Talk2 esc4 muscl-ids_v1_2

S
Sylvain Martinez
{elysiumsecurity} INTRUSION DETECTION SYSTEM HOW TO SETUP A HOME IDS Version: 1.2a Date: 29/03/2018 Author: Sylvain Martinez Reference: ESC4-MUSCL Classification: Public cyber protection & response
{elysiumsecurity} cyber protection & response 2 EXAMPLESETUPCONCEPTCONTEXT • Overall Concept; • How does it work? • IDS Requirements; • Sample Dashboard. CONTENTS Public • Why setup an IDS? • What is an IDS? • What type of IDS? • Simple Architecture; • Installation; • Traffic Duplication; • Tuning; • Enhanced Architecture; • Going Further;
{elysiumsecurity} cyber protection & response 3 EXAMPLESETUPCONCEPTCONTEXT WHY SETUP AN IDS? Public KNOW WHEN YOUR NETWORK/COMPUTERS HAVE BEEN COMPROMISED IDENTIFY SUSPICIOUS APPLICATION ACTIVITIES KNOW WHEN YOUR NETWORK/COMPUTERS ARE UNDER ATTACK
{elysiumsecurity} cyber protection & response 4 WHAT IS AN IDS? Public An Intrusion Detection System (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Source: Wikipedia – Icons from the noun project unless specified otherwise EXAMPLESETUPCONCEPTCONTEXT
{elysiumsecurity} cyber protection & response 5 WHAT TYPE OF IDS? Public NETWORK IDS NIDS HOST IDS HIDS INTRUSION DETECTION SYSTEM IDS INTRUSION PREVENTION SYSTEM IPS EXAMPLESETUPCONCEPTCONTEXT
{elysiumsecurity} cyber protection & response 6 OVERALL CONCEPT Public IDS ANALYSIS NETWORK TRAFFIC INTERCEPTED TRAFFIC EXAMPLESETUPCONCEPTCONTEXT
{elysiumsecurity} cyber protection & response 7 HOW DOES IT WORK? Public 10101010 11111110 10101010 11111110 10101010 11111110 INSPECT TRAFFIC DETECT THREAT GENERATE ALERT SIGNATURES PATTERNS IDS ANALYSIS NETWORK TRAFFIC INTERCEPTED TRAFFIC EXAMPLESETUPCONCEPTCONTEXT
{elysiumsecurity} cyber protection & response 8 IDS REQUIREMENTS Public COVERAGE TRACKING TUNING - Internal Network Activities - (External Network -> IN) - What IP generated the alert? - What Host? - What are you interested the most? - Remove False Positives EXAMPLESETUPCONCEPTCONTEXT
{elysiumsecurity} cyber protection & response 9 SIMPLE ARCHITECTURE Public HOME NETWORK IDS INTERNET Traffic Analysis Signatures Patterns/ Behaviours Security Alerts Icons from VMWARE EXAMPLESETUPCONCEPTCONTEXT
{elysiumsecurity} cyber protection & response 10 INSTALLATION Public 1. IDS CHOICE - Security Onion (SO) https://securityonion.net/ - SELKS: https://www.stamus-networks.com/open-source/ 2. PLATFORM SETUP - Virtual Machine or Dedicated Server - 2x Network ports (Manage/Monitor) - Enough RAM (8Gb+) and Disk Space (50Gb) - To run 24/7 3. INSTALLATION - Best to keep default settings - Know in advance which network port will be your management port; - Use testmyids.com to validate your installation EXAMPLESETUPCONCEPTCONTEXT
{elysiumsecurity} cyber protection & response 11 TRAFFIC DUPLICATION Public 1. HARDWARE - Netgear GS105E - Mikrotik RB2011UiAS-2HnD-IN - Ubiquity Networks UNIFI Switch 2. DUPLICATION - Configure a TAP, SPAN or Mirror port - FROM: connection to your Internet Gateway - DESTINATION: Connection to your IDS Monitoring port 2. CONSIDERATION - Careful of VLANs -> Extra IDS configuration - Careful of NAT -> Limits visibility Video Link for Netgear Setup: https://www.youtube.com/watch?v=kCSRgbEMkWs EXAMPLESETUPCONCEPTCONTEXT
{elysiumsecurity} cyber protection & response 12 TUNING Public 1. TRACKING - NAT DISABLED - Fixed IP or - Reserved DHCP 2. CONFIGURATION - Local IP Subnet - Define critical hosts - Disable rules not needed 3. TUNING - Review alerts regularly and act on false positives - Rules Suppression - Rules Trigger setup tuning EXAMPLESETUPCONCEPTCONTEXT
{elysiumsecurity} cyber protection & response 13 ENHANCED ARCHITECTURE Public HOME NETWORK IDS INTERNET Traffic Analysis Signatures Patterns/ Behaviours Security Alerts Icons from VMWARE DHCP REQUEST DHCP SERVER ALLOWS IP VISIBILITY EXAMPLESETUPCONCEPTCONTEXT
{elysiumsecurity} cyber protection & response 14 GOING FURTHER Public • SELKS WIKI: https://github.com/StamusNetworks/SELKS/wiki • SECURITY ONION WIKI: https://github.com/Security-Onion-Solutions/security-onion/wiki • ELYSIUMSECURITY Installation Guide: https://www.elysiumsecurity.com/blog/Guides/post7.html EXAMPLESETUPCONCEPTCONTEXT
{elysiumsecurity} cyber protection & response 15 SAMPLE DASHBOARD Public EXAMPLESETUPCONCEPTCONTEXT
{elysiumsecurity} cyber protection & response © 2018 ElysiumSecurity Ltd. All Rights Reserved www.elysiumsecurity.com ElysiumSecurity provides practical expertise to identify vulnerabilities, assess their risks and impact, remediate those risks, prepare and respond to incidents as well as raise security awareness through an organization. ElysiumSecurity provides high level expertise gathered through years of best practices experience in large international companies allowing us to provide advice best suited to your business operational model and priorities. ABOUT ELYSIUMSECURITY LTD. ElysiumSecurity provides a portfolio of Strategic and Tactical Services to help companies protect and respond against Cyber Security Threats. We differentiate ourselves by offering discreet, tailored and specialized engagements. Operating in Mauritius and in the United Kingdom, our boutique style approach means we can easily adapt to your business operational model and requirements to provide a personalized service that fits your working environment.
1 of 16

