Time
6 hours 28 minutes
Difficulty
Intermediate
CEU/CPE
7

Video Transcription

00:00
Welcome back to the savory course in building. You're in for a sec lap. I'm your host and instructor, Kevin Hernandes.
00:06
Their last month we started integrating lock sources into curator till we are precise will integrate a p of sense in curator. We also create a custom properties and cuffs on the ISM in order to correlate evens in sai curator with this new lock sources,
00:22
if you also recall correctly prior in the HQ lesson and the classes
00:27
we actually installed expose in our lamb environment. However, we didn't get too far with it up to the activation point. Only
00:36
in today's lesson, we're actually gonna have an introduction into next post. No, let's get started
00:42
now. It's useful. Earlier, One of the things next vote will continue to ask over and over again
00:49
is toe activation. Or like whisky.
00:52
You received an E mail, such as the one scene in the left side of the screen with your product key.
00:57
Let's go ahead
00:59
input key into our product.
01:03
You can see it's currently in the activation process screen itself. Look at you stuck. However, if you refresh the page,
01:11
you will see that you can now successfully navigate
01:15
to next pose with no issues
01:19
now in order to do a skin
01:21
went next. Bills
01:22
first good today,
01:23
a little acid space. Very year monitor. Looking at him
01:29
in here, you need to create a site.
01:34
Create,
01:37
Let's say, my network.
01:49
It just can't be left blank for now.
01:52
Surfaces.
01:53
Let's go ahead of assets, and here you'll put the range of the
01:59
I piece you want to cover in a skin. You want to scan your home network,
02:02
for example, in type 192.168
02:07
that one
02:08
that's zero
02:10
slash 24
02:14
and hit a coma, and you can see it actually cover all of them.
02:20
Now, if you want a target specific eyepiece, let's let's just say
02:23
your X X sign
02:27
you can actually type V. I. P s such a head coma.
02:30
However, I was gone the whole network
02:35
afterwards. You have authentication
02:38
here. You can put credentials
02:39
in case you have, like some type of domain access
02:43
or the Minutemen. Here's where you can put those credentials in order to have more privileged levels
02:49
of a skin.
02:51
On the next step is the template. This is what type of scanned you want to run a full audit? What Web spider is probably one of the most complete scans there are.
02:59
However, if you want to target something specific, like HIPPA,
03:02
you're welcome to do so. You just want to say what's in the network, even also something Discovery. Skin. However, let's just go full audit without whips. Fighter.
03:14
Here, you can pick how many hosts you want to utilize to perform the skin. In this case, since we have only one device will keep its local scan. Engine
03:24
alerts are basically some type of reconfigure parameter, such as scan started scan ends, whoever did he discover et cetera that you can configure and program and, for example, since email to you or shows a notification to make you aware that something's going on
03:43
on the last episode schedule schedule is basically when do you want us to run? Do you want to run automatically?
03:47
Do you want to run later on after hours and didn't just come to create schedules? And here you can set the parameters. I went this gun.
03:57
One of the good things about schedules is if you go really into details, you can actually create blackouts a swell.
04:04
For example, Paul, a scan during business hours.
04:10
However, in this case, I'm gonna go ahead and safe and skin. So it's skansen Magritte. Right now
04:16
you must make sure.
04:17
Still saving skin
04:19
my skin, the network
04:23
now a skin comtech. Anywhere from within a few minutes to a few days or more.
04:28
It all depends in amount of assets and the type of scan that you're performing.
04:32
So this is a type of thing that if you're running the whole something, that and you have several devices,
04:38
it's better just to let it run.
04:41
Go watch a TV show,
04:43
start developing and networking a little better
04:46
continue enhancing those diagrams and then eventually come back and see the results. You can see it. Actually, Detective 18 answer to curently and insists it supposedly 34 hours have passed. Even though
04:58
that's not true.
05:00
It's around 30 minutes in. You're gonna see that nine of the computers have been completed
05:06
and I'm still active skin, right?
05:12
Yes. You can see right here and completed assets. You have a general orb. You off Sarah Lynn. ICS devices a solace. Windows, devices. Right.
05:20
You can see how long this can took on the fifties
05:24
and as the video for grasses you can see the *** is being added.
05:28
Actually, if you pay close attention,
05:30
this asset over here that I just mark appears to have deniable no abilities, and so is this one. So obviously we have to look into those most likely these r i o t. Devices. You can see it's Lennox
05:43
and therefore, those don't have too much support from the vintner in.
05:46
We have to make sure we have additional controls that we can
05:51
established maybe through villains, maybe through far old etcetera, to control and make sure
05:58
these devices are secure. Right,
06:00
Houston, this If you look at this, this is news from 2016 where, you know, basically hack coyote devices, a leech, a record. DDOS made him write that back then. Right? So basically, you know, I owe teas are more of a convenience. They don't really think about much regarding security,
