This document provides instructions for setting up a virtual lab environment to explore network security monitoring and compliance standards. It involves creating two Ubuntu client VMs, a Security Onion VM for security monitoring, and installing Splunk on the Security Onion VM. Detailed steps are provided to install and configure Security Onion and Splunk, including enabling various security monitoring tools on Security Onion and downloading required Splunk apps. The purpose is to expose students to security monitoring details required by compliance standards and assist in creating a final logging standard.
TECHNICAL WHITE PAPER▶ Applying Data Center Security with VMware NSXSymantec
With SDDC, there is even more demand for application to be made available at the speed of business leading to automation in orchestration and deployment. This has enabled IT organization to be agile and lower their time to market. However we continue to see security as a bottleneck.
Symantec Datacenter Secuity:Server removes this bottle neck by lowering security tax by providing threat protection with best in class AV scan engine of Symantec. It leverages VMware NSX Service Composer to automate and orchestrate security policies i.e. mapped to security groups. It follows the best practices of VMware NSX to deliver agentless malware protection for workloads on Software Defined Data Center.
UEFI Firmware Rootkits: Myths and RealitySally Feller
Earlier this month, we teased a proof of concept for UEFI ransomware which was presented at RSA Conference 2017. The HackingTeam, Snowden, Shadow Brokers, and Vault7 leaks have revealed that UEFI/BIOS implants aren't just a theoretical concept but have actually been weaponized by nation states to conduct cyber espionage. Physical access requirements are a thing of the past, these low level implants can be installed remotely by exploiting vulnerabilities in the underlying UEFI system.
Today at BlackHat Asia 2017, we are disclosing two vulnerabilities in two different models of the GIGABYTE BRIX platform:
GB-BSi7H-6500 – firmware version: vF6 (2016/05/18)
GB-BXi7-5775 – firmware version: vF2 (2016/07/19)
TECHNICAL WHITE PAPER▶ Applying Data Center Security with VMware NSXSymantec
With SDDC, there is even more demand for application to be made available at the speed of business leading to automation in orchestration and deployment. This has enabled IT organization to be agile and lower their time to market. However we continue to see security as a bottleneck.
Symantec Datacenter Secuity:Server removes this bottle neck by lowering security tax by providing threat protection with best in class AV scan engine of Symantec. It leverages VMware NSX Service Composer to automate and orchestrate security policies i.e. mapped to security groups. It follows the best practices of VMware NSX to deliver agentless malware protection for workloads on Software Defined Data Center.
UEFI Firmware Rootkits: Myths and RealitySally Feller
Earlier this month, we teased a proof of concept for UEFI ransomware which was presented at RSA Conference 2017. The HackingTeam, Snowden, Shadow Brokers, and Vault7 leaks have revealed that UEFI/BIOS implants aren't just a theoretical concept but have actually been weaponized by nation states to conduct cyber espionage. Physical access requirements are a thing of the past, these low level implants can be installed remotely by exploiting vulnerabilities in the underlying UEFI system.
Today at BlackHat Asia 2017, we are disclosing two vulnerabilities in two different models of the GIGABYTE BRIX platform:
GB-BSi7H-6500 – firmware version: vF6 (2016/05/18)
GB-BXi7-5775 – firmware version: vF2 (2016/07/19)
5th Chapter of "Unified Communications with Elastix" Vol.1
(Version: Elastix 2.2)
We recommend to read the chapter along with the presentation.
http://elx.ec/chapter5
This deck shows some typical installation options introduced with Oracle RAC 11g Release 2 (11.2.0.1). Later patch sets influenced the installation marginally.
In This PPT we are discussed about complete details of that product (Use,Operation, Technical details, Dimensions, Wiring, and etc..)
Please Support us and Follow our other Sites
https://automationtechplc2.blogspot.com
https://humidificationcontrol.blogspot.com
https://controlsandsystems.business.site
If you enjoyed this article, share it with your friends and colleagues.
I am the authorized K-12 representative in South Carolina for eInstruction by Turning Point.
Bill McIntosh
SchoolVision Inc..