Talk2 esc4 muscl-ids_v1_2

Download to read offline
Technology

An overview of what an IDS is and how to get started to set one up at home

S
Sylvain Martinez

Recommended

Open Source IDS - How to use them as a powerful fee Defensive and Offensive tool by
Open Source IDS - How to use them as a powerful fee Defensive and Offensive toolOpen Source IDS - How to use them as a powerful fee Defensive and Offensive tool
Open Source IDS - How to use them as a powerful fee Defensive and Offensive toolSylvain Martinez
474 views25 slides
Talk1 esc3 muscl-standards and regulation_v1_1 by
Talk1 esc3 muscl-standards and regulation_v1_1Talk1 esc3 muscl-standards and regulation_v1_1
Talk1 esc3 muscl-standards and regulation_v1_1Sylvain Martinez
196 views18 slides
Talk2 esc2 muscl-wifi_v1_2b by
Talk2 esc2 muscl-wifi_v1_2bTalk2 esc2 muscl-wifi_v1_2b
Talk2 esc2 muscl-wifi_v1_2bSylvain Martinez
285 views25 slides
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla... by
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...
BGA SOME/SOC Etkinliği - Tehdit Odaklı Güvenlik Mimarisinde Sourcefire Yakla...BGA Cyber Security
3.4K views48 slides
Cisco connect winnipeg 2018 accelerating incident response in organizations... by
Cisco connect winnipeg 2018 accelerating incident response in organizations...Cisco connect winnipeg 2018 accelerating incident response in organizations...
Cisco connect winnipeg 2018 accelerating incident response in organizations...Cisco Canada
1.3K views13 slides
Cisco ThreatGrid: Malware Analysis and Threat Intelligence by
Cisco ThreatGrid: Malware Analysis and Threat IntelligenceCisco ThreatGrid: Malware Analysis and Threat Intelligence
Cisco ThreatGrid: Malware Analysis and Threat IntelligenceCisco Canada
2.2K views12 slides

More Related Content

What's hot

PROGRAMMING AND CYBER SECURITY by
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYSylvain Martinez
234 views23 slides
OFFICE 365 SECURITY by
OFFICE 365 SECURITYOFFICE 365 SECURITY
OFFICE 365 SECURITYSylvain Martinez
457 views26 slides
Cisco Security Presentation by
Cisco Security PresentationCisco Security Presentation
Cisco Security PresentationSimplex
3.9K views52 slides
SourceFire IPS Overview by
SourceFire IPS OverviewSourceFire IPS Overview
SourceFire IPS OverviewGuardEra Access Solutions, Inc.
8.1K views7 slides
Presentation cisco cloud security strategy by
Presentation cisco cloud security strategyPresentation cisco cloud security strategy
Presentation cisco cloud security strategyxKinAnx
779 views17 slides
Sourcefire Webinar - NEW GENERATION IPS by
Sourcefire Webinar - NEW GENERATION IPSSourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSmmiznoni
3.9K views50 slides

What's hot(20)

