]

On Tue, Feb 16, 2016 at 12:44 PM, Walter White <heisenbe...@gmail.com> wrote:

Sure, having the specs would be awesome. I've never built an ESXi Whitebox before and would rather avoid buying hardware that doesn't work. I can't afford to spend money just for proof of concept. Especially if I am going to drop a thousand bucks. It's hard enough passing that one by the wife (even though I bought her a new tablet this past xmas). I know I can buy a HP ML350 G6 w/2x Xeon and 72GB RAM refurbished for about $1000. Just gearing up to save for this, but I'm definitely leaning towards the ESXi idea.
How much RAM do you suggest for running SO and pfSense in order to have some decent performance for NSM?

That refurb HP would probably blow my Supermicro setup out of the water. This is the board I have http://www.supermicro.com/products/motherboard/Atom/X10/A1SRi-2758F.cfm

One of my requirements was that it be quiet, and this system is almost silent, but still has enough processing power.

I give Security Onion 16 GB RAM and have no packet loss. I think it could get by with less, but don't want to spend the time tuning it further.

Right now my pfSense is running with 4 GB RAM allocated in ESXi, but never uses much of that. On the pfSense I'm running Snort on the WAN interface in blocking mode with a small subset of rules as an IPS. 

The network it is monitoring only has a handful of devices but lots of streaming video. Looks like I do anywhere from 10-30GB of traffic per day.

Jeff

[Walter White]

Appreciating all the suggestions. The cheaper route for me might be to try running SO in VirtualBox. I have a Desktop lying around that has an Asus Maximus V Gene with a Core I5 & 16GB RAM. I never thought of running SO as a VBox instance, but if dedicating 8GB to a VM would be enough to get by then I might just give that a shot. The box is basically collecting dust anyway.