SlideShare a Scribd company logo

The <$100 Cyber Sensor, You Can Build It!

L
Ludwig Goon

My slides that was presented at BSides Jackson MS October 2016. This is the original version. Updates to come!

Technology
1 of 22
THE <$100 CYBER SENSOR, YOU CAN BUILD IT! LUDWIG GOON @NFLTR8
#HXNJXN WHY BUILD IT & OBJECTIVES ▸$$$$$$ COST $$$$$$$ ▸Inspect Activity on LAN ▸Power & Uptime ▸OpenSource IDS tools ▸Understanding Threat Detection & Networking ▸DNS Tools & Penetration Testing Tools ▸Malware Analysis
#HXNJXN ISP 100 MBs Down / 50 MBs Up LAN HOME NETWORK WAN DD-WRT ROUTER FIREWALL
#HXNJXN ISP 100 MBs Down / 50 MBs Up 1.0 GBs Switch LAN AUGMENTED HOME NETWORK Mirror Port / I/O Traffic CyberSensor WAN DD-WRT ROUTER FIREWALL
#HXNJXN HARDWARE, SOFTWARE & BUDGET ▸ NETGEAR ProSAFE 5-port Gigabit Web Managed (Plus) Switch $40.00 ▸ Ameridroid Odroid C2 $45.00 ▸ USB 2.0 to Ethernet Adapter $15.00 ▸ Class 10 Micro SDHC Cards 16 Gb/ 32 Gb $8.00/$12.00 ▸ Intel NUC Celeron $130.00 ▸ 4 Gb Memory DDR3 $30.00 ▸ 120 Gb SSD $70.00 ▸ Linux Operating Systems FREE SBC Total: $72 SBC Total: $100
#HXNJXN SBC ODRIOD C2 VS RASPBERRY PI ▸ A53(ARMv8) 1.5Ghz quad-core CPU ▸ Mali™-450 GPU ▸ 2 GB DDR3 SDRAM ▸ 1.0 Gb Ethernet Port ▸ HDMI 2.0 4K/60Hz display ▸ ~5.0 W Max Power ▸ eMMC5.0 HS400 Flash Storage slot ▸ UHS-1 SDR50 MicroSD Card slot ▸ USB 2.0 Host x 4, USB OTG ▸ Infrared(IR) Receiver ▸ 1.2GHz 64-bit quad-core ARMv8 CPU ▸ 802.11n Wireless LAN ▸ Bluetooth 4.1 & Bluetooth Low Energy (BLE) ▸ 1GB RAM ▸ 4 USB ports ▸ 40 GPIO pins ▸ ~4.8W Max Power ▸ 100 Mb Ethernet Port ▸ Micro SD card slot ▸ VideoCore IV 3D graphics core $35$42
#HXNJXN INTEL NUC VS DESKTOP PC ▸ Intel Braswell 2.17GHz Celeron Dual Core ▸ 4.0 Gb DDR3 RAM ▸ 120 Gb SSD ▸ 65W Intel Power Supply ▸ Intel HD Graphics ▸ WiFi Enabled ▸ 4 x USB 3.0 Ports ▸ RealTek RTL8168 Gigabit NIC ▸ Intel Core i7 3770K @3.7GHz ▸ Gigabyte G1 Sniper Gamers Mobo ▸ 32 Gb DDR3 RAM ▸ 750W Corsair Power Supply ▸ Nvidia GTX 660 & GTX 1080 GPUs ▸ Tons of Storage ▸ 6 x USB 3.0 Ports ▸ Dual Intel 1.0 Gigabit NICs
#HXNJXN CYBER TOOLS!!!!! ▸Snort ▸BRO IDS ▸nmap ▸tcpdump ▸ netsniff-ng ▸syslog-ng ▸Log Analysis
#HXNJXN SNORT VS BRO ▸ Ethernet Packets or PCAP files ▸ OSI Layer (add here) ▸ Inline & Passive Modes ▸ Logs, Database, Unified data ▸ Signature Based Threat Intel ▸ VRT Ruleset ▸ Emerging Threats Ruleset ▸ Ethernet Packets or PCAP ▸ OSI Layer (add here) ▸ Passive Mode ▸ Logs based on Packet Steams & Traffic ▸ Detects Interesting Traffic Patterns ▸ Threat Intel based on Frameworks ▸ Critical Stack Intel for BRO IDS
#HXNJXN WHAT HAPPENED ON NOVEMBER 3, 2016?
#HXNJXN FIREWALL LOGS
#HXNJXN FIREWALL DROP ACCEPT TRAFFIC BY LOCATION
#HXNJXN BRO IDS LOGS ▸conn.log ▸dhcp.log ▸dns.log ▸intel.log ▸files.log ▸x509.log ▸http.log ▸notice.log ▸sip.log ▸ssl.log ▸tunnel.log ▸weird.log ▸ssh.log ▸pe.log ▸modbus.log
#HXNJXN BRO CONNECTIONS BY COUNTRY
#HXNJXN BRO INTEL BY COUNTRY & REGION
#HXNJXN WHERE IS ‘152.163.66.141’ ???
#HXNJXN RESULTS OBSERVATIONS & CONCLUSIONS
#HXNJXN NUC VS ODRIOD C2 ▸ Runs Both Snort BRO IDS ▸ USB 3.0 Gigabit Interface ▸ 65 W Max Power ▸ 4.0 GB DDR3 SDRAM ▸ 1.0 Gb Ethernet Port ▸ Ubuntu Linux - very stable ▸ USB 2.0 Host x 4, USB OTG ▸ Runs BOTH Snort & BRO IDS ▸ USB 2.0 Gigabit Interface ▸ ~4.8W Max Power ▸ Kali Linux for ARM ▸ 2.0 GB RAM ▸ LONG COMPILE TIMES ▸ BRO IDS w/ INTEL NOT STABLE ▸ SNORT w/ RULES NOT STABLE ▸ OS hangs or Runs out of Memory
#HXNJXN LAGNIAPPE & OBSERVATIONS ▸ Uninterruptible/Battery Power Backup & Protection - CyberPower ▸ Gigabit Rated Switches ▸ DOCIS Modems & Separate Router ( use DD-WRT enabled) ▸ Capabilities of ISPs - Verizon, Comcast, AT&T, C-Spire, Cox ▸ Cat 5E Cables, USB to Ethernet Adapters ▸ Kali Linux (ARM), CentOS, Ubuntu (ARM) ▸ Protect devices (Harden the Operating System) ▸ Good Application for PCAP, Network Forensics, Intrusion Detection, Linux, & Security Tools
#HXNJXN RESOURCES ▸ Hardware ▸ ameridroid.com, amazon.com, newegg.com, intel.com ▸ OpenSource Security Tools ▸ www.bro.org, www.snort.org, sectools.org, kali.org ▸ Commercial Tools ▸ Splunk, Nessus, Nexpose ▸ Books ▸ Packt Publishers, O’Rielly Books ▸ Nostarch Press, Syngress publishers
#HXNJXN #ABOUT ME ▸ From Greenville Mississippi ▸ Mississippi State University BS Electrical Engineering1995 ▸ Completed SANS Incident Handler Certification ▸ Completed CISSP Certification ▸ Worked in Information Technology Sector for over 20 years ▸ Resides in Arlington Virginia ▸ Works for Major Defense Contractor ▸ email: lagoon7@gmail.com ▸ twitter: @nfltr8
#HXNJXN THANK YOU QUESTIONS?

