3 hours 10 minutes
All right, let's get started. So, in the interest of time, I have three pre built servers that will be using for this demonstration.
We have S O Master has so forward and eso storage. Each one of them has eight gigs of memory and four processors.
Um, the master and the storage node
each have just one network adapter. While the forward node has the management adapter as well as to sniffing interfaces. The tap that I'm using has to stiffing interfaces on It's 14 in and one for out. So
we need to interface is too
captured that traffic.
So for this demonstration, there are two ways that we could do it. What we could configure our servers. We could either go through the console in PHP virtual box, or we could do it through the terminal and putty using X 11 forwarding.
Since the console in PHP virtual box tends to be a little bit buggy, we will
use the terminal. We'll use sshh next 11 forwarding. I like using putty because you can pretty much always get a terminal.
So let's get started.
So there are a couple of things that we need to do to get X 11 forwarding toe work for us. First thing is we need to have,
uh, server running on our desktop to allow it. In this case, it is ex Ming server for me.
So we want to throw in our I P address.
When? Nine. To 1680 64.
Just to make things a little bit easier to read, I'm going to put everything in bold.
Then down under. Sshh, You need to go to x 11
and enable x 11 forwarding.
Okay, we have our terminal
user name and password.
Let's just get all of our terminals open.
Let's do it.
Forgot things that we were supposed to set up on there.
Try that again.
Okay. Wanted appearance.
Sssh. X 11 Enable x 11 Forwarding
S S H X 11
enable x 11 forwarding. Okay,
I know. Right now, most of you. The x 11 doesn't make a whole lot of sense, but
in a moment it Well,
all right. So we have the three Putty sessions open
now. The first thing that I want to do in preparation of
running our configuration scripts is create a couple of user accounts,
So we do. Pseudo pseudo
pseudo had the user,
and we want to add a user for each one of our child nodes.
It is, ah, good best practice to have a user account created for each one of your child nodes. That is a separate username and separate password.
That way, if any of one of your child nodes is compromised, your entire network is not compromised.
So let's do it.
We'll do forward,
This child's name is forward.
Something you should probably not name your actual child.
It's a different discussion,
okay? And we want
forward child to be in the pseudo er group.
now let's do one for storage.
All right, now, let's get going on our set up scripts if you'll remember. When we were setting up our stand alone server, we went to the
desktop of our server and double clicked on the
security onion set up
icon on the desktop.
And then we got the little pop up window that guided us through, setting everything up well, typically with uh,
terminal session, you don't get pop up windows, but
by using X 11 forwarding redo
there we go.
Welcome to security, Onion set up. It will set up all of these things for us. And guess we want to continue. That's why we're here,
asking if we want to set up our network interfaces. Yes, we do.
We only have one interface
that will be our management interface.
Let's do static.
My I P addresses don't change very often here, so I'm comfortable doing static
sub net mask to 55 to 55 to 50. I got zero
It'll be typically to be your
first i p address in your sub net. So that one
this will be that one as well.
On a lot of more corporate networks, you'll have dedicated D. N s servers outside of your
ah, router, which is what I'm using at home.
So if if you do have dedicated Deanna servers at work, then
care of those in here,
we want our local domain name? I'm not created, so it's just domain.
And yes, we want to make changes.
So while that is working on rebooting,
okay, we lost her network connection. That's
get going on our forward node
He has configured network interfaces.
All right, so our forward no do does have are sniffing interfaces. So we need to make sure to select our
one management interface.
That is. Oh, free. In this case,
we want to do static again.
That one's 62 not 42.
Same information as her manager.
Right. So I asked if you wanted to set up our sniffing interfaces, and that'll be e N p zero s nine and 10.
All right. These are all the changes we have. Our static i p we have our gateway i p network mask Deanna server D N s domain, and are sniffing interfaces. Yes, We want to make changes.
And yes, reboot.
Now our last one. This s o storage
direct. Yes. We want to continue.
Yes, configure network interfaces.
We only have one interface. Our storage note is not going to be sniffing anything, so we only need the management interface.
Do static again.
storage. So it's 63.
All right. We also make our changes and re boot
Using Snort and Wireshark to Analyze Traffic
The Using Snort and Wireshark to Analyze Traffic virtual lab from CybrScore guides the student ...
The IDS Setup virtual lab from CybrScore guides the student through setting up an intrusion ...