Server Configuration (Web View)

00:00

in this video we will complete our oasis I am server configuration.

00:06

To start,

00:08

we need to power on all of our BM.

00:26

This might take a little bit of time depending on your system.

00:38

Ah, headless start starts the server without user interaction

01:30

to access. The Web interface will be using our colleague machine.

02:00

Remember, Default user and password is root and tour T o r.

02:14

Now that we have all our vm started, we can start working on our colleague box

02:17

to start weaken

02:21

thing are their servers to make sure we can activity.

02:27

That is our time server.

02:31

This is our oasis. I am sensor

02:37

and that's our Web server

02:44

Firefox

02:53

and navigate to Are those asylum server

03:01

might be propped it with security exception because there's no certificate. But you can just accept and bypass that

03:08

entering our full name

03:12

password.

03:15

Andi Mail.

03:22

Given that there's no Internet access, really doesn't matter because it's not gonna be sending any data. Alien vote

03:37

log in with our credentials. Just created

03:46

alien vault of this. I am has it getting started wizard

03:59

for server, but only have one interface. It is our management interface, so there's nothing to do here,

04:05

***. That discovery

04:09

this is our gateway

04:12

One or two will be our colleague machine.

04:15

You know, this is a Lennox device.

04:17

We know this is a Lennox device.

04:20

Also manually added an asset

04:36

hit. Next.

04:46

At this point, we have to enter in our credentials to the servers.

04:55

If you have a different set of credentials, you have to do them separately.

05:00

I use the same username and password for both my server and sensor.

05:05

This deploys a Lennox, his agent,

05:09

which can detect security events

05:11

locally on a machine and send them back daily involved.

05:43

Once that's complete, we could hit next.

05:53

We're skipping this step.

05:57

Ordinarily, if you're installing this in any kind of production environment, we're really use case you're gonna want to sign up for O T X

06:03

ot exes. Alien fall open threat exchange.

06:06

It's a community resource

06:10

where multiple vendors and community members post IOC's That alien vault will actively scan for

06:19

Since this is a live environment and we don't have Internet access, we're gonna skip this step

06:28

and we're gonna hit finish,

06:36

then explore alien vote Oasis. I am

06:50

welcome to the family of all It was signed Web interface.

06:54

You're an analyst. This is where you do most of your work.

06:58

But for now, we have some more administrative tasks to do.

07:00

We have our over configuration.

07:02

Good. A deployment

07:09

sensors.

07:14

What if the insert are always a science sensor

07:21

entering that? Sensors password.

07:26

Keep in mind if this is different in the system you're on, you're gonna enter in the password of the sensor and not the server.

07:43

Given the system requirements. If I was a sigh am and that we're in a test lab environment,

07:47

this will be much slower than it would in a normal production environment.

07:50

Okay. You know, we have our sensor link to our server. We can continue.

07:57

Go back to the ailing bold center.

08:03

Our next objective is to make sure our network intrusion detection system is running.

08:15

May take some time to retrieve some data from the sensor.

08:20

Now that the data has returned, we can click in a system detail

08:26

we're gonna go to since your configuration.

08:33

This might also take a bit of time.

08:39

Next we click detection,

08:43

we can see that Keith wants are listening in her face,

08:46

which we set

08:46

in our server configuration.

08:50

We can see here that the only of alternates is up and running

08:56

Beautiful. And it won't use a sir kata as its intrusion detection system

09:01

on a lot of sir collar rules rely on external and internal I p addressing.

09:07

Given that this lab is entirely internally address, we're gonna have to allow only a vault to recognize internalized dresses as external addresses.

09:18

To start with our tests, we can get a configuration

09:22

threat, intelligence

09:26

and then directives.

09:28

Correlation directors are a set of rules

09:31

that only about uses to analyze lugs.

09:37

For example, if we start sneaked up,

09:43

we could see a nikto where vulnerability assessment, tool usage.

09:48

This is a wet vulnerability scanner.

09:54

If you look in the rule

09:58

we see from and to

10:01

exclamation point home, that and home yet

10:05

exclamation point home. That is another way to say, not home yet.

10:09

We have to add it this to say from home that to home that

10:13

to do this,

10:15

we can call in this directive to user

10:20

Yes,

10:22

this will disable the eligible policy and create our own custom. One

10:30

hit plus signed to edit.

10:48

As you can see here and for making specific custom rules, you can select specific hosts

10:54

and networks

10:58

for our case where it's gonna click home that

11:01

click Modify.

11:03

You could see that the exclamation point is gone.

11:07

We could reload the directive.

11:16

And that's step one to get on. It's working.

11:28

Step two,

11:30

we have to go into our lowest time sensor

11:33

were refusing an all in one solution. The O S S I n server

11:45

log in.

11:48

Make this well, bigger for ease of Ewing.

11:54

We got the jail break into the system

11:58

To start, we can go into our Sarah Connor directory.

12:03

Betsy

12:05

Sarah Kata.

12:07

Now we can add it. Are Sir Kana Yano file

12:13

to do that?

12:16

Not a

12:18

sir. Counter that camel.

12:22

We have to find our external net variable.

12:26

You can hit control. W to search.

12:33

You could search for external net.

12:39

Here we can see all the variables that are. Sir. Kata installation takes advantage of

12:45

instead of not home net for external net

12:48

were changes to any.

12:50

This helps sir Qatar recognize more threats than just external to internal traffic or internal the external

12:58

and the scenario where someone breeches your network and is moving internally.

13:03

You have a chance of missing some alarms. That ordinarily would see,

13:07

I recommend sitting certain it to any

13:09

keep in mind that still create a lot of false positives within your network that you'll have to tune out later.

13:16

Given that this is a test environment, it shouldn't be a problem.

13:20

Control X.

13:22

Why

13:24

enter

13:30

now that the file saved with the restart, our sir caught a process

13:33

topping and service.

13:35

Sarah Cottle,

13:39

restart.

13:48

No, that's done.

13:50

Go back to our colleague machine.

13:54

A bit of our alarm stab,

14:01

which at the moment is empty.

14:05

We're gonna change that.

14:09

Could open up a terminal

14:13

by default. Kali has many penetration testing tools installed.

14:18

One of these tools is Nick. Go

14:22

to scan our Web server

14:26

type and nikto Dass H

14:33

and then the i p address of our bond to Web server.

15:03

But this prompt you could hit No

15:05

on. Our scan is complete.

15:11

You could see right here

15:16

that we have one unresolved alarm.

15:22

If it doesn't pop up immediately, you can reload the page.

15:31

And here we can see our alarm.

15:35

This confirms that our network intrusion detection system is running properly

15:41

For more Kali box. We ran a web application vulnerability scanner on our open to Web server.

15:48

This traffic was picked up by the nits interface

15:52

on Roos Asylum Centre.

16:00

You can go into the alarm and see the exact event

16:03

triggered.

16:06

We see our nick to the user agent