Recommended

What can possibly go wrong? Why eSport needs an AntiDDoS Protection
What can possibly go wrong? Why eSport needs an AntiDDoS ProtectionWhat can possibly go wrong? Why eSport needs an AntiDDoS Protection
What can possibly go wrong? Why eSport needs an AntiDDoS ProtectionJakub Słociński
 
Nuevo Portafolio QNAP 2017
Nuevo Portafolio QNAP 2017Nuevo Portafolio QNAP 2017
Nuevo Portafolio QNAP 2017Fernando Barrientos
 
RedisConf17 - Beyond Ice Wine, Redis and Microcontrollers
RedisConf17 - Beyond Ice Wine, Redis and MicrocontrollersRedisConf17 - Beyond Ice Wine, Redis and Microcontrollers
RedisConf17 - Beyond Ice Wine, Redis and MicrocontrollersRedis Labs
 
Hack.lu 2016
Hack.lu 2016 Hack.lu 2016
Hack.lu 2016 James Jara
 
PLNOG16: Ochrona AntiDDoS, lokalnie oraz w chmurze, Paweł Wachełka
PLNOG16: Ochrona AntiDDoS, lokalnie oraz w chmurze, Paweł WachełkaPLNOG16: Ochrona AntiDDoS, lokalnie oraz w chmurze, Paweł Wachełka
PLNOG16: Ochrona AntiDDoS, lokalnie oraz w chmurze, Paweł WachełkaPROIDEA
 
