1 / 26

Snort for the Road Warrior

Snort for the Road Warrior. Soapbox. What is Snort?. Snort is an open source network I ntrusion P revention and D etection S ystem (IDS/ IPS ) developed by Sourcefire . Snort is the most widely deployed IDS/ IPS technology worldwide. Snort has become the de facto standard for IPS .

neo
Download Presentation

Snort for the Road Warrior

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Snort for the Road Warrior

  2. Soapbox

  3. What is Snort? • Snort is an open source network Intrusion Prevention and Detection System (IDS/IPS) developed by Sourcefire. • Snort is the most widely deployed IDS/IPS technology worldwide. Snort has become the de facto standard for IPS.

  4. pfSense is a free, open source firewall and router platform based on NanoBSD/ FreeBSD that includes most all of the features of expensive, commercial firewalls. The pfSensestateful firewall for embedded applications supports: • Stateful firewall based on OpenBSDpf • Captive portal with MAC filtering, RADIUS support, etc. • NAT support • Load balancing • VPN: IPsec, OpenVPN, PPTP • Dynamic DNS client • DHCP Server and Relay functions • PPPoE Server • Reporting and monitoring features with real time information • The m1n1wall arrives pre-loaded with pfSense 2.0.3 software. You can reload the CF card with your own operating system / software to support your application. Possibilities include FreeBSD, NetBSD, OpenBSD, m0n0wall, OpenWRT, Voyage Linux, STYX, iMediaALIX Linux, Fluxbuntu, fli4l, Zeroshell, Ikarus OS, Embed-it, MikrotikRouterOS.

  5. Network Layout

  6. m1n1wall Hardware

  7. Soekris Crypto Accelerator

  8. Dashboard

  9. pfSense Packages

  10. Hardware / Software costs Netgatem1n1wall2D3/2D13 appliance • Assembled ($225.00)/ Unassembled ($205.00) SoekrisVPN1411: Crypto accelerator ($72.00) • http://store.netgate.com/Soekris-VPN1411-Crypto-accelerator-P319.aspx SourcefireVRT rules ($29.99, personal license, 1 sensor) • http://www.snort.org/vrt/buy-a-subscription

  11. m1n1wall Appliance Features ALIX.2D13 System Board with • 500 MHz AMD Geode LX800 CPU • 3 10/100 Ethernet ports (VIA VT6105M 10/100) • 1 miniPCI slot for future expansion (VPN Acceleration, wireless, etc.) • 2 USB ports • 256 MB DDR DRAM • Pre-installed battery • I2C header • COM2 header • internal USB header for port 3 and 4 4 GB Industrial SLC CF Card pre-loaded with pfSense 2.0.3

  12. Russian Business Network • The Russian Business Network (commonly abbreviated as RBN) is a multi-faceted cybercrime organization, specializing in and in some cases monopolizing personal identity theft for resale. • The RBN, which is notorious for its hosting of illegal and dubious businesses, originated as an Internet service provider for child pornography, phishing, spam, and malware distribution physically based in St. Petersburg, Russia. • By 2007, it developed partner and affiliate marketing techniques in many countries to provide a method for organized crime to target victims internationally.

  13. Russian Business Network (RBN) Structure (circa 2007)

  14. RBN Activities • According to VeriSign, RBN was registered as an internet site in 2006 • Initially, much of its activity was legitimate. But apparently the founders soon discovered that it was more profitable to host illegitimate activities and started hiring its services to criminals. • The RBN has been described by VeriSign as "the baddest of the bad".

  15. RBN & Red October • Red October was a cyber espionage malware program discovered in October 2012 and uncovered in January 2013 by Russian firm Kaspersky Lab. • The malware was reportedly operating worldwide for up to five years prior to discovery, transmitting information ranging from diplomatic secrets to personal information, including from mobile devices. • Red October was termed an advanced cyber espionage campaign intended to target diplomatic, governmental and scientific research organizations worldwide. • After being revealed, domain registrars and hosting companies shut down as many as 60 domains used by the virus creators to receive information. The attackers themselves shut down their end of the operation as well. • According to Kaspersky’s report, the oldest domain name used in the Red October network was registered in November, 2007, and the newest in May, 2012. The RBN Network went dark on November 4, 2007 and temporarily moved operations to China. Then, after a few weeks, disappeared again.

  16. Russian Cyber OperationsDavid J. Smith • “Unlike China,” Jeff Carr, the CEO of Taia Global, explains on his Digital Dao blog, “Russian cyber operations are rarely discovered, which is the true measure of a successful op.” • Russia-its government and motley crew of government-sponsored cyber-criminals and youth group members-has integrated cyber operations into its military doctrine and is conducting strategic espionage against the United States. • http://www.afpc.org/files/august2012.pdf

  17. Other Cyber Operations of Note • Hidden Lynx group • http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/hidden_lynx.pdf • Syrian Electronic Army • http://en.wikipedia.org/wiki/Syrian_Electronic_Army • Mandiant Exposes APT1 • http://www.mandiant.com/apt1 • Anonymous (group) • http://en.wikipedia.org/wiki/Anonymous_%28group%29

  18. Contact Email: alancz@wowway.com Phone: (614) 876 6124

  19. Questions?

  20. Appendix

  21. pfSense Information m1n1wall Quick Start Guide • http://bit.ly/m1n1wallQSG Web Interface • https://192.168.1.1 Free Support • http://www.fpsense.org Paid Support • http://www.bsdperimeter.com (502) 442 7080

  22. References pfSense • http://www.pfsense.org/ • Commercial Support • https://portal.pfsense.org/ Snort • http://www.sourcefire.com/security-technologies/open-source/snort Netgate • http://store.netgate.com/

  23. VRT Subscription

  24. Tips: Packageshttp://doc.pfsense.org/index.php/Category:Packages

More Related