Talking Technical Security. All the stuff I find interesting and enjoy. Covering Protective Monitoring, Penetration Testing, Network Security Monitoring, Forensics, and Incident Response. Go deep!
Entropy in a given character set
Get link
Facebook
X
Pinterest
Email
Other Apps
This is a python program to work out the Bits of Entropy for a given character set for a specific password size. In other words how random can a password be at a specific size when drawn from a range of characters.
In this post I wanted show how a Squid Proxy could be used with OpenDNS to provide a simple but effective security for home or small business. This blog post was inspired by the SANS course SEC530 Security Architecture & Engineering which leads to the GIAC Defensible Security Architecture (GDSA) certification. This is a great course for anyone looking to develop and improve their 'full stack' defensive posture. Monitoring is by courtesy of SOF-ELK , one of the many tools by those nice people at SANS . SOF-ELK is used in a few SANS course including FOR572 Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response , and SEC555 SIEM with Tactical Analytics . OpenDNS Enterprise is now Cisco Umbrella , however, the OpenDNS Home service is available for free and small businesses can use the Prosumer services for a modest fee. The fist step is to install a CentOS 7 minimal and then apply the latest updates. In order to use the OpenDNS Hom...
Firstly, I’m happy to report that I received a SANS SEC530 Red Challenge Coin for submitting a blog post that builds upon the SEC530 course subject matter for Squid Proxy with SOF-ELK Part 1 . Thank you very much Justin Henderson and Ismael Valenzuela for the coin. Analysis In this post I wanted to go a little deeper into how to analyse Squid logs collected in SOF-ELK and develop some potential security use cases. In Part 1 we configured Squid to use OpenDNS Home edition to block access to sites that were undesirable such as Gambling site and sites known to serve Malware. We also configured Kibana to show meaningful block codes rather than just the IP address that OpenDNS redirected them to when a user visited a blocked site. From the users perspective they will see a blocked message from OpenDNS like this: On SOF-ELK we can see the details of the block browsing as shown here: We can use the block type to create a visualisation to examine which type of block is prevalent ...
About netsa SiLK SiLK provides a way to capture netflow and interrogate flow data. It can be used for a variety of purposes including situational awareness, forensics and anomaly detection. Installing SiLK Prerequisites Before installing SiLK examine the perquisites for the build. I’m using CentOS 6.3 minimal install with a virtual machine disk of 100GB in total with a separate partition for /data of about 60GB. The virtual machine will be allocated 4GB of RAM and 2 virtual processors. Configure the network settings for your lab environment. In order to use YUM for installing software the the lab system will require access to the Internet. Download the following source code files from the netsa CERT project home page libfixbuf-1.2.0.tar.gz netsa-python-1.3.tar.gz silk-2.5.0.tar.gz yaf-2.3.2.tar.gz Copy the required packages to the /usr/local/src directory. If you are using scp to copy over the packages dont’ forget ‘yum install openssh-clients’ first on the serv...
Comments
Post a Comment