Ceph Day New York 2014: Ceph, a physical perspective
Ceph Day New York 2014: Ceph, a physical perspective Ceph Day New York 2014: Ceph, a physical perspective
Ceph Day New York 2014: Ceph, a physical perspective Ceph Community
 
Introduction to RIoT Hardware Kits & ESP32 Programming [Road to RIoT 2017]
Introduction to RIoT Hardware Kits & ESP32 Programming [Road to RIoT 2017]Introduction to RIoT Hardware Kits & ESP32 Programming [Road to RIoT 2017]
Introduction to RIoT Hardware Kits & ESP32 Programming [Road to RIoT 2017]Alwin Arrasyid
 
한컴MDS_NVIDIA Jetson Platform
한컴MDS_NVIDIA Jetson Platform한컴MDS_NVIDIA Jetson Platform
한컴MDS_NVIDIA Jetson PlatformHANCOM MDS
 

Recommended

What can possibly go wrong? Why eSport needs an AntiDDoS Protection
What can possibly go wrong? Why eSport needs an AntiDDoS ProtectionWhat can possibly go wrong? Why eSport needs an AntiDDoS Protection
What can possibly go wrong? Why eSport needs an AntiDDoS ProtectionJakub Słociński
 
Nuevo Portafolio QNAP 2017
Nuevo Portafolio QNAP 2017Nuevo Portafolio QNAP 2017
Nuevo Portafolio QNAP 2017Fernando Barrientos
 
RedisConf17 - Beyond Ice Wine, Redis and Microcontrollers
RedisConf17 - Beyond Ice Wine, Redis and MicrocontrollersRedisConf17 - Beyond Ice Wine, Redis and Microcontrollers
RedisConf17 - Beyond Ice Wine, Redis and MicrocontrollersRedis Labs
 
Hack.lu 2016
Hack.lu 2016 Hack.lu 2016
Hack.lu 2016 James Jara
 
PLNOG16: Ochrona AntiDDoS, lokalnie oraz w chmurze, Paweł Wachełka
PLNOG16: Ochrona AntiDDoS, lokalnie oraz w chmurze, Paweł WachełkaPLNOG16: Ochrona AntiDDoS, lokalnie oraz w chmurze, Paweł Wachełka
PLNOG16: Ochrona AntiDDoS, lokalnie oraz w chmurze, Paweł WachełkaPROIDEA
 
Ceph Day New York 2014: Ceph, a physical perspective
Ceph Day New York 2014: Ceph, a physical perspective Ceph Day New York 2014: Ceph, a physical perspective
Ceph Day New York 2014: Ceph, a physical perspective Ceph Community
 
Introduction to RIoT Hardware Kits & ESP32 Programming [Road to RIoT 2017]
Introduction to RIoT Hardware Kits & ESP32 Programming [Road to RIoT 2017]Introduction to RIoT Hardware Kits & ESP32 Programming [Road to RIoT 2017]
Introduction to RIoT Hardware Kits & ESP32 Programming [Road to RIoT 2017]Alwin Arrasyid
 
한컴MDS_NVIDIA Jetson Platform
한컴MDS_NVIDIA Jetson Platform한컴MDS_NVIDIA Jetson Platform
한컴MDS_NVIDIA Jetson PlatformHANCOM MDS
 
Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)
Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)
Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)Nate Lawson
 
Scaling IO-bound microservices
Scaling IO-bound microservicesScaling IO-bound microservices
Scaling IO-bound microservicesSalo Shp
 
Cheap 3d pc project
Cheap 3d pc projectCheap 3d pc project
Cheap 3d pc projectJorge Viloria
 
Proposal penawaran karaoke software
Proposal penawaran karaoke softwareProposal penawaran karaoke software
Proposal penawaran karaoke softwareanuan anuan
 
Breaking New Frontiers in Robotics and Edge Computing with AI
Breaking New Frontiers in Robotics and Edge Computing with AIBreaking New Frontiers in Robotics and Edge Computing with AI
Breaking New Frontiers in Robotics and Edge Computing with AIDustin Franklin
 
Hardware Hacks
Hardware HacksHardware Hacks
Hardware Hacksn|u - The Open Security Community
 
Product Roadmap iEi 2017
Product Roadmap iEi 2017Product Roadmap iEi 2017
Product Roadmap iEi 2017Andrei Teleanu
 
BalCCon2k18 - Towards the perfect cryptocurrency wallet
BalCCon2k18 - Towards the perfect cryptocurrency walletBalCCon2k18 - Towards the perfect cryptocurrency wallet
BalCCon2k18 - Towards the perfect cryptocurrency walletNemanja Nikodijević
 