PROGRAMMING AND CYBER SECURITY by Sylvain Martinez
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITY
Sylvain Martinez234 views
OFFICE 365 SECURITY by Sylvain Martinez
OFFICE 365 SECURITYOFFICE 365 SECURITY
OFFICE 365 SECURITY
Sylvain Martinez457 views
Cisco Security Presentation by Simplex
Cisco Security PresentationCisco Security Presentation
Cisco Security Presentation
Simplex3.9K views
SourceFire IPS Overview by GuardEra Access Solutions, Inc.
SourceFire IPS OverviewSourceFire IPS Overview
SourceFire IPS Overview
GuardEra Access Solutions, Inc.8.1K views
Presentation cisco cloud security strategy by xKinAnx
Presentation cisco cloud security strategyPresentation cisco cloud security strategy
Presentation cisco cloud security strategy
xKinAnx779 views
Sourcefire Webinar - NEW GENERATION IPS by mmiznoni
Sourcefire Webinar - NEW GENERATION IPSSourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPS
mmiznoni3.9K views
Advanced threat security - Cyber Security For The Real World by Cisco Canada
Advanced threat security - Cyber Security For The Real WorldAdvanced threat security - Cyber Security For The Real World
Advanced threat security - Cyber Security For The Real World
Cisco Canada6.4K views
Mfg workshop security by Robert Albach
Mfg workshop securityMfg workshop security
Mfg workshop security
Robert Albach38 views
Scalar Security Roadshow - Toronto Presentation by Scalar Decisions
Scalar Security Roadshow - Toronto PresentationScalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto Presentation
Scalar Decisions1.9K views
Cisco Security Architecture by Cisco Canada
Cisco Security ArchitectureCisco Security Architecture
Cisco Security Architecture
Cisco Canada15.9K views
CCNP Security-Firewall by mohannadalhanahnah
CCNP Security-FirewallCCNP Security-Firewall
CCNP Security-Firewall
mohannadalhanahnah7.5K views
Cisco's 2016 Annual Security report by Cisco Canada
Cisco's 2016 Annual Security reportCisco's 2016 Annual Security report
Cisco's 2016 Annual Security report
Cisco Canada582 views
Building Up Network Security: Intrusion Prevention and Sourcefire by Global Knowledge Training
Building Up Network Security: Intrusion Prevention and SourcefireBuilding Up Network Security: Intrusion Prevention and Sourcefire
Building Up Network Security: Intrusion Prevention and Sourcefire
Global Knowledge Training2.1K views
The Network as a Sensor, Cisco and Lancope by Cisco Enterprise Networks
The Network as a Sensor, Cisco and LancopeThe Network as a Sensor, Cisco and Lancope
The Network as a Sensor, Cisco and Lancope
Cisco Enterprise Networks2.2K views
Check Point mission statement by Moti Sagey מוטי שגיא
Check Point mission statementCheck Point mission statement
Check Point mission statement
Moti Sagey מוטי שגיא468 views
Check point response to Cisco NGFW competitive by Moti Sagey מוטי שגיא
Check point response to Cisco NGFW competitiveCheck point response to Cisco NGFW competitive
Check point response to Cisco NGFW competitive
Moti Sagey מוטי שגיא3.9K views
Moti Sagey CPX keynote _Are All security products created equal by Moti Sagey מוטי שגיא
Moti Sagey CPX keynote _Are All security products created equal Moti Sagey CPX keynote _Are All security products created equal
Moti Sagey CPX keynote _Are All security products created equal
Moti Sagey מוטי שגיא2.5K views
Ecosystem by Moti Sagey מוטי שגיא
EcosystemEcosystem
Ecosystem
Moti Sagey מוטי שגיא484 views
OFFENSIVE IDS by Sylvain Martinez
OFFENSIVE IDSOFFENSIVE IDS
OFFENSIVE IDS
Sylvain Martinez286 views
Build Redundant and Resilient Networks with Micro-Segmentation by Westermo Network Technologies
Build Redundant and Resilient Networks with Micro-SegmentationBuild Redundant and Resilient Networks with Micro-Segmentation
Build Redundant and Resilient Networks with Micro-Segmentation
Westermo Network Technologies252 views

Similar to Talk2 esc4 muscl-ids_v1_2

Chapter 5 overview by
Chapter 5 overviewChapter 5 overview
Chapter 5 overviewali raza
678 views79 slides
nsx overview with use cases 1.0 by
nsx overview with use cases 1.0nsx overview with use cases 1.0
nsx overview with use cases 1.0Ploynatcha Akkaraputtipat
834 views50 slides
TechWiseTV Workshop: Cisco TrustSec by
TechWiseTV Workshop: Cisco TrustSecTechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecRobb Boyd
1.4K views50 slides
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit... by
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...TI Safe
164 views16 slides
Review of network diagram by
Review of network diagramReview of network diagram
Review of network diagramSyed Ubaid Ali Jafri
1.1K views3 slides

Similar to Talk2 esc4 muscl-ids_v1_2(20)

