Time
3 hours 10 minutes
Difficulty
Beginner
CEU/CPE
3

Video Transcription

00:00
now the next two items will discuss are built in two security onion, and they just need to be turned on to be functional.
00:06
The first is domain stats. How Domain Stats is a python script that checks on domain age and whether or not a domain is in the Alexa Top one million domains, which is a list that was put together by Amazon.
00:20
Now the value to using domain stats is that traffic to newly registered domains could be suspicious as bad actors will frequently spend up a domain for a campaign and then abandoned at once, have been blacklisted.
00:33
Now I have seen successful gift cards. Phishing scams come from newly registered domains where the victim lost around $15,000 to the scammer.
00:43
It's definitely something worth paying attention to
00:46
now. To use domain stats, you'll need to make sure that it is turned on by default. And it's disabled when choosing best practices on the production set up. But it's easy enough to turn back on if you read the documentation
00:59
now, you'll also need to make sure that the who is look ups can be performed outbound outbound on Port 43
01:06
if it is blocks by your firewall, then should work with the appropriate teams to get it enabled.
01:11
It's a frequency server is another Python script that is built into security onion. This one is checking for randomness, using NLP techniques on a variety of traffic types, including D. N s file name, script names, T L s names, et cetera.
01:27
The randomness in certain fields can be indicative of malware. See to communications et cetera.
01:33
Now, if I were to see traffic going to G y x d r e k dot press, I would be much more interested in looking into that traffic than if I saw traffic going to something dot com.
01:47
Now Frequency Server is free is similar to domain stats in that it is disabled by default. When configuring your server with best practices
01:56
to learn howto turn it back on, take a look at the documentation links here. The process is pretty straightforward
02:04
now, in this lesson we covered was ah de NS and ICMP anomaly detection, as well as the domain and Frequency Server Stats. A scripts. In the next lesson, we will wrap up the course CNN chairs

Up Next

Security Onion

Security Onion is an open source Network Security Monitoring and log management Linux Distribution. In this course we will learn about the history, components, and architecture of the distro, and we will go over how to install and deploy single and multiple server architectures, as well as how to replay or sniff traffic.

Instructed By

Instructor Profile Image
Karl Hansen
Senior SOC Analyst
Instructor