Node mcu x raspberrypi2 x mqtt
Node mcu x raspberrypi2 x mqttNode mcu x raspberrypi2 x mqtt
Node mcu x raspberrypi2 x mqtt承翰 蔡
 
Republic of IoT - Hackathon Hardware Kits Hands-on Labs
Republic of IoT - Hackathon Hardware Kits Hands-on LabsRepublic of IoT - Hackathon Hardware Kits Hands-on Labs
Republic of IoT - Hackathon Hardware Kits Hands-on LabsAlwin Arrasyid
 
L3HA-VRRP-20141201
L3HA-VRRP-20141201L3HA-VRRP-20141201
L3HA-VRRP-20141201Manabu Ori
 
OpenStack networking
OpenStack networkingOpenStack networking
OpenStack networkingSim Janghoon
 
RDP Thin Client XL-200a
RDP Thin Client XL-200aRDP Thin Client XL-200a
RDP Thin Client XL-200aRDP Workstations Pvt Ltd
 
Qnap nas tvs serie x63-catalogo
Qnap nas tvs serie x63-catalogoQnap nas tvs serie x63-catalogo
Qnap nas tvs serie x63-catalogoFernando Barrientos
 
Ksenos Streamline NVR
Ksenos Streamline NVRKsenos Streamline NVR
Ksenos Streamline NVRShawn Spaeny
 
How to twist a IPv6 over Bluetooth (6lowpan)
How to twist a IPv6 over Bluetooth (6lowpan) How to twist a IPv6 over Bluetooth (6lowpan)
How to twist a IPv6 over Bluetooth (6lowpan) Naoto MATSUMOTO
 
Cy7 introduction
Cy7 introductionCy7 introduction
Cy7 introductionKunhui Wu
 
LinuxCon2009: 10Gbit/s Bi-Directional Routing on standard hardware running Linux
LinuxCon2009: 10Gbit/s Bi-Directional Routing on standard hardware running LinuxLinuxCon2009: 10Gbit/s Bi-Directional Routing on standard hardware running Linux
LinuxCon2009: 10Gbit/s Bi-Directional Routing on standard hardware running Linuxbrouer
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool Pavel Odintsov
 
Keeping your rack cool with one "/IP route rule"
Keeping your rack cool with one "/IP route rule"Keeping your rack cool with one "/IP route rule"
Keeping your rack cool with one "/IP route rule"Faelix Ltd
 
[OpenStack Days Korea 2016] Track3 - OpenStack on 64-bit ARM with X-Gene
[OpenStack Days Korea 2016] Track3 - OpenStack on 64-bit ARM with X-Gene[OpenStack Days Korea 2016] Track3 - OpenStack on 64-bit ARM with X-Gene
[OpenStack Days Korea 2016] Track3 - OpenStack on 64-bit ARM with X-GeneOpenStack Korea Community
 
QNAP for IoT
QNAP for IoTQNAP for IoT
QNAP for IoTqnapivan
 

More Related Content

What's hot

Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)
Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)
Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)Nate Lawson
 
Scaling IO-bound microservices
Scaling IO-bound microservicesScaling IO-bound microservices
Scaling IO-bound microservicesSalo Shp
 
Proposal penawaran karaoke software
Proposal penawaran karaoke softwareProposal penawaran karaoke software
Proposal penawaran karaoke softwareanuan anuan
 
Breaking New Frontiers in Robotics and Edge Computing with AI
Breaking New Frontiers in Robotics and Edge Computing with AIBreaking New Frontiers in Robotics and Edge Computing with AI
Breaking New Frontiers in Robotics and Edge Computing with AIDustin Franklin
 
Product Roadmap iEi 2017
Product Roadmap iEi 2017Product Roadmap iEi 2017
Product Roadmap iEi 2017Andrei Teleanu
 
BalCCon2k18 - Towards the perfect cryptocurrency wallet
BalCCon2k18 - Towards the perfect cryptocurrency walletBalCCon2k18 - Towards the perfect cryptocurrency wallet
BalCCon2k18 - Towards the perfect cryptocurrency walletNemanja Nikodijević
 
Node mcu x raspberrypi2 x mqtt
Node mcu x raspberrypi2 x mqttNode mcu x raspberrypi2 x mqtt
Node mcu x raspberrypi2 x mqtt承翰 蔡
 
