Who Am I?
* If you already have a TAP setup
• Understand why you need an IDS;
• How everyone can get started with a free IDS;
• This dashboard in your home/company in less than 2h!*
Today’s Cyber Security Risk Context
Cyber Security Risks’ probability and impact are increasing.
Their ability to disrupt companies business operation have
growing financial, reputational and legal negative consequences;
This overall diagram is copyright Elysiumsecurity LTD and can only be re-used if the source is referenced as: Sylvain Martinez, https://www.elysiumsecurity.com
Importance of Detection
PREVENT DETECT RESPOND
DETECTION allows you to know there is a problem,
and that you need to do something!
IDS? What IDS?
• Snort based engine;
• Suricata based engine;
• Suites of software available as VM:
- Security Onion (SO): https://securityonion.net/
- SELKS: https://www.stamus-networks.com/open-source/
• Great community is here to help;
• Authors are very active;
• Professional support available from them too;
• Various install guide available: https://www.elysiumsecurity.com/blog/Guides/post7.html
• TAP/Span port on key egress points
• Corporate Solutions
- Dedicated hardware
- Soft Config in most switch (Ubiquity Networks, CISCO...)
• Home Solutions:
- Netgear GS105E
- Mikrotik Router
• IP/Asset inventory software
• - Network dedicated
• - Part of wider asset inventory
• Mac Address Fingerprinting
• Fixed IP
• Reserved DHCP
• Is that a false positive?
• Is that normal behaviour?
• Is the end point targeted critical?
• Is this a configuration issue?
• Have we seen this before?
• Network Topology knowledge;
• Asset owner knowledge;
• Application owner knowledge;
• Business analyst contact;
• Cyber Security knowledge.
IDS Defensive Benefits
• Alerts you of Cyber Security attacks;
• Alerts you of Cyber Security issues;
• Finds vulnerable hosts on your network;
• Finds vulnerable applications on your network;
• Monitors network flow behaviours;
• Monitors network ports activity;
• Monitors network traffic;
• Monitors file transfers;
• Establish network entity relationships;
• Physical Access required in most cases
• TAP traffic against key targets
• Powered/Unpowered solutions
• Dummy Capture Devices:
• - Small Router;
• - Throwing Star LAN;
• Intelligent Capture Devices:
• - Raspberry Pi;
• - Hak5 Packet Squirrel.
IDS Offensive Benefits
• Speed up Network Traffic Analysis;
• Identify interesting timelines;
• Identify targets of interest;
• Identify vulnerabilities to exploit;
• Extract sensitive information;
• Profile users and applications;
• Free IDS available;
• Pre-configured and easy to deploy;
• Provide good defensive visibility and alerts;
• Provide good offensive capabilities;
• Instant returned value;
• Try one today!
cyber protection & response