Month 3 – Network Defense & IDS/IPS
Strengthen your homelab’s perimeter and internal visibility by deploying intrusion detection and prevention systems, packet capture, and threat intelligence integration.
Overview What you will accomplish
Month 3 focuses on network‑level defense and detection. You’ll deploy IDS/IPS sensors, capture and analyze traffic, and integrate threat intelligence feeds into your SIEM for enriched detection.
- Deploy and configure IDS/IPS sensors (Suricata or Snort).
- Capture and analyze network traffic using Wireshark and Zeek.
- Integrate threat intelligence feeds into your SIEM.
- Correlate network events with host‑based alerts.
- Simulate network attacks and validate detection accuracy.
Labs Week‑by‑week breakdown
Week 9 – IDS/IPS Deployment & Configuration
Deploy Suricata or Snort on a dedicated VM, configure network interfaces for mirrored traffic, and validate alert generation for test packets.
Week 10 – Packet Capture & Traffic Analysis
Use Wireshark and Zeek to capture and analyze traffic patterns, identify anomalies, and export PCAPs for SIEM ingestion.
Week 11 – Threat Intelligence Integration
Integrate open‑source threat feeds (AlienVault OTX, AbuseIPDB) into your SIEM and IDS to enrich alerts with external context.
Week 12 – Network Attack Simulation & Detection Validation
Simulate port scans and exploit attempts using controlled tools (Nmap, Metasploit) and validate IDS/IPS and SIEM correlation accuracy.