1.5 Scanners, DC and ESXi
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:00
>> 0 Welcome back to the Cybrary course
00:00
in building your InfoSec lab.
00:00
I'm your host and instructor, Kevin Hernandez.
00:00
In our previous lesson,
00:00
we discussed the hardware requirements
00:00
for SIEMS and web proxies.
00:00
We noticed that some of these tools,
00:00
specifically the Snort and all SEC
00:00
or misclassified and we're really more towards a IDS,
00:00
IPS type of tools.
00:00
We also noticed that a web proxy, aka squid,
00:00
was more of an integration into
00:00
your current CentOS installation and
00:00
therefore does not need additional
00:00
>> hardware requirements.
00:00
>> Overdose off the base operating system.
00:00
Now, it will put some little bit of
00:00
hindrance on performance on the operating system,
00:00
but it's not a specific installation that
00:00
will require you to create an image itself.
00:00
Now, something else to consider
00:00
also is that many of these tools,
00:00
specifically the IDS and IPS,
00:00
are already part of next-gen firewalls,
00:00
and it is really important in this lesson.
00:00
As we will be discussing
00:00
the hardware requirements for IDS, IPS,
00:00
Vuln liberties scanners, domain controllers,
00:00
ESXI, pentose, and forensic tools.
00:00
Now, this seems a lot of resources,
00:00
but as we know from previous lesson,
00:00
maybe off the IDS and IPSs
00:00
already included in next-gen firewalls.
00:00
Therefore, this list is actually a
00:00
lot smaller than it really is.
00:00
Now, let's get started.
00:00
Now, let's take a quick look into
00:00
our work file and you can see Suricata,
00:00
it's the only one we haven't
00:00
really looked at and security onion.
00:00
If we look for Suricata,
00:00
you can actually go to
00:00
your docs and go to installation guides.
00:00
You can see then it is more of a package.
00:00
You can install your own OS.
00:00
It's not an appliance itself like QRadar,
00:00
and therefore, if you come here,
00:00
you can see how to install it within Santos.
00:00
In reality, you're going to install
00:00
this where you have your weapon as well.
00:00
It doesn't have too much info
00:00
when it comes to hardware requirement.
00:00
But as I mentioned earlier,
00:00
since we do have this
00:00
integrated into their next-gen firewalls,
00:00
such as PF says we can actually
00:00
ignore this if you really want to.
00:00
But however, let's take note into
00:00
our sheet as mentioned purposely.
00:00
Let's open our sheet,
00:00
and did emerge just to stay
00:00
>> organized and save Suricata,
00:00
>> and it can be with incentives and
00:00
just add that small detail over there,
00:00
and that should really
00:00
be the animate if you want to call it like that.
00:00
Now, the other ones being snored, an old sec.
00:00
You will have the same approach,
00:00
and you can just copy them like this.
00:00
That's really it for IPS.
00:00
That's why I didn't want to cover too much on it.
00:00
Therefore, let's go back to our document,
00:00
and now we have,
00:00
let's say to virtual machines ESXI.
00:00
Let's go to ESXI here,
00:00
hardware requirements. There you go.
00:00
Actually in that same sheet,
00:00
you saw how much you needed.
00:00
You need two CPU cores and four gigabytes.
00:00
Let's actually search few ch few RAM.
00:00
For RAM or around eight, give or take.
00:00
CPU doesn't say much.
00:00
Two cores, doesn't say the frequency.
00:00
This should be pretty good.
00:00
We will actually go a little bit deeper into
00:00
this ESXI in another video
00:00
that I've already prepared for you.
00:00
For virtual machines here,
00:00
version center, I go ESXI,
00:00
and you have four gigs of RAM,
00:00
and it says two CPU cores, two cores.
00:00
Give or take two core.
00:00
That's about it, and that's why we're adding
00:00
so much stuff into this lesson.
00:00
As you can see,
00:00
that data, it's very minimal.
00:00
ESXI itself was have its own module,
00:00
so don't worry about having this little details.
00:00
Now, for Vuln scanners,
00:00
we have nurses and we had opened bass.
00:00
Now, open bass itself,
00:00
it's inside Kali Linux.
00:00
Open bass, we're just going to say inside pentose tool.
00:00
But let's look at Nestles.
00:00
Now, these are the type of tools that
00:00
you're going to have more
00:00
>> into offline type of approach.
00:00
>> You can have it maybe in your own personal computer
00:00
and just run the scan from there if required.
00:00
You can see as a two gigahertz core.
00:00
Four two gigahertz core and you have four gigs of RAM,
00:00
give or take, eight recommended.
00:00
Actually updating the sheet right there.
00:00
It was just out of the screen for a second.
00:00
This is sorry, this is here.
00:00
An open bass.
00:00
This inside, pentose.
00:00
Talking about pentose, let's
00:00
give a quick look into that,
00:00
and we're only going to look at the Kali box.
00:00
Kali hardware requirements,
00:00
and you can see 20 gigz for RAM,
00:00
two gigabytes or more,
00:00
one or two gigs of RAM and 20
00:00
gives a storage and one CPU should be enough.
00:00
Kali. It's one core. You have one gig.
00:00
What does this mean? It's very low in resources,
00:00
and therefore you can actually run it in
00:00
your own personal computer.
00:00
That something has to be in where player,
00:00
or you can have it as a dedicated machine as well.
00:00
I personally like to have it in
00:00
>> my own personal computer,
00:00
>> so I don't have to be remoting into it.
00:00
But everyone has their own favorite things.
00:00
Now, the last one we have to check,
00:00
it's the forensics systems.