Authorized K-12 Consultant for eInstruction by Turning Technologies
Phone :843-442-8888
Email :WKMcIntosh@Comcast.net
Twitter : @OtisTMcIntosh
SchoolVision Website on Facebook: https://www.facebook.com/WKMIII
Website : www.einstruction.com
Stay Connected - @eInstruction • Facebook
Turning Technologies | 255 West Federal Street | Youngstown, OH Main: 330-746-3015 | Toll Free: 866-746-3015 | Fax: 330-884-6065
www.TurningTechnologies.com
ORION STARTER KIT….a real electronic laboratory (by FASAR ELETTRONICA)Flavio Falcinelli
Fasar Elettronica offers a starter kit designed to allow all users to develop their own application, in a fast and simple way, with the ORION platform: an advanced and "user friendly" system particularly suitable for the realization of complex user interfaces. ORION is a real electronic laboratory which, thanks to the last generation processor Atmel ARM Cortex-A5 SAMA5D34 and the Linux Embedded operating system, allows to effectively control any process that requires graphics processing, networking and management of mass storage.
Refers not only to professionals, but also to students and fans of computer and electronic science , ORION opens new horizons to those who wish to approach the world of programming with the certainty of having a technological vanguard tool, supported by complete and enriched documentation by application notes periodically updated, that registered users can free download from www.fasarelettronica.com.
5th Chapter of "Unified Communications with Elastix" Vol.1
(Version: Elastix 2.2)
We recommend to read the chapter along with the presentation.
http://elx.ec/chapter5
This deck shows some typical installation options introduced with Oracle RAC 11g Release 2 (11.2.0.1). Later patch sets influenced the installation marginally.
In This PPT we are discussed about complete details of that product (Use,Operation, Technical details, Dimensions, Wiring, and etc..)
Please Support us and Follow our other Sites
https://automationtechplc2.blogspot.com
https://humidificationcontrol.blogspot.com
https://controlsandsystems.business.site
If you enjoyed this article, share it with your friends and colleagues.
I am the authorized K-12 representative in South Carolina for eInstruction by Turning Point.
Bill McIntosh
SchoolVision Inc..
Authorized K-12 Consultant for eInstruction by Turning Technologies
Phone :843-442-8888
Email :WKMcIntosh@Comcast.net
Twitter : @OtisTMcIntosh
SchoolVision Website on Facebook: https://www.facebook.com/WKMIII
Website : www.einstruction.com
Stay Connected - @eInstruction • Facebook
Turning Technologies | 255 West Federal Street | Youngstown, OH Main: 330-746-3015 | Toll Free: 866-746-3015 | Fax: 330-884-6065
www.TurningTechnologies.com
ORION STARTER KIT….a real electronic laboratory (by FASAR ELETTRONICA)Flavio Falcinelli
Fasar Elettronica offers a starter kit designed to allow all users to develop their own application, in a fast and simple way, with the ORION platform: an advanced and "user friendly" system particularly suitable for the realization of complex user interfaces. ORION is a real electronic laboratory which, thanks to the last generation processor Atmel ARM Cortex-A5 SAMA5D34 and the Linux Embedded operating system, allows to effectively control any process that requires graphics processing, networking and management of mass storage.
Refers not only to professionals, but also to students and fans of computer and electronic science , ORION opens new horizons to those who wish to approach the world of programming with the certainty of having a technological vanguard tool, supported by complete and enriched documentation by application notes periodically updated, that registered users can free download from www.fasarelettronica.com.
Quick-Start Guide: Deploying Your Cloudian HyperStore Hybrid Storage ServiceCloudian
This document will help a new user deploy a 3-node Cloudian storage cluster in your data center for use with the Cloudian HyperStore Hybrid Cloud Service from AWS Marketplace.
Lab Exercise: IBM Blockchain runs also on LinuxONE, see it in action!Anderson Bassani
This laboratory covers a Blockchain implementation running on an IBM LinuxONE Server. Second, you will learn how to deploy a Hyperledger Fabric using Dockers Containers. Originally presented at IBM Systems Technical University, Sao Paulo, Atibaia, 2016.
