7.1 Course Summary
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:00
>> Welcome back to the summary course
00:00
in building your InfoSec lab.
00:00
I'm your host and Instructor, Kevin Hernandez.
00:00
Now that we are in the finish line,
00:00
let's review what we've actually
00:00
learn throughout the course.
00:00
In the first module, we actually start to plan our lab.
00:00
We look at the different applications, tools,
00:00
and appliances; type of software
00:00
>> that may help our build.
00:00
>> Some of these technologies were: firewalls, SIEMs, IPS,
00:00
web proxies, Pentesting tools,
00:00
forensic tools as well as the
00:00
operating systems required in order to install these.
00:00
On top of that, we also grabbed
00:00
ESXi in order to install
00:00
several appliances or applications within one machine.
00:00
After doing that, we started looking at the hardware.
00:00
We picked hardware based on
00:00
our specifications from a list
00:00
of applications we chose,
00:00
and from there we both prepared
00:00
the ESXi bootable as well as
00:00
assemble briefly our hardware.
00:00
Moving into the third module,
00:00
we installed the applications or
00:00
the appliances and the software required.
00:00
Now I'll call it appliances and that's just me
00:00
because I think of them
00:00
as the engineering boxes I have at work,
00:00
but in reality they're just applications and software.
00:00
We actually installed several of them,
00:00
even now we will not proceed
00:00
later on in different modules to use all of them.
00:00
This was largely due to having multiple technologies
00:00
doesn't actually improve us
00:00
further especially from a list of perspective.
00:00
You are more than welcomed to obviously use
00:00
whichever you prefer or more familiar with.
00:00
In our fourth module, we actually started
00:00
connecting the lab and working with PFSense.
00:00
Connecting the lab involves setting up a VLANs
00:00
and playing around a lot
00:00
with that aspect of the architecture of the network.
00:00
Not only that, we also have to configure
00:00
the firewalls and do a little bit
00:00
of smart switching configuration. [LAUGHTER]
00:00
We didn't go too much into PFSense,
00:00
you basically install those features that
00:00
were part of
00:00
the next-gen firewalls for application offerings.
00:00
We looked into SquidGuard which was our web proxy.
00:00
We also look at Snort module
00:00
which was part of our IPS perspective.
00:00
We briefly configured the VPN
00:00
itself among other different things.
00:00
We didn't go too much into
00:00
details other than the general setup for these,
00:00
and actually referred you to
00:00
a different course that we have in our catalog that
00:00
goes a little more into details
00:00
within PFSense and regarding its capabilities.
00:00
From there, we started working with QRadar and we
00:00
started by sending the PFSense analogs
00:00
into QRadar itself.
00:00
Now, PFSense was a great example for
00:00
this as PFSense is not natively supported by QRadar,
00:00
and therefore you have to develop
00:00
your own custom properties or
00:00
your own custom deals and order from the store.
00:00
Talking about properties and DSN,
00:00
we saw the variation and the benefits of both of them.
00:00
Property is being a little bit
00:00
easier because you don't have to manipulate
00:00
too much information especially if it's
00:00
one type of a element they only need from the payload,
00:00
those would really shine their rank.
00:00
In regards to the course in DSN,
00:00
this is not supported and I wanted to
00:00
be using the same values as
00:00
the other applications and do
00:00
the correlation and all those different things.
00:00
We saw them when doing this,
00:00
we're able to see the source IPs,
00:00
identifying the geolocation of these type of events,
00:00
and therefore to try to put a more value through
00:00
the threat versus in the other area.
00:00
We just saw IPs itself and we
00:00
wouldn't have a general idea if you were
00:00
local IPs in regarding
00:00
to your location-wise, like a regional,
00:00
like USA, Mexico, Canada, Americas,
00:00
or if you're from foreign IPs,
00:00
from the other side of the world, etc.
00:00
I also briefly just showed you
00:00
the app exchange which shows
00:00
several applications that work with QRadar,
00:00
both for free tools such as exporting to Splunk,
00:00
and paid tools in case you have said
00:00
next-gen antivirus in your environment.
00:00
Many of these won't necessarily work in
00:00
your home lab but that
00:00
way you know you have familiarized with them,
00:00
and if you have QRadar at work you can then go ahead
00:00
and toss in those app exchange into your platform.
00:00
As our PFSense course this was very brief and
00:00
hopefully we can get a QRadar course in Cybrary.
00:00
I'm actually going to be proposing that really soon,
00:00
and if it gets added then I'll
00:00
actually attach those notes into this module,
00:00
that way you can take the course [LAUGHTER].
00:00
It's in the worse, I'll be honest with you.
00:00
One of the last modules
00:00
was practically vulnerability scanning
00:00
whith Nexpose and we did
00:00
install Nextpose in the third module.
00:00
However, we didn't really go into it,
00:00
and actually we even left
00:00
the application license pending back then.
00:00
We've created the segments, we
00:00
deploy little groups of scanning PCs and scan them,
00:00
and we're able to identify
00:00
the vulnerabilities and start looking into them.
00:00
I actually reach out to the vender of
00:00
the vulnerability scanning and it
00:00
actually ended up in nothing, I'll be honest with you.
00:00
They stated that I didn't
00:00
know exactly what I was talking about to which
00:00
I just copy pasted
00:00
the exact same message again that had an Contact Us
00:00
and then the escalated action to engineer when they
00:00
require more information from me,
00:00
>> ruin the believability.
00:00
>> They send it back to
00:00
>> deployment team and that's about it.
00:00
>> I haven't heard back,
00:00
it's been two weeks since,
00:00
but I do need to close the course so I'll keep you
00:00
updated if something changes in regards to that topic.
00:00
That basically concludes our course.
00:00
There's a lot more we can do,
00:00
but I didn't want to make
00:00
this a 20-plus-hour course
00:00
because then nobody will finish it,
00:00
and I don't think that you will be able to accomplish
00:00
that without expanding into all the different software.
00:00
We do have a lot of courses
00:00
and many of these are already out there,
00:00
so I actually encourage you to go into those.
00:00
I enjoy my time with you
00:00
here developing this course for you.
00:00
I hope you enjoyed it as well,
00:00
and I hope to see you in
00:00
another course. Have a great day.
Instructed By
Similar Content