00:00
If we make sure, we go here,
00:00
pentose, forensics, virtual machines covered,
00:00
and regarding to a target,
00:00
so we're not actually going to put a targeted system,
00:00
the global system in our network,
00:00
unless it's really quiet.
00:00
I highly recommend those are
00:00
offline on unless you're going to be using them.
00:00
Or you can use online.
00:00
>> Tools are online system where you BPN with
00:00
your computer and then just targeted them over there.
00:00
Let's look at Autopsy and Oxygen.
00:00
Let's look at Autopsy Forensics download here,
00:00
and you can see that it is both for Linux and Access,
00:00
and therefore, use download the ZIP file, et.
00:00
cetera. Here you have documents.
00:00
They actually just literally type of
00:00
slope kit hardware requirements.
00:00
You can say it's a gigs of RAM,
00:00
and something to consider
00:00
autopsy is that the amount of storage you need,
00:00
is directly related to
00:00
what forensic work you're going to do.
00:00
In other words, sorry.
00:00
If you're going to emit a 16 gig RAM system.
00:00
Fixing gigs for RAM on system,
00:00
you need at least 20-30 gigs
00:00
in your system in order to image in.
00:00
If you're going to mirror image,
00:00
a two terabyte system,
00:00
you will need around 2-3 terabytes as well.
00:00
The reason in size that you need this much,
00:00
even know this images are compressed,
00:00
is because you will have copies of them.
00:00
You're going to have the original and you're
00:00
going to be saving different versions of it.
00:00
You might need a little bit extra.
00:00
Taking that into consideration,
00:00
it's bearable, and you're going to
00:00
say 20 gigabytes plus.
00:00
You can just practice in your RAM.
00:00
Sift, is the other one.
00:00
Sift is actually from science and it's also an immense.
00:00
I would say it's also very similar requirements.
00:00
They don't actually list here how much is needed,
00:00
but I haven't installed on my system and I
00:00
think we recommend four gigs of RAM type of approach,
00:00
very similar to what Luke had mentioned.
00:00
I'm sorry, this is gigabytes here and
00:00
then storage here is 20 gigabytes plus.
00:00
Therefore, we're going to copy the same details
00:00
here and copy them for Sift.
00:00
The last forensic tool we have is OxygenOS.
00:00
Let's look for that real quick.
00:00
Now, one thing I like to do is
00:00
type forensics literally in it.
00:00
That way, requirements.
00:00
You can get a more detail information about it.
00:00
You don't want to have oxygen type
00:00
of what we believe type of thing ready.
00:00
But let's just click here,
00:00
and let's see if it's still free.
00:00
Now to the all-in-one solution, let's see products.
00:00
Let's see detective,
00:00
and to be honest,
00:00
it looks like they don't have anything more free.
00:00
I apologize for that.
00:00
General, we're building this application lists like,
00:00
that what you know how to build them,
00:00
and we pick random tools.
00:00
Therefore, this list can be updated or it can
00:00
be very specific details that
00:00
>> are free and paid versions.
00:00
>> Oxygen Forensics is one of those to actually
00:00
the viewer is the only license that's free.
00:00
It's not that different,
00:00
I guess from going to FTK imager free.
00:00
Therefore, it does
00:00
have a couple of things that you can
00:00
do for free and it's very good.
00:00
But let's stick to the core products of
00:00
fully version and use those instead.
00:00
Learned so far is that many of these tools,
00:00
such as an IPS are integrated.
00:00
Last thing in our list is installing CentOS.
00:00
Now, CentOS will be our Active Directory tool.
00:00
You can also install maybe Windows,
00:00
but however, Windows does require a license,
00:00
and therefore you might be required to install and
00:00
uninstall many times in order to compensate.
00:00
Our CentOS is free and it's a barrier, a fret hat.
00:00
Here you can have six version require,
00:00
command line when given a memory
00:00
and 20 gigs of hard drives.
00:00
For CentOS, you've got a half.
00:00
I'm going to say CentOS here.
00:00
Let's say took one core,
00:00
doesn't say how much.
00:00
Multicore is always better.
00:00
Let's say one gigabyte of RAM into the,
00:00
doesn't say how much to recommend it.
00:00
Let's say skip it the same.
00:00
The more, the better. Twenty gigs since this is OS,
00:00
let's say it's 20 gigs.
00:00
Sorry, for the typos.
00:00
However, remember this will be
00:00
directly related if you
00:00
run some of these other tools as well.
00:00
Take into consideration those
00:00
when calculating these over here.
00:00
You can put here Windows,
00:00
and you can see license space.
00:00
It's a 30 day trials.
00:00
I believe there are. That wraps
00:00
up really all we need from this list.
00:00
If you go back to the list,
00:00
we have the virtual machines,
00:00
we have the Web proxies, you have the E-S,
00:00
S-I-N firewalls, the domain controllers,
00:00
you have to have a 3D scanners,
00:00
pen testing tools and forensics.
00:00
What have we learned today?
00:00
We look at the different requirements for
00:00
an IDS for 3D scanners to make ESXi server cybrary.
00:00
Now, something that's really important
00:00
is that you will not
00:00
have live pen testing vulnerable
00:00
>> systems in your network.
00:00
>> That is a big no,
00:00
and I cannot stress it enough.
00:00
You don't want vulnerable systems
00:00
in your network actively on.
00:00
If something were to happen,
00:00
someone else that's visiting you clicks in
00:00
a malware while they are guests in your network,
00:00
you can lose information.
00:00
You can have ransomware, et cetera.
00:00
Don't play with this type of risk.
00:00
I hope to see you soon in our next lesson.
00:00
We'll start digging into the systems.
00:00
We'll started looking at the different details.
00:00
We're going to start installing them,
00:00
et cetera. See you soon.
Up Next
Instructed By
Similar Content