Chapter 5 overview by ali raza
Chapter 5 overviewChapter 5 overview
Chapter 5 overview
ali raza678 views
Idps technology starter v2.0 by Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
Idps technology starter v2.0Idps technology starter v2.0
Idps technology starter v2.0
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS83 views
nsx overview with use cases 1.0 by Ploynatcha Akkaraputtipat
nsx overview with use cases 1.0nsx overview with use cases 1.0
nsx overview with use cases 1.0
Ploynatcha Akkaraputtipat834 views
TechWiseTV Workshop: Cisco TrustSec by Robb Boyd
TechWiseTV Workshop: Cisco TrustSecTechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSec
Robb Boyd1.4K views
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit... by TI Safe
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
CLASS 2018 - Palestra de Shad Harris (Senior Subject Matter Expert on Securit...
TI Safe164 views
Review of network diagram by Syed Ubaid Ali Jafri
Review of network diagramReview of network diagram
Review of network diagram
Syed Ubaid Ali Jafri1.1K views
Review of network diagram by Syed Ubaid Ali Jafri
Review of network diagramReview of network diagram
Review of network diagram
Syed Ubaid Ali Jafri1.2K views
Cisco.350-701.v2021-12-14.q124.pdf by RoysLoudes
Cisco.350-701.v2021-12-14.q124.pdfCisco.350-701.v2021-12-14.q124.pdf
Cisco.350-701.v2021-12-14.q124.pdf
RoysLoudes4 views
BSidesAugusta ICS SCADA Defense by Chris Sistrunk
BSidesAugusta ICS SCADA DefenseBSidesAugusta ICS SCADA Defense
BSidesAugusta ICS SCADA Defense
Chris Sistrunk3K views
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security by BGA Cyber Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
8 Ocak 2015 SOME Etkinligi - Cisco Next Generation Security
BGA Cyber Security2.8K views
TechWiseTV Workshop: OpenDNS and AnyConnect by Robb Boyd
TechWiseTV Workshop: OpenDNS and AnyConnectTechWiseTV Workshop: OpenDNS and AnyConnect
TechWiseTV Workshop: OpenDNS and AnyConnect
Robb Boyd2.4K views
Unidirectional Network Architectures by EnergySec
Unidirectional Network ArchitecturesUnidirectional Network Architectures
Unidirectional Network Architectures
EnergySec1.2K views
Data security in local network using distributed firewall ppt by Sabreen Irfana
Data security in local network using distributed firewall ppt Data security in local network using distributed firewall ppt
Data security in local network using distributed firewall ppt
Sabreen Irfana13.8K views
Day4 by Jai4uk
Day4Day4
Day4
Jai4uk630 views
Architecting Secure Web Systems by InnoTech
Architecting Secure Web SystemsArchitecting Secure Web Systems
Architecting Secure Web Systems
InnoTech1.7K views
Cisco Trustsec & Security Group Tagging by Cisco Canada
Cisco Trustsec & Security Group TaggingCisco Trustsec & Security Group Tagging
Cisco Trustsec & Security Group Tagging
Cisco Canada19.5K views
A modern approach to safeguarding your ICS and SCADA systems by Alane Moran
A modern approach to safeguarding your ICS and SCADA systemsA modern approach to safeguarding your ICS and SCADA systems
A modern approach to safeguarding your ICS and SCADA systems
Alane Moran299 views
Nozomi Networks SCADAguardian - Data-Sheet by Nozomi Networks
Nozomi Networks SCADAguardian - Data-SheetNozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks SCADAguardian - Data-Sheet
Nozomi Networks1.6K views
INSECS: Intelligent networks security system by Nadun Rajasinghe
INSECS: Intelligent networks security systemINSECS: Intelligent networks security system
INSECS: Intelligent networks security system
Nadun Rajasinghe87 views
security_assessment_report_nidhi yadav.pptx by Akttripathi
security_assessment_report_nidhi yadav.pptxsecurity_assessment_report_nidhi yadav.pptx
security_assessment_report_nidhi yadav.pptx
Akttripathi1 view

More from Sylvain Martinez

INTRODUCTION TO CRYPTOGRAPHY by
INTRODUCTION TO CRYPTOGRAPHYINTRODUCTION TO CRYPTOGRAPHY
INTRODUCTION TO CRYPTOGRAPHYSylvain Martinez
1.2K views21 slides
INCIDENT RESPONSE NIST IMPLEMENTATION by
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONSylvain Martinez
5.5K views27 slides
DATA LOSS PREVENTION OVERVIEW by
DATA LOSS PREVENTION OVERVIEWDATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEWSylvain Martinez
599 views21 slides
2019 CYBER SECURITY TRENDS REPORT REVIEW by
2019 CYBER SECURITY TRENDS REPORT REVIEW2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEWSylvain Martinez
1.8K views18 slides
INCIDENT RESPONSE CONCEPTS by
INCIDENT RESPONSE CONCEPTSINCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTSSylvain Martinez
1.3K views39 slides
PHISHING PROTECTION by
PHISHING PROTECTIONPHISHING PROTECTION
PHISHING PROTECTIONSylvain Martinez
2.3K views30 slides

