I finally decided to write something about my home lab and what I actually have running in my home. I had previously indeed made a post that I had done documentation, but this was just more for internal record keeping in case I forget something 😁

High Level Description

My home network generally consist of two segments which are separated from each other via firewall, there is the basic consumer home network side which has a pretty standard plug and play setup for wifi appliances like mobile devices, camera, smart TV, robot vacuum etc IOT devices. And then there is my more secure segment, which has separated network zones for servers, PC, management laptop, work laptop, and other things which one would like to have behind a firewall.

Basic idea for my home lab was to create myself a more secure environment for fooling around and testing security tools, practice setting up the networks, have useful servers for the home, design and document the process and it's components, and testing anything that might pop into my head. 

Diagram

Device Assets

DNS

Raspberry Pi 4 Model B

DNS Server is a which has a pretty basic PiHole configuration running on it, so blocking ADs and providing DNS services, using Cloudflare as the upstream DNS Servers.
Additionally hosts a local internal DNS zone for secmark.fyi to make server assets more readily available.

SIEM Server

Old ass HP Pavilion p6240sc

This old hunk of junk is from like 2009 and rocking Phenom 2. Got it from my mom in case I had any use for it and it actually ended up being in my junk corner for a good amount of time. UNTIL. I decided that I want to build a SIEM server.
So now it is rocking an ubuntu server with Elastic, the original RAM as you might imagine made the entire server reeeally slow, so I bought few extra 8 GB sticks from some local guy selling them in the internet, and now it is responsive.
One might think that no way this old machine is able to run Elastic, yeah well, doesn't even get close to minimum requirements listed on their website, but seems to be running just fine in this small environment.
The original hard drive however did get busted during April fools day... so I had to spend couple of days recovering the data and building the logical volumes into the new disk manually... it was way past using any cloning tools, trust me, I tried.

The SIEM itself currently is ingesting logs from the firewall, my PC (Elastic Security Client), DNS and next in turn would be the NAS logs.
I've enabled a good number of built-in rules in the Elastic Security and created a few myself to have some level of baseline alerting capability in place. So far only two security incidents raised, both benign.

This server is additionally running the DDoSsia Monitor tool alerting service. https://github.com/secmark-tools/secmark-DDoSsiaMonitor

Specs:
AMD Phenom(tm) II X4 810
16 GB RAM (DDR3)
500GB LVM (Some old Seagate)
Ubuntu Server

TrueNAS SCALE

Custom Server built from old parts

With all the cloud storage solutions like Google Drive, Microsoft OneDrive etc. costing like 100 € per year, I've long considered building a NAS server just to get a place for all my memories without having the risk of losing all of them if a payment fails and I miss a reminder email, or some other similar stupid reason.
Earlier when I found out that I'm getting a baby, it was the final trigger for me to get it sorted, so I spent months looking for good deals on WD red drives and stacking them on my table for setting up a raid setup, ensuring redundancy for all the data. So now I have few TB of storage of which I've so far used 0.9 %, after filtering out all the blurry and bad pictures I've taken over the years. Some of them still on old phones, but all in due time 😁.
Still three disks sitting on the background in case I need to expand the storage, or if a disk fails and I need to replace one.

Specs:
i7-2600K
12 GB RAM (DDR3)
500GB OS Disk (some old Seagate I had laying around)
3 TB (RAID 1)
TrueNAS SCALE

My haxxxor laptop

MSI GL62 6QD

Using this as a management device for setting up all the firewall rules, or if outside of the management network I use it for bughunting and stuff like that.

PC

Acer Nitro N50-650

Yeah, I haven't bothered to build my past two PCs, such good Black Friday sales 😂. I use this for accessing the SIEM server and doing some small virtualization projects, I have few CTF machines and a Spiderfoot server.

Network Devices

Sorry keeping this section a bit shorter, don't want to give too much out 😉

WAN Routers

Huawei + ZTE((B)(BU) & Valoo WIFI Mesh + Nokia(B)

Basically the WAN routers on the edge of my home network, pretty basic DHCP & DNS setup for regular devices in that network. No port triggers/forwards in place.

Firewall

Zywall

Got one for an excellent price and wanted a firewall for this lab so a great choice with all requirements I needed.

Switch

Netgear

Needed the possibility of having few extra ports available for this firewall zone for when I extend my server inventory or if I have a small LAN party with a friend or two.

Networking

When it comes to the home network segment everything is really relaxed, but one the more secure side on the firewall I've planned everything a bit more strict.

I've started creating everything from scratch starting with a deny all catch at the bottom.
Idea is that DNS and NAS can be accessed more freely as core services in their respective network ports, while preventing other discussions between the network zones. and only allowing management accesses to management interfaces (HTTP/S and SSH) from management devices of the specific server assets.

Why not everything behind the firewall & Threats?

I have a SIEM behind the firewall and I'm logging a good number of things happening on the servers and network, so to keep the answer short and simple, I respect the privacy of my family members and guests enough not to log their activities when they are using the internet and internal services within the house.
Main priority being to have myself a separate more secured network area, and since I'm not publishing anything directly to the internet I feel that the router firewall is sufficient for the home network and a firewall for my network is more than sufficient security layer.

Main threat is missing visibility for home network in case an IOT device or a mobile device is breached, so I will not have immediate knowledge if an asset in the home segment is breached, but this is mitigated by separate security monitoring rules identifying unexpected traffic at the firewall in case breach attempts were attempted from the home network towards the firewall or assets behind it, so I'll at least be aware if post initial access lateral movements were to happen towards the more protected assets.

What next?

I have one motherboard on the shelf waiting for a stock cooler and a cheap hard drive and I'll spin up a Proxmox server for my virtualization projects so I don't have to keep playing with them on the PC.

Bringing some of the IOT devices from the home network into a separate zone behind the firewall.