06:18
especially if it's Indy or a new product for most small company, Right?
06:23
I remember one of the vendors I talked to regarding cameras. They promote security features in the product,
06:30
and I actually approached them and said, Hey, what kind of house. A curious is What is it? Something special's on top of encryption. And they told me No, it's a little blue led that blinks. If
06:43
somebody walks into the room while the alarmists activated
06:46
and I'm going like a house on a security feature, write me thinking physical security.
06:53
Maybe for that it was more of a deterrent that they see activity and they walk away.
06:58
Yes, we reached a 45 minute mark.
07:02
You can see that now. Only one system is spending to complete the skin.
07:08
Now, let's go ahead and take a look into one of the devices with formalities.
07:13
Go ahead and click on it.
07:16
You know you got the offering system. The AP.
07:20
Ah, the last Cantone right there. Risk or now context driven. Underscore. This is basically their way to saying
07:31
you have this woman ability and it's this old and that way, you know, it kind of increases right
07:40
de severity. So as you can see down here,
07:44
you have different,
07:45
um
07:46
one. They're really just apply to it. You can see they're from 2017
07:49
and
07:51
you think most of them aren't regarding D n s
07:55
right? Hey, Buffer. Awful abilities in secret on the flow flaw leading to buffer overhead. So it's buffer overflows. You know, these nest servers a lot of cash snooping.
08:05
So if you want to get more details right,
08:09
other than the severity ease and how many times have been detected, you can always click.
08:16
And here you go
08:18
and you get a little more information on it, right? Actually say when it's polished. When it was modified, the actual score
08:28
categories of it, right, mon execution. So, yes, somebody can actually control this device depending on what it is ready. It's also a very dependent on
08:39
what type of resource is it has. So we gotta be a little bit aware of that
08:43
in right here, actually says what it says. It can crash it
08:48
right,
08:48
and it can actually do execute arbitrary. Could be, ah, crafted PT six And as you see is basically the N s mass before 2.78 So the way to fix this in theory will be to update
09:03
you're Deanna's mask 22.78
09:09
But if you go here
09:11
right
09:13
and let's go here as well
09:16
you get actually got a little war details on them.
09:18
And here you have to actually mediation down the most recent sting operation of the in its mass. From here
09:24
right now, here's the thing. Like I said, this could most likely area I ot
09:31
like I stated earlier. You know, if you click in those taps,
09:35
you have a little more information here from both Google
09:39
and missed the infinite ability to database
09:43
All right here because it's very high.
09:48
If you go back to the assets patient of the scan is finish,
09:52
you can see
09:54
general over. Be right
09:56
off the environment. First of all, it gives you daemon assistance by operating system
10:01
keeps you also the, uh, exploit o assets that skill level. So even now, this Lennox right with nine vulnerabilities,
10:11
um, it's a high risk, right? You can also see that the amount off level that it's required expert level for those assets.
10:20
Now, you see also on the system such as X X, I having four
10:26
when those seven haven't won and pf sense, for example, having to know it's not necessarily something bad, right?
10:37
Some of these could be recently released and therefore not necessarily patch.
10:41
Um,
10:43
but it is what it is, Right.
10:46
Says you can see here
10:50
looking at the PFC. I'm sorry. Yes, I signed now and you can see it's sort of sits. Forget it. Error. Obviously we've been installing the certificate.
11:01
A friend from work until that Have sampling, right. Andy s vulnerability. So it's it's
11:09
click on it.
11:09
All right.
11:13
Some residual memory owned for some micro processing intelligence. Franklin speculating execution may allow on on all dedicated user to potentially anyone Information disclosure by a side channel with local axis.
11:26
So
11:28
you know how to mitigate it again. You can scroll down
11:31
and he says,
11:33
basically download an upgrade, as you can see always right.
11:39
Most of these vulnerabilities are taking care of upgrades
11:45
and give or take. That's really want.
11:48
Next pose is used for, um, you know, scans the acids,
11:52
provides your report.
11:54
You verify the data
11:56
kind of patch those holes and make a more secure environment.
12:01
What they will learn today. We actually run at Vella Lividity scan. A non network went next. Folks were able to identify several systems, had flaws with thin.
12:11
The own architectural environment patches that Sarah
12:15
we will have to work close in order to Protect Arts Network properly for these devices
12:22
in the next lesson will actually do a course review.
12:26
Hope to see you since I have a great day.

Up Next

Building an InfoSec Lab

This course will guide you through the basics of incorporating several Information Security Engineering Tools in your home and/or lab. By building this lab you will be able to obtain corporate-level security within your home network, as well as a higher understanding of the capabilities and advantages these tools bring to your network.

Instructed By

Instructor Profile Image
Kevin Hernandez
Instructor