Dallin Warne

Clarifying Technical Obfuscation

Tag: Networking

Is Network Security Monitoring Dead in the Age of Encryption?

Over the last several years we have seen encryption become more pervasive. Does it now make sense for security teams to invest in network security monitoring solutions?

With the strong push for encryption on everything from websites to hard drives, encryption is becoming a standard practice for most organizations. Reviewing the graph below from Google’s Transparency Report, we see that a majority of web traffic is now HTTPS.

Percentage of pages loaded over HTTPS in Chrome by country according to Google’s Transparency Report

Encryption is permeating other protocols. In September 2018, CloudFlare announced a new protocol that hides the server name during the SSL handshake. RFC 7858 (DNS-over-TLS) and RFC 8484 (DNS-over-HTTPS) both were proposed this decade and are already implemented by some organizations. (Note that DNSSEC doesn’t encrypt dns queries, but ensures they are authenticated.) SMB and SNMP in their third versions also include cryptographic capabilities. Microsoft’s Remote Desktop protocol now incorporates SSL, and SSH has always been encrypted.

It seems that just about all data transmitted over a network is encrypted or is moving in that direction. It is these reasons that some vendors push to move security monitoring to the endpoint where the machine decrypts the information anyways. Is network security monitoring dead in the coming age of encryption? Continue reading

Getting Started with Intrusion Detection System (IDS) Bro: Troubleshooting

The last three articles I’ve published step you through how to setup the Bro intrusion detection system (IDS) on Red Hat 7. You’ve read through installing prerequisites, compiling and installing Bro,  and configuring it for the first time. But despite anyone’s best efforts, there is likely to be some hiccups along the way. Your Bro workers might drop packets, hit a Bro bug, or perhaps a worker crashes. This post will examine some tools to help you diagnose common issues and unfold some potential causes and solutions with Bro.

Continue reading

Getting Started with Intrusion Detection System (IDS) Bro: Configure and Run

The Bro IDS is great at analyzing network traffic, not to mention it’s very capable at detecting and logging issues that it finds in your network traffic. It’s amazing that an open-source project has progressed this far. This post covers configuring Bro and running it.

Let’s review what we have covered in part one and part two of this guide:

  • Prerequisites for Bro IDS are installed, including:
    • PF_RING
    • Other needed packages
  • OS settings are adjusted, including:
    • Firewall/IPTables
    • Memory/buffers settings are adjusted
  • Bro is compiled
  • Plugins are compiled and installed, including:
    • PF_RING
    • Setcap (which enables some permissions for non-root users)

This section will go into configuring various settings in Bro, then starting Bro. We’ll also explore how to check on the health of Bro.

Continue reading

Initial Setup of VM-100: Part 2

This is part two of a a two-part series to configure a Palo Alto Networks firewall in a virtual environment. Palo Alto Firewalls are a great asset for any organization as it includes many advanced features to detect and stop bad network traffic.

Configuring the Palo Alto

At this point, the virtual environment is setup (see part 1). I am plugged into my router and can access the ESXi box and Palo Alto from the internal network. Now it’s time to configure the Palo Alto.

Continue reading

Sony Blu-ray Player BDP-S3200: “Internet Connection: Failed”

I recently came across a problem with a Sony Blu-Ray player, specifically the model BDP-S3200 running Sony Blu-ray player BDP-S3200software version M19.R.0071. When I open the network status screen, it shows valid IPV4 network settings such as a good IP address, a subnet mask, DNS servers, etc. However, there is a glaring message on this screen that reads, “Internet Connection: Failed.” I can use the internet browser just fine to access different websites like Youtube and Google. However, when attempting a software update of the player, it would report that it did not have an internet connection. And to add to the confusion, that same player would perform the software update and see it has a valid internet connection when it is connected on a different network. When I performed the network diagnostics, it reports there is an error connecting to the DHCP server.

Continue reading

© 2019 Dallin Warne

Theme by Anders NorenUp ↑

css.php