Dallin Warne

Clarifying Technical Obfuscation

Page 4 of 4

Getting Started with Intrusion Detection System (IDS) Bro: Installation

June 22, 2017 / / 0 Comments

This is part two of a four part series on getting started with the Bro IDS. See part one on installing the Bro prerequisites. This post is about installing and preparing Bro.

Bro Compilation and Installation

Now that the prerequisites are taken care of, it is time to compile and install Bro. I downloaded Bro 2.5 IDS from bro.org and extracted it. After entering the directory, I ran

./configure --with-pfring=/usr/src/PF_RING --with-pcap=/opt/pf_ring-6.5.0 --prefix=/opt/bro

Below is the output from my ./configure command. It is okay to see failures on some of the lines since some items might not be needed for your system.  If you followed this guide, you should see successful messages for GeoIP, gperftools, and PF_RING as highlighted in the output below. (Note, I skipped installing GeoIP so my message will show false below.)

Continue reading

Getting Started with Bro Intrusion Detection System (IDS)

June 6, 2017 / / 2 Comments

If you have a computer network then you need to ensure an intrusion detection system (IDS) is a part of your cybersecurity strategy. The value of monitoring the traffic on your network far outweighs the cost of a breach. Although most IDS systems are commercial, there are a few open-source IDS solutions.

Snort and Suricata are popular open-source firewall/IDS solutions, but come with a few drawbacks. For a small operation they may work well, but for medium or larger networks they can bring more work and less value. Their key drawback at this time is that Snort/Suricata-capable devices do not communicate with other capable devices on the network, nor are they centrally managed. With cyberattacks becoming more sophisticated, a security-conscious organization needs a better solution.

There is a third major player in the open-source IDS game. The Bro Network Security Monitor, developed originally by higher education, provides both a network protocol analyzer and a security tool. It’s strength is the ability to correlate traffic across multiple Bro devices on a network, and add additional and customizable plugins. In other words, instead of having multiple independent IDS boxes on your network, you could have a single clustered system that correlates information across the network.

Continue reading

Initial Setup of VM-100: Part 2

January 12, 2017 / / 0 Comments

This is part two of a a two-part series to configure a Palo Alto Networks firewall in a virtual environment. Palo Alto Firewalls are a great asset for any organization as it includes many advanced features to detect and stop bad network traffic.

Configuring the Palo Alto

At this point, the virtual environment is setup (see part 1). I am plugged into my router and can access the ESXi box and Palo Alto from the internal network. Now it’s time to configure the Palo Alto.

Continue reading

Sony Blu-ray Player BDP-S3200: “Internet Connection: Failed”

December 31, 2016 / / 0 Comments

I recently came across a problem with a Sony Blu-Ray player, specifically the model BDP-S3200 running Sony Blu-ray player BDP-S3200software version M19.R.0071. When I open the network status screen, it shows valid IPV4 network settings such as a good IP address, a subnet mask, DNS servers, etc. However, there is a glaring message on this screen that reads, “Internet Connection: Failed.” I can use the internet browser just fine to access different websites like Youtube and Google. However, when attempting a software update of the player, it would report that it did not have an internet connection. And to add to the confusion, that same player would perform the software update and see it has a valid internet connection when it is connected on a different network. When I performed the network diagnostics, it reports there is an error connecting to the DHCP server.

Continue reading

Newer posts »

© 2023 Dallin Warne

Theme by Anders NorenUp ↑

css.php