Republic of IoT - Hackathon Hardware Kits Hands-on Labs
Republic of IoT - Hackathon Hardware Kits Hands-on LabsRepublic of IoT - Hackathon Hardware Kits Hands-on Labs
Republic of IoT - Hackathon Hardware Kits Hands-on LabsAlwin Arrasyid
 
L3HA-VRRP-20141201
L3HA-VRRP-20141201L3HA-VRRP-20141201
L3HA-VRRP-20141201Manabu Ori
 
OpenStack networking
OpenStack networkingOpenStack networking
OpenStack networkingSim Janghoon
 
Ksenos Streamline NVR
Ksenos Streamline NVRKsenos Streamline NVR
Ksenos Streamline NVRShawn Spaeny
 
How to twist a IPv6 over Bluetooth (6lowpan)
How to twist a IPv6 over Bluetooth (6lowpan) How to twist a IPv6 over Bluetooth (6lowpan)
How to twist a IPv6 over Bluetooth (6lowpan) Naoto MATSUMOTO
 

What's hot (16)

Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)
Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)
Copy Protection Wars: Analyzing Retro and Modern Schemes (RSA 2007)
 
Scaling IO-bound microservices
Scaling IO-bound microservicesScaling IO-bound microservices
Scaling IO-bound microservices
 
Cheap 3d pc project
Cheap 3d pc projectCheap 3d pc project
Cheap 3d pc project
 
Proposal penawaran karaoke software
Proposal penawaran karaoke softwareProposal penawaran karaoke software
Proposal penawaran karaoke software
 
Breaking New Frontiers in Robotics and Edge Computing with AI
Breaking New Frontiers in Robotics and Edge Computing with AIBreaking New Frontiers in Robotics and Edge Computing with AI
Breaking New Frontiers in Robotics and Edge Computing with AI
 
Hardware Hacks
Hardware HacksHardware Hacks
Hardware Hacks
 
Product Roadmap iEi 2017
Product Roadmap iEi 2017Product Roadmap iEi 2017
Product Roadmap iEi 2017
 
BalCCon2k18 - Towards the perfect cryptocurrency wallet
BalCCon2k18 - Towards the perfect cryptocurrency walletBalCCon2k18 - Towards the perfect cryptocurrency wallet
BalCCon2k18 - Towards the perfect cryptocurrency wallet
 
Node mcu x raspberrypi2 x mqtt
Node mcu x raspberrypi2 x mqttNode mcu x raspberrypi2 x mqtt
Node mcu x raspberrypi2 x mqtt
 
Republic of IoT - Hackathon Hardware Kits Hands-on Labs
Republic of IoT - Hackathon Hardware Kits Hands-on LabsRepublic of IoT - Hackathon Hardware Kits Hands-on Labs
Republic of IoT - Hackathon Hardware Kits Hands-on Labs
 
L3HA-VRRP-20141201
L3HA-VRRP-20141201L3HA-VRRP-20141201
L3HA-VRRP-20141201
 
OpenStack networking
OpenStack networkingOpenStack networking
OpenStack networking
 
RDP Thin Client XL-200a
RDP Thin Client XL-200aRDP Thin Client XL-200a
RDP Thin Client XL-200a
 
Qnap nas tvs serie x63-catalogo
Qnap nas tvs serie x63-catalogoQnap nas tvs serie x63-catalogo
Qnap nas tvs serie x63-catalogo
 
Ksenos Streamline NVR
Ksenos Streamline NVRKsenos Streamline NVR
Ksenos Streamline NVR
 
How to twist a IPv6 over Bluetooth (6lowpan)
How to twist a IPv6 over Bluetooth (6lowpan) How to twist a IPv6 over Bluetooth (6lowpan)
How to twist a IPv6 over Bluetooth (6lowpan)
 

Similar to The &lt;$100 Cyber Sensor, You Can Build It!

Cy7 introduction
Cy7 introductionCy7 introduction
Cy7 introductionKunhui Wu
 
LinuxCon2009: 10Gbit/s Bi-Directional Routing on standard hardware running Linux
LinuxCon2009: 10Gbit/s Bi-Directional Routing on standard hardware running LinuxLinuxCon2009: 10Gbit/s Bi-Directional Routing on standard hardware running Linux
LinuxCon2009: 10Gbit/s Bi-Directional Routing on standard hardware running Linuxbrouer
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool Pavel Odintsov
 
Keeping your rack cool with one "/IP route rule"
Keeping your rack cool with one "/IP route rule"Keeping your rack cool with one "/IP route rule"
Keeping your rack cool with one "/IP route rule"Faelix Ltd
 
