Someone recently contacted me concerned their Google account might be compromised. Although they live in California and have never traveled to Europe, Google will redirect them to European versions of Google, usually the Czech version. The individual informed me that after signing into a Google service from her home, Google notified her via email that a new sign-in was detected coming from Prague.
The last three articles I’ve published step you through how to setup the Bro intrusion detection system (IDS) on Red Hat 7. You’ve read through installing prerequisites, compiling and installing Bro, and configuring it for the first time. But despite anyone’s best efforts, there is likely to be some hiccups along the way. Your Bro workers might drop packets, hit a Bro bug, or perhaps a worker crashes. This post will examine some tools to help you diagnose common issues and unfold some potential causes and solutions with Bro.
The Bro IDS is great at analyzing network traffic, not to mention it’s very capable at detecting and logging issues that it finds in your network traffic. It’s amazing that an open-source project has progressed this far. This post covers configuring Bro and running it.
Let’s review what we have covered in part one and part two of this guide:
- Prerequisites for Bro IDS are installed, including:
- Other needed packages
- OS settings are adjusted, including:
- Memory/buffers settings are adjusted
- Bro is compiled
- Plugins are compiled and installed, including:
- Setcap (which enables some permissions for non-root users)
This section will go into configuring various settings in Bro, then starting Bro. We’ll also explore how to check on the health of Bro.
This is part two of a a two-part series to configure a Palo Alto Networks firewall in a virtual environment. Palo Alto Firewalls are a great asset for any organization as it includes many advanced features to detect and stop bad network traffic.
Configuring the Palo Alto
At this point, the virtual environment is setup (see part 1). I am plugged into my router and can access the ESXi box and Palo Alto from the internal network. Now it’s time to configure the Palo Alto.