CSS LO6 - PREPARING AND INSTALLING OPERATING SYSTEMMarvin Bronoso
CSS LO6 - PREPARING AND INSTALLING OPERATING SYSTEM
LEARNING OUTCOME:
AT THE END OF THIS LESSON THE LEARNERS WILL BE ABLE TO . . .
1.Understand the function of Operating System
2. Learn the Minimum requirement for Windows 7 operating system.
3. Learn the procedure in creating and preparing the OS.
3. Learn and experience to install Window 7 operating system.
4. Discover and prepare the basic applications needed to be installed.
CSS LO6 - PREPARING AND INSTALLING OPERATING SYSTEM
Taishaun_OwnensCNS-533_Lab
1. Enterprise Security Infrastructure Controls and Regulatory Compliance
IS-533 LABIS-533 LAB
Purpose
The primary purpose of this lab is to expose the students to network security monitoring and the
level of details that security standards sometimes require. The secondary purpose of this lab is to
assist in the creation of the final standard for logging.
The lab has been created in three parts:
Part 1: Create two client virtual machines to monitor with Security Onion
Part 2: Create a Security Onion virtual machine and install Splunk
Part 3: Test network settings and explore Security Onion via Splunk
Depending on the type of system you will be using, these labs may take some time to complete.
Specifically, the installation and then update of Security Onion will take over 30 minutes on some
systems. Plan accordingly.
Please post any questions to the Course Discussion Forum. These instructions were written as the
lab was built, so there may be errors. Posting to the forum will allow everyone to adjust the lab.
Requirements
Download VMware for your system at the CDM - VMware software store
http://e5.onthehub.com/WebStore/ProductsByMajorVersionList.aspx?ws=b2c0cd57-97e2-de11-a13b-0030487d8897&vsro=8&JSEnabled=1
Download the 32 bit version of the Ubuntu Desktop for your test systems. Do not apply any
updates. Once Security Onion is configured and running, this will be traffic that can be observed.
The Desktop version will be easier to download other software such as Nmap and Nessus. The
Ubuntu systems will be configured using NAT within VMware Workstation/Fusion
http://www.ubuntu.com/download
Download Security Onion and note that it is a 64 bit distribution. If the laptop/desktop being used
for this lab cannot run it within VMware Workstation/Fusion, follow the install guide for
downloading and installing the Security Onion packages onto the 32 bit version of Ubuntu
Desktop.
http://code.google.com/p/security-onion/wiki/Installation
http://sourceforge.net/projects/security-onion/files/12.04.3/
IS-533 Lab Page 1 of 15
2. Enterprise Security Infrastructure Controls and Regulatory Compliance
Part 1
Virtual Machine Setup
Each dialog window has a button to proceed through the configuration of the virtual machines
(VM). The instructions assume that once the appropriate fields are entered or selected, the student
will click on the appropriate button.
Open VMware Workstation/Fusion and create two VMs
First VM
1. Navigate the menu and select Create New Virtual Machine
2. Choose Custom
IS-533 Lab Page 2 of 15
3. Enterprise Security Infrastructure Controls and Regulatory Compliance
3. Accept the Hardware Compatibility defaults
4. Choose Installer disc image file (iso) and navigate to the folder where you downloaded the
iso image and select it
5. Complete the Easy Install User Information
6. Enter the computer name - ubuntu-1 or anything you will remember (so you can distinguish
between the systems in Security Onion
7. Accept the Processor defaults
IS-533 Lab Page 3 of 15
4. Enterprise Security Infrastructure Controls and Regulatory Compliance
8. Accept the Memory defaults
9. Choose Use network address translation (NAT)
10. Accept the I/O Controller defaults
11. Select Create New Virtual Disk
12. Accept the Default Type
13. Accept the Default for the size - Note: For the lab you will not need more than the default
size provided
14. Accept the Disk file name
15. Click Finish to begin the O/S install - Note: Depending on the speed of your system, the
install may take longer.