[OpenStack Days Korea 2016] Track3 - OpenStack on 64-bit ARM with X-Gene
[OpenStack Days Korea 2016] Track3 - OpenStack on 64-bit ARM with X-Gene[OpenStack Days Korea 2016] Track3 - OpenStack on 64-bit ARM with X-Gene
[OpenStack Days Korea 2016] Track3 - OpenStack on 64-bit ARM with X-GeneOpenStack Korea Community
 
QNAP for IoT
QNAP for IoTQNAP for IoT
QNAP for IoTqnapivan
 
robust-twelve-plus-midtower-storage-server
robust-twelve-plus-midtower-storage-serverrobust-twelve-plus-midtower-storage-server
robust-twelve-plus-midtower-storage-serverTecsun Yeep
 
Osis18_Cloud : DeepTorrent Stockage distribué perenne basé sur Bittorrent
Osis18_Cloud : DeepTorrent Stockage distribué perenne basé sur BittorrentOsis18_Cloud : DeepTorrent Stockage distribué perenne basé sur Bittorrent
Osis18_Cloud : DeepTorrent Stockage distribué perenne basé sur BittorrentPôle Systematic Paris-Region
 
Iot - kubernetes - prometheus AKA How to annoy your better half with IoT
Iot - kubernetes - prometheus AKA How to annoy your better half with IoTIot - kubernetes - prometheus AKA How to annoy your better half with IoT
Iot - kubernetes - prometheus AKA How to annoy your better half with IoTAkos Veres
 
Internet Of Things: Hands on: YOW! night
Internet Of Things: Hands on: YOW! nightInternet Of Things: Hands on: YOW! night
Internet Of Things: Hands on: YOW! nightAndy Gelme
 
Device inspection to remote root
Device inspection to remote rootDevice inspection to remote root
Device inspection to remote rootTim N
 
Dream Pc 2009
Dream Pc 2009Dream Pc 2009
Dream Pc 2009kyochi
 
Internet of Things, Mobility & .Net Micro Framework SydMobNet March 2014
Internet of Things, Mobility & .Net Micro Framework SydMobNet March 2014Internet of Things, Mobility & .Net Micro Framework SydMobNet March 2014
Internet of Things, Mobility & .Net Micro Framework SydMobNet March 2014Alec Tucker
 
Insecure Obsolete and Trivial - The Real IOT
Insecure Obsolete and Trivial - The Real IOTInsecure Obsolete and Trivial - The Real IOT
Insecure Obsolete and Trivial - The Real IOTPrice McDonald
 
Scalable AI Solution cross AI platforms
Scalable AI Solution cross AI platformsScalable AI Solution cross AI platforms
Scalable AI Solution cross AI platformsKTN
 

Similar to The &lt;$100 Cyber Sensor, You Can Build It! (20)

Cy7 introduction
Cy7 introductionCy7 introduction
Cy7 introduction
 
LinuxCon2009: 10Gbit/s Bi-Directional Routing on standard hardware running Linux
LinuxCon2009: 10Gbit/s Bi-Directional Routing on standard hardware running LinuxLinuxCon2009: 10Gbit/s Bi-Directional Routing on standard hardware running Linux
LinuxCon2009: 10Gbit/s Bi-Directional Routing on standard hardware running Linux
 
Keeping your rack cool
Keeping your rack cool Keeping your rack cool
Keeping your rack cool
 
Keeping your rack cool with one "/IP route rule"
Keeping your rack cool with one "/IP route rule"Keeping your rack cool with one "/IP route rule"
Keeping your rack cool with one "/IP route rule"
 
[OpenStack Days Korea 2016] Track3 - OpenStack on 64-bit ARM with X-Gene
[OpenStack Days Korea 2016] Track3 - OpenStack on 64-bit ARM with X-Gene[OpenStack Days Korea 2016] Track3 - OpenStack on 64-bit ARM with X-Gene
[OpenStack Days Korea 2016] Track3 - OpenStack on 64-bit ARM with X-Gene
 
QNAP for IoT
QNAP for IoTQNAP for IoT
QNAP for IoT
 
robust-twelve-plus-midtower-storage-server
robust-twelve-plus-midtower-storage-serverrobust-twelve-plus-midtower-storage-server
robust-twelve-plus-midtower-storage-server
 
