1.4 SIEM and Web Proxy

00:00

Welcome back to the Sire. A course in building your info. SEC lab. I'm your host. An instructor, Kevin Hernandez. In our last lesson, we look over the hardware requirements for our world or next. Gen firewalls. Some of these included ideas I ps and what proxy and them. However, in this course

00:17

we will be looking at the S I am sze and Web proxy. We harbor requirement.

00:24

Let's get started.

00:27

So if we look back into our list, let's start with proxy. Since we already covered, I'd be fire PF says and entangled, Remember, untangle might have an additional,

00:36

um, cost attached to it. Right?

00:39

So regarding squid and Whitman what men itself. It's the interface to manage squid without a

00:46

command line. So if you go to squid, right food

00:52

were requirements

00:56

you can see it's a very, very light requirements for it Here.

01:03

This how much you need?

01:07

32 megabytes of memory for each of us in this space.

01:11

Falls Founder 12 for a 16 gave dis catch. Now being honest with you, if you look at squid installations, right, so just this one

01:21

you can see he can run a Santos seven. So if you really want to accomplish this? You can actually use your centres insulation for active directory practices. Ask your squid box. Therefore, what we'll do is we'll put this minimal requirements We just saw and utilize semester base. So let's go back to here.

01:41

Let's see a proxy.

01:45

There's a type of there

01:48

ends quit,

01:51

you can say, Well, copy and paces minimum once a swell.

01:57

And here we're gonna add a note that can be run

02:02

with you Katie Rate here notes

02:12

now literally for the other ones PF sense

02:17

I pee fire

02:20

and untangle right

02:23

and you can see

02:25

not applies, not apply since they're already

02:30

computation in this details.

02:34

Now, something to consider is that if you do want to have what filter,

02:38

we'll untangle appear to have an additional charge for dead

02:45

and it is not part of a license and you can see it charges $25 a month for it. So be aware of that when you're picking your tool that you be utilizing.

02:57

Therefore for you to not refer, get let's at here.

03:00

That is a $25 a month charge.

03:06

Now let's start working in our society. Em's right.

03:09

Okay,

03:12

No. In our case, we gotta look for curator, Right? They have Splunk.

03:17

We have north.

03:20

You have Os Sim, which in Humboldt

03:25

now from this lets you have

03:28

three. There are very know me before,

03:31

and then you have, Oh, second swell, which is fairly known, but not as popular on in the corporate market. Right? So let's start with curator part Were requirements,

03:44

you say, Community Edition.

03:49

And there, this is actually a

03:54

form month. Should be good enough, huh?

04:00

It's not. It's actually go here, Developer. Sorry. There you go. And here you can see system requirements and you can see that curator needs around six cakes. Eight gigs if you want to eat X force.

04:15

Ah, 110 gigabytes of storage and two CPU. Course, it doesn't say the frequency, but take this into consideration rate. And like I said, a science might be your most power hungry systems out there.

04:31

So you might have

04:34

these under own dedicated boxes.

04:38

Um, so for rain, let's say, six gigabytes

04:42

and eight gigabytes recommended and first torture 110 gigabytes. Now, as I said,

04:47

this is not necessarily the truth, As you might have a smaller network. However, take it into consideration when you're building your lab and since we're already here,

05:01

you can go ahead and download it. If you're actually trying to go towards this tool

05:08

right here,

05:10

you have to sign in and create an account.

05:13

So we'll leave this gonna posit and fill it up real quick. After Julian, you should be able to come to a screen similar to this one,

05:20

and you can just click here and download it.

05:25

Now let's go. Look, take a look at some north now. To me. Storm, it's more ideas. I ps here. Actually, it says it.

05:32

But

05:34

however it was listed and it's very good from a perspective, right?

05:41

So let's take it into consideration. Right? And it actually is, Is a room too?

05:46

Ah, four gigs of Ram and one terabyte of disk. Now, again,

05:51

this is depending on your insulation, right? So,

05:56

um, forgets a gram instead of eight

06:00

for CPU? It doesn't say. Since multicourse, let's say two.

06:05

And for storage, it recommends one terabyte,

06:09

which is increasingly high. Compare

06:12

to curator. Also, it was inside a boon to build right

06:19

and also at the note that it is more towards ideas i ps,

06:26

which again can be part of the firewall selection firewalls as well. So this might be one that you don't really need unless you want to replicate an environment that you have in your corporate network.