More from Sylvain Martinez(20)

INTRODUCTION TO CRYPTOGRAPHY by Sylvain Martinez
INTRODUCTION TO CRYPTOGRAPHYINTRODUCTION TO CRYPTOGRAPHY
INTRODUCTION TO CRYPTOGRAPHY
Sylvain Martinez1.2K views
INCIDENT RESPONSE NIST IMPLEMENTATION by Sylvain Martinez
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATION
Sylvain Martinez5.5K views
DATA LOSS PREVENTION OVERVIEW by Sylvain Martinez
DATA LOSS PREVENTION OVERVIEWDATA LOSS PREVENTION OVERVIEW
DATA LOSS PREVENTION OVERVIEW
Sylvain Martinez599 views
2019 CYBER SECURITY TRENDS REPORT REVIEW by Sylvain Martinez
2019 CYBER SECURITY TRENDS REPORT REVIEW2019 CYBER SECURITY TRENDS REPORT REVIEW
2019 CYBER SECURITY TRENDS REPORT REVIEW
Sylvain Martinez1.8K views
INCIDENT RESPONSE CONCEPTS by Sylvain Martinez
INCIDENT RESPONSE CONCEPTSINCIDENT RESPONSE CONCEPTS
INCIDENT RESPONSE CONCEPTS
Sylvain Martinez1.3K views
PHISHING PROTECTION by Sylvain Martinez
PHISHING PROTECTIONPHISHING PROTECTION
PHISHING PROTECTION
Sylvain Martinez2.3K views
VIRTUAL CISO AND OTHER KEY CYBER ROLES by Sylvain Martinez
VIRTUAL CISO AND OTHER KEY CYBER ROLESVIRTUAL CISO AND OTHER KEY CYBER ROLES
VIRTUAL CISO AND OTHER KEY CYBER ROLES
Sylvain Martinez416 views
INCIDENT RESPONSE OVERVIEW by Sylvain Martinez
INCIDENT RESPONSE OVERVIEWINCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEW
Sylvain Martinez618 views
IOT Security by Sylvain Martinez
IOT SecurityIOT Security
IOT Security
Sylvain Martinez889 views
ARE YOU RED TEAM READY? by Sylvain Martinez
ARE YOU RED TEAM READY?ARE YOU RED TEAM READY?
ARE YOU RED TEAM READY?
Sylvain Martinez255 views
GDPR SECURITY ISSUES by Sylvain Martinez
GDPR SECURITY ISSUESGDPR SECURITY ISSUES
GDPR SECURITY ISSUES
Sylvain Martinez180 views
Mobile Security Assessment by Sylvain Martinez
Mobile Security AssessmentMobile Security Assessment
Mobile Security Assessment
Sylvain Martinez206 views
The Art of CTF by Sylvain Martinez
The Art of CTFThe Art of CTF
The Art of CTF
Sylvain Martinez223 views
Risk on Crypto Currencies by Sylvain Martinez
Risk on Crypto CurrenciesRisk on Crypto Currencies
Risk on Crypto Currencies
Sylvain Martinez650 views
INTRODUCTION TO CYBER FORENSICS by Sylvain Martinez
INTRODUCTION TO CYBER FORENSICSINTRODUCTION TO CYBER FORENSICS
INTRODUCTION TO CYBER FORENSICS
Sylvain Martinez1.1K views
Talk1 esc7 muscl-gdpr_debate_v1_2 by Sylvain Martinez
Talk1 esc7 muscl-gdpr_debate_v1_2Talk1 esc7 muscl-gdpr_debate_v1_2
Talk1 esc7 muscl-gdpr_debate_v1_2
Sylvain Martinez195 views
Talk1 esc7 muscl-dataprotection_v1_2 by Sylvain Martinez
Talk1 esc7 muscl-dataprotection_v1_2Talk1 esc7 muscl-dataprotection_v1_2
Talk1 esc7 muscl-dataprotection_v1_2
Sylvain Martinez183 views
Ethical Hacking by Sylvain Martinez
Ethical HackingEthical Hacking
Ethical Hacking
Sylvain Martinez249 views
INCIDENT HANDLING IN ORGANISATIONS by Sylvain Martinez
INCIDENT HANDLING IN ORGANISATIONSINCIDENT HANDLING IN ORGANISATIONS
INCIDENT HANDLING IN ORGANISATIONS
Sylvain Martinez158 views
SOCIAL MEDIA AS A CYBER WEAPON by Sylvain Martinez
SOCIAL MEDIA AS A CYBER WEAPONSOCIAL MEDIA AS A CYBER WEAPON
SOCIAL MEDIA AS A CYBER WEAPON
Sylvain Martinez278 views