Osis18_Cloud : DeepTorrent Stockage distribué perenne basé sur Bittorrent
Osis18_Cloud : DeepTorrent Stockage distribué perenne basé sur BittorrentOsis18_Cloud : DeepTorrent Stockage distribué perenne basé sur Bittorrent
Osis18_Cloud : DeepTorrent Stockage distribué perenne basé sur Bittorrent
 
uCluster
uClusteruCluster
uCluster
 
Iot - kubernetes - prometheus AKA How to annoy your better half with IoT
Iot - kubernetes - prometheus AKA How to annoy your better half with IoTIot - kubernetes - prometheus AKA How to annoy your better half with IoT
Iot - kubernetes - prometheus AKA How to annoy your better half with IoT
 
MÁY KIỂM KHO DATALOGIC Dh60
MÁY KIỂM KHO DATALOGIC Dh60 MÁY KIỂM KHO DATALOGIC Dh60
MÁY KIỂM KHO DATALOGIC Dh60
 
Internet Of Things: Hands on: YOW! night
Internet Of Things: Hands on: YOW! nightInternet Of Things: Hands on: YOW! night
Internet Of Things: Hands on: YOW! night
 
QNAP TS-832PX-4G.pdf
QNAP TS-832PX-4G.pdfQNAP TS-832PX-4G.pdf
QNAP TS-832PX-4G.pdf
 
Device inspection to remote root
Device inspection to remote rootDevice inspection to remote root
Device inspection to remote root
 
Dream Pc 2009
Dream Pc 2009Dream Pc 2009
Dream Pc 2009
 
Presentation TS-X53A Series
Presentation TS-X53A SeriesPresentation TS-X53A Series
Presentation TS-X53A Series
 
Internet of Things, Mobility & .Net Micro Framework SydMobNet March 2014
Internet of Things, Mobility & .Net Micro Framework SydMobNet March 2014Internet of Things, Mobility & .Net Micro Framework SydMobNet March 2014
Internet of Things, Mobility & .Net Micro Framework SydMobNet March 2014
 
Insecure Obsolete and Trivial - The Real IOT
Insecure Obsolete and Trivial - The Real IOTInsecure Obsolete and Trivial - The Real IOT
Insecure Obsolete and Trivial - The Real IOT
 
Scalable AI Solution cross AI platforms
Scalable AI Solution cross AI platformsScalable AI Solution cross AI platforms
Scalable AI Solution cross AI platforms
 
AI talk at CogX 2018
AI talk at CogX 2018AI talk at CogX 2018
AI talk at CogX 2018
 

Recently uploaded

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 

Recently uploaded (20)

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 

The &lt;$100 Cyber Sensor, You Can Build It!