06:41

Let's take a look at Splunk right Splunk hardware

06:45

requirements

06:47

and in this case, blunt free

06:50

is a diversion, says recordings for *** Light.

06:55

Oh yeah, let's use those for now. So you got to six course, right? So too,

07:00

uh,

07:00

two plus gigahertz

07:04

until, let's say, two gigahertz

07:06

for success. Really four devices. And for RAM, it says told gigabytes of RAM. So you can see it's more power hungry than curator. But again, it could be because of the organization, right? Or the requirements

07:21

for, ah, large enterprise versus small interprets rate.

07:27

If you go here, you can actually tell you maybe the ram right here,

07:33

and actually it's based on the system. Now, in order to download Splunk, you can come here to products

07:42

scored a Splunk itself,

07:46

right, and you can come here

07:50

and you can go free Splunk right in the right corner

07:54

and come right down here

07:57

and here. You can actually you will have a look, A little logging thing. But as you can see already clocked in

08:01

and you will have different variants. You have windows,

08:05

you have Lennox,

08:07

and you can have Mac OSX. So what did this mean to you? What this means is you'll have to install this

08:16

in a already operating system, Right?

08:20

Unlike curator, that's own image. You will need a base operating system. And if you're gonna use, let's say, a Windows 10 system are your personal system like the one I'm using right now? That will be okay. You can sell your personal computer and use it kind of offline device. However, if you don't have Windows license issue might be required

08:39

to use a, um,

08:41

Lennox type of environment. In this case,

08:45

I'll be considering it for offline type of insulation and therefore, how installed it as a Windows 10 device and use curator asked my aunt always life installation. OK,

08:58

please click, download and just wait for that download to finish,

09:05

the less the next one on our tool. It's awesome from alien, both

09:13

right, and you can see it's two gigabytes of Ram, actually the lowest one of all so far

09:20

and in 2 25 of Hard Drive

09:26

and thats CPU. It doesn't actually say what it always has studied toward 64 bits. So actually that's

09:33

go there and see a little more details in here in the actual insulation to Cebu course.

09:39

And actually 250 gigabytes, 4 to 8. So let's say four,

09:45

eight and 250.

09:46

Fill lower and everything else, so that's really good. And for Ram CPU, it's always says to see views into sea views,

09:56

right

09:58

and again, it's very low. I might do also a environment very similar, like

10:05

offline and maybe use Curator asked the life system as many locks. Horses will allow you to push sis locks are application lots of multiple devices. Okay,

10:16

so let's look for that installation. If you literally type wholesome download, it will come

10:22

towards this. Apparently, this part of AT and T I was not aware that

10:28

Oh, good to know.

10:31

And then obviously you will have to Actually, it's already downloading, so that's gonna get

10:39

Okay, so this is more like a community,

10:41

Timothy. So that's really good. No annoying emails. I guess marketing e mails will be approaching you from Stalin knows. Um,

10:50

yeah.

10:50

Last nihilists, old sack and, SSosa, Intrusion detection systems latch. I p s a swell,

10:56

um, and it required front at linens or Santos. Right. So what we're gonna do is we're gonna literally copy

11:03

what we saw for the web proxy

11:07

and type it here. And for that purpose is will add it to the ideas I ps lis later on.

11:16

Well, we have our list fully completed. We can determine easily that two of these are label s s. I answered. In reality, they're more of ideas. I ps temper perspective, right? This is snort, and you'll also be Oh, ***, right.

11:33

Therefore, it doesn't mean it cannot accomplish this type of approach is, but it's not a tool of specifically require for it. And therefore, if you put it in a restaurant at oh, I have used, uh, start s I am look a little bit. We're great.

11:46

Therefore, we will add those to the I. P s I. D s list, which will also have to consider that, as mentioned previously, that firewalls might happen already interred, and therefore we might avoid that step altogether. What did we learn today? We learned that

12:03

even though all sec

12:05

and snort our labor S s I e ems, they're actually more of a I. D. S I. P s perspective

12:11

and a squid

12:13

can run within a sentence or requires actual appliance, right? Actually OS in it in order to run. Therefore, we will not be setting VM specifically for these three,

12:26

but we can run them if required within our environment.

12:30

Now what we learn is you know, this resource is required asylums and approximate now taking consideration that many up thes right such as the West proxy and some of the S. I. P s ideas. Tools that we mentioned are contained within the next Gen Pharrell.

12:48

Therefore, unless you really need to have that segmented type of approach or your corporate environments uses his specific tool, you're not really required to install all these different plug ins instead instead of models