Recently uploaded

Upskilling the Evolving Workforce with Digital Fluency for Tomorrow's Challen... by
Upskilling the Evolving Workforce with Digital Fluency for Tomorrow's Challen...Upskilling the Evolving Workforce with Digital Fluency for Tomorrow's Challen...
Upskilling the Evolving Workforce with Digital Fluency for Tomorrow's Challen...NUS-ISS
23 views70 slides
Top 10 Strategic Technologies in 2024: AI and Automation by
Top 10 Strategic Technologies in 2024: AI and AutomationTop 10 Strategic Technologies in 2024: AI and Automation
Top 10 Strategic Technologies in 2024: AI and AutomationAutomationEdge Technologies
13 views14 slides
Melek BEN MAHMOUD.pdf by
Melek BEN MAHMOUD.pdfMelek BEN MAHMOUD.pdf
Melek BEN MAHMOUD.pdfMelekBenMahmoud
14 views1 slide
PharoJS - Zürich Smalltalk Group Meetup November 2023 by
PharoJS - Zürich Smalltalk Group Meetup November 2023PharoJS - Zürich Smalltalk Group Meetup November 2023
PharoJS - Zürich Smalltalk Group Meetup November 2023Noury Bouraqadi
113 views17 slides
Throughput by
ThroughputThroughput
ThroughputMoisés Armani Ramírez
32 views11 slides
STPI OctaNE CoE Brochure.pdf by
STPI OctaNE CoE Brochure.pdfSTPI OctaNE CoE Brochure.pdf
STPI OctaNE CoE Brochure.pdfmadhurjyapb
12 views1 slide

Recently uploaded(20)

