Time
3 hours 10 minutes
Difficulty
Beginner
CEU/CPE
3

Video Transcription

00:00
All right, let's get started. So, in the interest of time, I have three pre built servers that will be using for this demonstration.
00:10
We have S O Master has so forward and eso storage. Each one of them has eight gigs of memory and four processors.
00:20
Um, the master and the storage node
00:24
each have just one network adapter. While the forward node has the management adapter as well as to sniffing interfaces. The tap that I'm using has to stiffing interfaces on It's 14 in and one for out. So
00:42
we need to interface is too
00:44
captured that traffic.
00:46
So for this demonstration, there are two ways that we could do it. What we could configure our servers. We could either go through the console in PHP virtual box, or we could do it through the terminal and putty using X 11 forwarding.
01:04
Since the console in PHP virtual box tends to be a little bit buggy, we will
01:12
use the terminal. We'll use sshh next 11 forwarding. I like using putty because you can pretty much always get a terminal.
01:23
So let's get started.
01:26
So there are a couple of things that we need to do to get X 11 forwarding toe work for us. First thing is we need to have,
01:37
uh, server running on our desktop to allow it. In this case, it is ex Ming server for me.
01:47
So we want to throw in our I P address.
01:55
When? Nine. To 1680 64.
01:59
Just to make things a little bit easier to read, I'm going to put everything in bold.
02:04
Then down under. Sshh, You need to go to x 11
02:07
and enable x 11 forwarding.
02:13
Okay, we have our terminal
02:15
user name and password.
02:19
Okay,
02:21
Let's just get all of our terminals open.
02:30
Let's do it.
02:32
62. Next.
02:38
Help.
02:40
Forgot things that we were supposed to set up on there.
02:45
Try that again.
02:52
Okay. Wanted appearance.
02:57
Bold. Okay.
02:59
Sssh. X 11 Enable x 11 Forwarding
03:30
cold again.
03:31
S S H X 11
03:34
enable x 11 forwarding. Okay,
03:38
I know. Right now, most of you. The x 11 doesn't make a whole lot of sense, but
03:44
in a moment it Well,
03:46
all right. So we have the three Putty sessions open
03:51
now. The first thing that I want to do in preparation of
03:54
running our configuration scripts is create a couple of user accounts,
04:00
So we do. Pseudo pseudo
04:06
pseudo had the user,
04:09
and we want to add a user for each one of our child nodes.
04:14
It is, ah, good best practice to have a user account created for each one of your child nodes. That is a separate username and separate password.
04:24
That way, if any of one of your child nodes is compromised, your entire network is not compromised.
04:30
So let's do it.
04:33
We'll do forward,
04:35
child.
04:48
This child's name is forward.
04:51
Something you should probably not name your actual child.
04:56
It's a different discussion,
04:58
okay? And we want
05:00
forward child to be in the pseudo er group.
05:03
Okay,
05:08
now let's do one for storage.
05:27
All right, now, let's get going on our set up scripts if you'll remember. When we were setting up our stand alone server, we went to the
05:40
desktop of our server and double clicked on the
05:44
security onion set up
05:46
icon on the desktop.
05:48
And then we got the little pop up window that guided us through, setting everything up well, typically with uh,
05:57
terminal session, you don't get pop up windows, but
06:00
by using X 11 forwarding redo
06:06
there we go.
06:10
So
06:12
what?
06:14
Welcome to security, Onion set up. It will set up all of these things for us. And guess we want to continue. That's why we're here,
06:21
asking if we want to set up our network interfaces. Yes, we do.
06:28
We only have one interface
06:30
that will be our management interface.
06:33
Let's do static.
06:36
My I P addresses don't change very often here, so I'm comfortable doing static
06:46
2 64
06:53
sub net mask to 55 to 55 to 50. I got zero
07:01
our gateway.
07:04
It'll be typically to be your
07:09
first i p address in your sub net. So that one
07:16
Deanna server
07:19
this will be that one as well.
07:23
On a lot of more corporate networks, you'll have dedicated D. N s servers outside of your
07:30
ah, router, which is what I'm using at home.
07:32
So if if you do have dedicated Deanna servers at work, then
07:38
care of those in here,
07:41
don't
07:42
we want our local domain name? I'm not created, so it's just domain.
07:49
And yes, we want to make changes.
07:53
So while that is working on rebooting,
07:57
okay, we lost her network connection. That's
08:01
get going on our forward node
08:09
okay?
08:11
Yes. Continue.
08:13
He has configured network interfaces.
08:18
All right, so our forward no do does have are sniffing interfaces. So we need to make sure to select our
08:26
one management interface.
08:28
That is. Oh, free. In this case,
08:33
we want to do static again.
08:39
That one's 62 not 42.
09:05
Same information as her manager.
09:22
Right. So I asked if you wanted to set up our sniffing interfaces, and that'll be e N p zero s nine and 10.
09:35
All right. These are all the changes we have. Our static i p we have our gateway i p network mask Deanna server D N s domain, and are sniffing interfaces. Yes, We want to make changes.
09:48
And yes, reboot.
09:52
Now our last one. This s o storage
10:03
direct. Yes. We want to continue.
10:07
Yes, configure network interfaces.
10:11
We only have one interface. Our storage note is not going to be sniffing anything, so we only need the management interface.
10:18
Do static again.
10:24
It's
10:28
storage. So it's 63.
10:39
All right,
10:50
Go.
11:07
All right. We also make our changes and re boot

Up Next

Security Onion

Security Onion is an open source Network Security Monitoring and log management Linux Distribution. In this course we will learn about the history, components, and architecture of the distro, and we will go over how to install and deploy single and multiple server architectures, as well as how to replay or sniff traffic.

Instructed By

Instructor Profile Image
Karl Hansen
Senior SOC Analyst
Instructor