16. Upon completion of the VM creation, Logon and launch Terminal
17. Type ifconfig and press enter
a. Enter the First VM's IP address here: 192.168.60.128
18. Follow these steps to create your second VM
a. Enter the second VM's IP address here: 192.168.60.130
19. Test Internet browsing
IS-533 Lab Page 4 of 15
5. Enterprise Security Infrastructure Controls and Regulatory Compliance
Part 2
Security Onion Setup
1. Navigate the menu and select Create New Virtual Machine
2. Choose Custom
3. Accept the Hardware Compatibility defaults
4. Choose the Security Onion Installer disc image file (iso) and navigate to the folder where
you downloaded the iso image and select it
IS-533 Lab Page 5 of 15
6. Enterprise Security Infrastructure Controls and Regulatory Compliance
5. Use the down arrow to display the Version choices and select Other Linux 2.6.x kernel 64-
bit
6. Enter "Security_Onion" for the Virtual Machine Name
7. Accept the Processor defaults
8. Accept the Memory defaults (Use 1024MB if possible)
9. Choose Use network address translation (NAT) (VMware automatically defaults to NAT)
10. Accept the I/O Controller defaults
11. Select Create New Virtual Disk
12. Accept the Default Type
IS-533 Lab Page 6 of 15
7. Enterprise Security Infrastructure Controls and Regulatory Compliance
13. Change the Maximum disk size to 20 GB if possible
14. Accept the Disk file name
15. Click Finish
Note: The installation of Security Onion will not start until the VM is powered on.
16. Click VM on Tool Menu and Select Settings
17. Click Add and if prompted by Security Notification, accept it
18. Click Add
19. Click Network Adapter and click Next
IS-533 Lab Page 7 of 15
8. Enterprise Security Infrastructure Controls and Regulatory Compliance
20. Ensure that NAT: Used to share the host's IP address is selected
21. Click Finish
22. Click OK to exit Virtual Machine Settings
23. Click Power on this virtual machine
24. Select install - start the installer directly
Note: Depending on the amount RAM and speed of the system, Security Onion may take some
time to load
25. Double-Click on Install Security SecurityOnion 12.04 icon
26. Choose language
27. Click Continue without selecting any options on Preparing to install SecurityOnion
28. Select Erase disk and install SecurityOnion
29. Confirm time settings
30. Confirm Keyboard layout
31. Enter User Information
Note: For this lab, select Log in automatically to save time updating Security Onion. This lab will
be done on an isolated network. This setting is normally not selected as a good security practice.
32. Click Restart Now
Note: If you didn’t select auto-logon, you will need to logon to continue
33. Double-click on the Terminal Emulator icon on the Desktop
34. Type sudo apt-get update && sudo apt-get dist-upgrade
35. Type your password
IS-533 Lab Page 8 of 15
9. Enterprise Security Infrastructure Controls and Regulatory Compliance
36. Type Y to continue
37. Type sudo reboot
38. Enter the password you entered during the install
Note: If you didn’t select auto-logon, you will need to logon to continue
39. Double-click on the Setup Icon on the Desktop to begin configuring Security Onion
40. Enter the password you entered during the install
41. Click Yes, Continue
42. Click Yes, configure /etc/network/interfaces
43. Click on eth0 for the management interface
44. Click on DHCP
45. Check the box next to eth1 for the interface used for sniffing
46. Click Yes, make changes and reboot!
Note: If you didn’t select auto-logon, you will need to logon to continue
47. Double-click on the Setup Icon on the Desktop to continue configuring Security Onion
48. Click Yes, to continue
49. Click Yes, skip network configuration!
50. Select Advanced Setup
51. Select Standalone
52. Enter a Sguil username
53. Enter an email address for Snorby
54. Enter a password that will be used for Sguil, Squert, Snorby and ELSA (ELSA won't be
used for this lab)
55. Confirm your password
56. Select Snort
57. Select Emerging Threats GPL
58. Select eth1
59. Click Yes, enable the IDS engine
60. Click Yes, enable Bro
61. Click Yes, enable http_agent
62. Click Yes, enable Argus
63. Click Yes, enable Prads
64. Yes, enable full packet capture
65. Accept the default for the pcap files
66. Accept the default disk usage size
IS-533 Lab Page 9 of 15
10. Enterprise Security Infrastructure Controls and Regulatory Compliance
67. Click No, disable ELSA
68. Click Yes, proceed with the changes
69. Click OK to complete the setup
70. Click OK to acknowledge the Security Onion configuration
71. Click OK to acknowledge support options
72. Security Onion is now configured
73. Open a browser in Security Onion and go to www.splunk.com
Note: Splunk Enterprise 6 was released while creating this lab. There is an option for downloading
older versions. These instructions were written for the version below.