Upskilling the Evolving Workforce with Digital Fluency for Tomorrow's Challen... by NUS-ISS
Upskilling the Evolving Workforce with Digital Fluency for Tomorrow's Challen...Upskilling the Evolving Workforce with Digital Fluency for Tomorrow's Challen...
Upskilling the Evolving Workforce with Digital Fluency for Tomorrow's Challen...
NUS-ISS23 views
Top 10 Strategic Technologies in 2024: AI and Automation by AutomationEdge Technologies
Top 10 Strategic Technologies in 2024: AI and AutomationTop 10 Strategic Technologies in 2024: AI and Automation
Top 10 Strategic Technologies in 2024: AI and Automation
AutomationEdge Technologies13 views
Melek BEN MAHMOUD.pdf by MelekBenMahmoud
Melek BEN MAHMOUD.pdfMelek BEN MAHMOUD.pdf
Melek BEN MAHMOUD.pdf
MelekBenMahmoud14 views
PharoJS - Zürich Smalltalk Group Meetup November 2023 by Noury Bouraqadi
PharoJS - Zürich Smalltalk Group Meetup November 2023PharoJS - Zürich Smalltalk Group Meetup November 2023
PharoJS - Zürich Smalltalk Group Meetup November 2023
Noury Bouraqadi113 views
Throughput by Moisés Armani Ramírez
ThroughputThroughput
Throughput
Moisés Armani Ramírez32 views
STPI OctaNE CoE Brochure.pdf by madhurjyapb
STPI OctaNE CoE Brochure.pdfSTPI OctaNE CoE Brochure.pdf
STPI OctaNE CoE Brochure.pdf
madhurjyapb12 views
DALI Basics Course 2023 by Ivory Egg
DALI Basics Course 2023DALI Basics Course 2023
DALI Basics Course 2023
Ivory Egg14 views
METHOD AND SYSTEM FOR PREDICTING OPTIMAL LOAD FOR WHICH THE YIELD IS MAXIMUM ... by Prity Khastgir IPR Strategic India Patent Attorney Amplify Innovation
METHOD AND SYSTEM FOR PREDICTING OPTIMAL LOAD FOR WHICH THE YIELD IS MAXIMUM ...METHOD AND SYSTEM FOR PREDICTING OPTIMAL LOAD FOR WHICH THE YIELD IS MAXIMUM ...
METHOD AND SYSTEM FOR PREDICTING OPTIMAL LOAD FOR WHICH THE YIELD IS MAXIMUM ...
Prity Khastgir IPR Strategic India Patent Attorney Amplify Innovation25 views
Empathic Computing: Delivering the Potential of the Metaverse by Mark Billinghurst
Empathic Computing: Delivering the Potential of the MetaverseEmpathic Computing: Delivering the Potential of the Metaverse
Empathic Computing: Delivering the Potential of the Metaverse
Mark Billinghurst449 views
The details of description: Techniques, tips, and tangents on alternative tex... by BookNet Canada
The details of description: Techniques, tips, and tangents on alternative tex...The details of description: Techniques, tips, and tangents on alternative tex...
The details of description: Techniques, tips, and tangents on alternative tex...
BookNet Canada110 views
handbook for web 3 adoption.pdf by Liveplex
handbook for web 3 adoption.pdfhandbook for web 3 adoption.pdf
handbook for web 3 adoption.pdf
Liveplex19 views
Future of Learning - Khoong Chan Meng by NUS-ISS
Future of Learning - Khoong Chan MengFuture of Learning - Khoong Chan Meng
Future of Learning - Khoong Chan Meng
NUS-ISS31 views
Spesifikasi Lengkap ASUS Vivobook Go 14 by Dot Semarang
Spesifikasi Lengkap ASUS Vivobook Go 14Spesifikasi Lengkap ASUS Vivobook Go 14
Spesifikasi Lengkap ASUS Vivobook Go 14
Dot Semarang35 views
AI: mind, matter, meaning, metaphors, being, becoming, life values by Twain Liu 刘秋艳
AI: mind, matter, meaning, metaphors, being, becoming, life valuesAI: mind, matter, meaning, metaphors, being, becoming, life values
AI: mind, matter, meaning, metaphors, being, becoming, life values
Twain Liu 刘秋艳34 views
Voice Logger - Telephony Integration Solution at Aegis by Nirmal Sharma
Voice Logger - Telephony Integration Solution at AegisVoice Logger - Telephony Integration Solution at Aegis
Voice Logger - Telephony Integration Solution at Aegis
Nirmal Sharma17 views
Beyond the Hype: What Generative AI Means for the Future of Work - Damien Cum... by NUS-ISS
Beyond the Hype: What Generative AI Means for the Future of Work - Damien Cum...Beyond the Hype: What Generative AI Means for the Future of Work - Damien Cum...
Beyond the Hype: What Generative AI Means for the Future of Work - Damien Cum...
NUS-ISS28 views
AMAZON PRODUCT RESEARCH.pdf by JerikkLaureta
AMAZON PRODUCT RESEARCH.pdfAMAZON PRODUCT RESEARCH.pdf
AMAZON PRODUCT RESEARCH.pdf
JerikkLaureta14 views
Understanding GenAI/LLM and What is Google Offering - Felix Goh by NUS-ISS
Understanding GenAI/LLM and What is Google Offering - Felix GohUnderstanding GenAI/LLM and What is Google Offering - Felix Goh
Understanding GenAI/LLM and What is Google Offering - Felix Goh
NUS-ISS39 views
Transcript: The Details of Description Techniques tips and tangents on altern... by BookNet Canada
Transcript: The Details of Description Techniques tips and tangents on altern...Transcript: The Details of Description Techniques tips and tangents on altern...
Transcript: The Details of Description Techniques tips and tangents on altern...
BookNet Canada119 views
Roadmap to Become Experts.pptx by dscwidyatamanew
Roadmap to Become Experts.pptxRoadmap to Become Experts.pptx
Roadmap to Become Experts.pptx
dscwidyatamanew11 views