  • 1. THE <$100 CYBER SENSOR, YOU CAN BUILD IT! LUDWIG GOON @NFLTR8
  • 2. #HXNJXN WHY BUILD IT & OBJECTIVES ▸$$$$$$ COST $$$$$$$ ▸Inspect Activity on LAN ▸Power & Uptime ▸OpenSource IDS tools ▸Understanding Threat Detection & Networking ▸DNS Tools & Penetration Testing Tools ▸Malware Analysis
  • 3. #HXNJXN ISP 100 MBs Down / 50 MBs Up LAN HOME NETWORK WAN DD-WRT ROUTER FIREWALL
  • 4. #HXNJXN ISP 100 MBs Down / 50 MBs Up 1.0 GBs Switch LAN AUGMENTED HOME NETWORK Mirror Port / I/O Traffic CyberSensor WAN DD-WRT ROUTER FIREWALL
  • 5. #HXNJXN HARDWARE, SOFTWARE & BUDGET ▸ NETGEAR ProSAFE 5-port Gigabit Web Managed (Plus) Switch $40.00 ▸ Ameridroid Odroid C2 $45.00 ▸ USB 2.0 to Ethernet Adapter $15.00 ▸ Class 10 Micro SDHC Cards 16 Gb/ 32 Gb $8.00/$12.00 ▸ Intel NUC Celeron $130.00 ▸ 4 Gb Memory DDR3 $30.00 ▸ 120 Gb SSD $70.00 ▸ Linux Operating Systems FREE SBC Total: $72 SBC Total: $100
  • 6. #HXNJXN SBC ODRIOD C2 VS RASPBERRY PI ▸ A53(ARMv8) 1.5Ghz quad-core CPU ▸ Mali™-450 GPU ▸ 2 GB DDR3 SDRAM ▸ 1.0 Gb Ethernet Port ▸ HDMI 2.0 4K/60Hz display ▸ ~5.0 W Max Power ▸ eMMC5.0 HS400 Flash Storage slot ▸ UHS-1 SDR50 MicroSD Card slot ▸ USB 2.0 Host x 4, USB OTG ▸ Infrared(IR) Receiver ▸ 1.2GHz 64-bit quad-core ARMv8 CPU ▸ 802.11n Wireless LAN ▸ Bluetooth 4.1 & Bluetooth Low Energy (BLE) ▸ 1GB RAM ▸ 4 USB ports ▸ 40 GPIO pins ▸ ~4.8W Max Power ▸ 100 Mb Ethernet Port ▸ Micro SD card slot ▸ VideoCore IV 3D graphics core $35$42
  • 7. #HXNJXN INTEL NUC VS DESKTOP PC ▸ Intel Braswell 2.17GHz Celeron Dual Core ▸ 4.0 Gb DDR3 RAM ▸ 120 Gb SSD ▸ 65W Intel Power Supply ▸ Intel HD Graphics ▸ WiFi Enabled ▸ 4 x USB 3.0 Ports ▸ RealTek RTL8168 Gigabit NIC ▸ Intel Core i7 3770K @3.7GHz ▸ Gigabyte G1 Sniper Gamers Mobo ▸ 32 Gb DDR3 RAM ▸ 750W Corsair Power Supply ▸ Nvidia GTX 660 & GTX 1080 GPUs ▸ Tons of Storage ▸ 6 x USB 3.0 Ports ▸ Dual Intel 1.0 Gigabit NICs
  • 9. #HXNJXN SNORT VS BRO ▸ Ethernet Packets or PCAP files ▸ OSI Layer (add here) ▸ Inline & Passive Modes ▸ Logs, Database, Unified data ▸ Signature Based Threat Intel ▸ VRT Ruleset ▸ Emerging Threats Ruleset ▸ Ethernet Packets or PCAP ▸ OSI Layer (add here) ▸ Passive Mode ▸ Logs based on Packet Steams & Traffic ▸ Detects Interesting Traffic Patterns ▸ Threat Intel based on Frameworks ▸ Critical Stack Intel for BRO IDS
  • 12. #HXNJXN FIREWALL DROP ACCEPT TRAFFIC BY LOCATION
  • 15. #HXNJXN BRO INTEL BY COUNTRY & REGION
  • 18. #HXNJXN NUC VS ODRIOD C2 ▸ Runs Both Snort BRO IDS ▸ USB 3.0 Gigabit Interface ▸ 65 W Max Power ▸ 4.0 GB DDR3 SDRAM ▸ 1.0 Gb Ethernet Port ▸ Ubuntu Linux - very stable ▸ USB 2.0 Host x 4, USB OTG ▸ Runs BOTH Snort & BRO IDS ▸ USB 2.0 Gigabit Interface ▸ ~4.8W Max Power ▸ Kali Linux for ARM ▸ 2.0 GB RAM ▸ LONG COMPILE TIMES ▸ BRO IDS w/ INTEL NOT STABLE ▸ SNORT w/ RULES NOT STABLE ▸ OS hangs or Runs out of Memory
  • 19. #HXNJXN LAGNIAPPE & OBSERVATIONS ▸ Uninterruptible/Battery Power Backup & Protection - CyberPower ▸ Gigabit Rated Switches ▸ DOCIS Modems & Separate Router ( use DD-WRT enabled) ▸ Capabilities of ISPs - Verizon, Comcast, AT&T, C-Spire, Cox ▸ Cat 5E Cables, USB to Ethernet Adapters ▸ Kali Linux (ARM), CentOS, Ubuntu (ARM) ▸ Protect devices (Harden the Operating System) ▸ Good Application for PCAP, Network Forensics, Intrusion Detection, Linux, & Security Tools
  • 20. #HXNJXN RESOURCES ▸ Hardware ▸ ameridroid.com, amazon.com, newegg.com, intel.com ▸ OpenSource Security Tools ▸ www.bro.org, www.snort.org, sectools.org, kali.org ▸ Commercial Tools ▸ Splunk, Nessus, Nexpose ▸ Books ▸ Packt Publishers, O’Rielly Books ▸ Nostarch Press, Syngress publishers
  • 21. #HXNJXN #ABOUT ME ▸ From Greenville Mississippi ▸ Mississippi State University BS Electrical Engineering1995 ▸ Completed SANS Incident Handler Certification ▸ Completed CISSP Certification ▸ Worked in Information Technology Sector for over 20 years ▸ Resides in Arlington Virginia ▸ Works for Major Defense Contractor ▸ email: lagoon7@gmail.com ▸ twitter: @nfltr8