74. Click Free Download
75. Click on Splunk-5.0.5-179365-linux-2.6-amd64.deb or the 32 bit version
76. Register with Splunk
77. Note: Splunk will not send emails except to "thank you" for downloading it. Remember
the password that is created with this step.
78. Click on Splunk-5.0.5-179365-linux-2.6-amd64.deb splunk-6.2.1-245427-linux-2.6-amd64.deb
or the 32 bit version
79. Click on Save file
80. When the download is complete, close the browser and Double-click on Terminal Emulator
81. Type cd Downloads
82. Type sudo dpkg -i splunk-6.2.1-245427-linux-2.6-amd64.deb Enter your password
83. Type sudo /opt/splunk/bin/splunk start
84. Press Enter down until License agreement has been completed
85. Type Yes to agree with the license
86. sudo /opt/splunk/bin/splunk enable boot-start
87. Close the Terminal window
88. Open the browser
89. Navigate to localhost:8000
90. Enter admin and changeme to login
91. Create a Splunk admin password
92. Click on Manager (top right on menu)
93. Click on Apps
94. Click on Find more apps online
95. In the search field type Security Onion
96. Click on Read more
IS-533 Lab Page 10 of 15
11. Enterprise Security Infrastructure Controls and Regulatory Compliance
97. Click on the Documentation tab
98. Scroll down to Required Splunk Apps:
99. Right-click on each of the Apps, and select Open in new tab
100. Click the Download button and accept the license agreements when prompted
101. Save each file (they will be save to the Downloads folder)
102. Navigate back to the Manager
103. Click on Apps
104. Click on Install app from file
105. Browse to the %user%Downloads folder and select a file
106. Click Upload
107. Do this for each App - Ignore the restart message until all Apps are installed
108. Click on the Download for Security Onion and install it
109. Click Restart Splunk
IS-533 Lab Page 11 of 15
12. Enterprise Security Infrastructure Controls and Regulatory Compliance
Part 3
1. Double-click on the Terminal Emulator icon
2. Type sudo wireshark
3. Enter your password
4. Choose OK to accept the warning about running Wireshark as root
Note: There is a secure configuration for running Wireshark that should be undertaken for
production systems.
5. Start capturing on Eth0
6. In the Filter box, type ICMP and click Apply
7. In one of the Ubuntu systems, open a terminal and ping the other one
8. Insert a print screen of your Wireshark capture here:
9. Browse to http://localhost:8000
10. Login using Admin and the password you defined
11. Navigate to the Security Onion App
12. Insert a Print Screen of the Overview page here:
IS-533 Lab Page 12 of 15
14. Enterprise Security Infrastructure Controls and Regulatory Compliance
13. Open the Snorby page from Security Onion. If there is an error, correct the URL to
https://localhost:444
14. Add an exception to your browser's security
15. Login using the email address and password you provided during the install
16. Insert a print screen of the Snorby Dashboard here:
17. Exit Wireshark without saving the capture
18. Open the Squert page. If there is an error, correct the URL to
https://localhost/squert/login.php
19. Insert a print screen of the Squert Dashboard here:
IS-533 Lab Page 14 of 15
15. Enterprise Security Infrastructure Controls and Regulatory Compliance
20. Start your Ubuntu virtual machines
21. Apply the security updates on both systems
22. Observe the changes to the Overview, Snorby and Squert Dashboards
23. This completes the lab. Make sure each virtual machine is closed down cleanly.
IS-533 Lab Page 15 of 15