Talk2 esc4 muscl-ids_v1_2

  • 1. {elysiumsecurity} INTRUSION DETECTION SYSTEM HOW TO SETUP A HOME IDS Version: 1.2a Date: 29/03/2018 Author: Sylvain Martinez Reference: ESC4-MUSCL Classification: Public cyber protection & response
  • 2. {elysiumsecurity} cyber protection & response 2 EXAMPLESETUPCONCEPTCONTEXT • Overall Concept; • How does it work? • IDS Requirements; • Sample Dashboard. CONTENTS Public • Why setup an IDS? • What is an IDS? • What type of IDS? • Simple Architecture; • Installation; • Traffic Duplication; • Tuning; • Enhanced Architecture; • Going Further;
  • 3. {elysiumsecurity} cyber protection & response 3 EXAMPLESETUPCONCEPTCONTEXT WHY SETUP AN IDS? Public KNOW WHEN YOUR NETWORK/COMPUTERS HAVE BEEN COMPROMISED IDENTIFY SUSPICIOUS APPLICATION ACTIVITIES KNOW WHEN YOUR NETWORK/COMPUTERS ARE UNDER ATTACK
  • 4. {elysiumsecurity} cyber protection & response 4 WHAT IS AN IDS? Public An Intrusion Detection System (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Source: Wikipedia – Icons from the noun project unless specified otherwise EXAMPLESETUPCONCEPTCONTEXT
  • 5. {elysiumsecurity} cyber protection & response 5 WHAT TYPE OF IDS? Public NETWORK IDS NIDS HOST IDS HIDS INTRUSION DETECTION SYSTEM IDS INTRUSION PREVENTION SYSTEM IPS EXAMPLESETUPCONCEPTCONTEXT
  • 6. {elysiumsecurity} cyber protection & response 6 OVERALL CONCEPT Public IDS ANALYSIS NETWORK TRAFFIC INTERCEPTED TRAFFIC EXAMPLESETUPCONCEPTCONTEXT
  • 7. {elysiumsecurity} cyber protection & response 7 HOW DOES IT WORK? Public 10101010 11111110 10101010 11111110 10101010 11111110 INSPECT TRAFFIC DETECT THREAT GENERATE ALERT SIGNATURES PATTERNS IDS ANALYSIS NETWORK TRAFFIC INTERCEPTED TRAFFIC EXAMPLESETUPCONCEPTCONTEXT
  • 8. {elysiumsecurity} cyber protection & response 8 IDS REQUIREMENTS Public COVERAGE TRACKING TUNING - Internal Network Activities - (External Network -> IN) - What IP generated the alert? - What Host? - What are you interested the most? - Remove False Positives EXAMPLESETUPCONCEPTCONTEXT
  • 9. {elysiumsecurity} cyber protection & response 9 SIMPLE ARCHITECTURE Public HOME NETWORK IDS INTERNET Traffic Analysis Signatures Patterns/ Behaviours Security Alerts Icons from VMWARE EXAMPLESETUPCONCEPTCONTEXT
  • 10. {elysiumsecurity} cyber protection & response 10 INSTALLATION Public 1. IDS CHOICE - Security Onion (SO) https://securityonion.net/ - SELKS: https://www.stamus-networks.com/open-source/ 2. PLATFORM SETUP - Virtual Machine or Dedicated Server - 2x Network ports (Manage/Monitor) - Enough RAM (8Gb+) and Disk Space (50Gb) - To run 24/7 3. INSTALLATION - Best to keep default settings - Know in advance which network port will be your management port; - Use testmyids.com to validate your installation EXAMPLESETUPCONCEPTCONTEXT
  • 11. {elysiumsecurity} cyber protection & response 11 TRAFFIC DUPLICATION Public 1. HARDWARE - Netgear GS105E - Mikrotik RB2011UiAS-2HnD-IN - Ubiquity Networks UNIFI Switch 2. DUPLICATION - Configure a TAP, SPAN or Mirror port - FROM: connection to your Internet Gateway - DESTINATION: Connection to your IDS Monitoring port 2. CONSIDERATION - Careful of VLANs -> Extra IDS configuration - Careful of NAT -> Limits visibility Video Link for Netgear Setup: https://www.youtube.com/watch?v=kCSRgbEMkWs EXAMPLESETUPCONCEPTCONTEXT
  • 12. {elysiumsecurity} cyber protection & response 12 TUNING Public 1. TRACKING - NAT DISABLED - Fixed IP or - Reserved DHCP 2. CONFIGURATION - Local IP Subnet - Define critical hosts - Disable rules not needed 3. TUNING - Review alerts regularly and act on false positives - Rules Suppression - Rules Trigger setup tuning EXAMPLESETUPCONCEPTCONTEXT
  • 13. {elysiumsecurity} cyber protection & response 13 ENHANCED ARCHITECTURE Public HOME NETWORK IDS INTERNET Traffic Analysis Signatures Patterns/ Behaviours Security Alerts Icons from VMWARE DHCP REQUEST DHCP SERVER ALLOWS IP VISIBILITY EXAMPLESETUPCONCEPTCONTEXT
  • 14. {elysiumsecurity} cyber protection & response 14 GOING FURTHER Public • SELKS WIKI: https://github.com/StamusNetworks/SELKS/wiki • SECURITY ONION WIKI: https://github.com/Security-Onion-Solutions/security-onion/wiki • ELYSIUMSECURITY Installation Guide: https://www.elysiumsecurity.com/blog/Guides/post7.html EXAMPLESETUPCONCEPTCONTEXT
  • 15. {elysiumsecurity} cyber protection & response 15 SAMPLE DASHBOARD Public EXAMPLESETUPCONCEPTCONTEXT
  • 16. {elysiumsecurity} cyber protection & response © 2018 ElysiumSecurity Ltd. All Rights Reserved www.elysiumsecurity.com ElysiumSecurity provides practical expertise to identify vulnerabilities, assess their risks and impact, remediate those risks, prepare and respond to incidents as well as raise security awareness through an organization. ElysiumSecurity provides high level expertise gathered through years of best practices experience in large international companies allowing us to provide advice best suited to your business operational model and priorities. ABOUT ELYSIUMSECURITY LTD. ElysiumSecurity provides a portfolio of Strategic and Tactical Services to help companies protect and respond against Cyber Security Threats. We differentiate ourselves by offering discreet, tailored and specialized engagements. Operating in Mauritius and in the United Kingdom, our boutique style approach means we can easily adapt to your business operational model and requirements to provide a personalized service that fits your working environment.