#channelcon16 - amazon web services · even virtualized windows and vmware administrators are...
TRANSCRIPT
![Page 1: #ChannelCon16 - Amazon Web Services · even virtualized Windows and VMWare administrators are expected to know Linux. ... developers often get Linux certified, ... •onfigure the](https://reader031.vdocument.in/reader031/viewer/2022022514/5af434017f8b9a8d1c8bd7a7/html5/thumbnails/1.jpg)
Welcome to Track4Techs#ChannelCon16
![Page 2: #ChannelCon16 - Amazon Web Services · even virtualized Windows and VMWare administrators are expected to know Linux. ... developers often get Linux certified, ... •onfigure the](https://reader031.vdocument.in/reader031/viewer/2022022514/5af434017f8b9a8d1c8bd7a7/html5/thumbnails/2.jpg)
A Foundational IT Framework
Infrastructure Development Security Data
![Page 3: #ChannelCon16 - Amazon Web Services · even virtualized Windows and VMWare administrators are expected to know Linux. ... developers often get Linux certified, ... •onfigure the](https://reader031.vdocument.in/reader031/viewer/2022022514/5af434017f8b9a8d1c8bd7a7/html5/thumbnails/3.jpg)
Today’s Tech, Today’s LinuxJames Stanger, Sr. Director, CompTIA
![Page 4: #ChannelCon16 - Amazon Web Services · even virtualized Windows and VMWare administrators are expected to know Linux. ... developers often get Linux certified, ... •onfigure the](https://reader031.vdocument.in/reader031/viewer/2022022514/5af434017f8b9a8d1c8bd7a7/html5/thumbnails/4.jpg)
Copyright (c) 2015 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
James StangerSenior Director, Products, CompTIAResponsible for determining CompTIA’s product
roadmap
Open source Security Networking technologies
Education
Authority in:
![Page 5: #ChannelCon16 - Amazon Web Services · even virtualized Windows and VMWare administrators are expected to know Linux. ... developers often get Linux certified, ... •onfigure the](https://reader031.vdocument.in/reader031/viewer/2022022514/5af434017f8b9a8d1c8bd7a7/html5/thumbnails/5.jpg)
Technology Footprint
DevelopmentPlatforms
Increased Attacks
Internet of Things
Drivers for Linux
![Page 6: #ChannelCon16 - Amazon Web Services · even virtualized Windows and VMWare administrators are expected to know Linux. ... developers often get Linux certified, ... •onfigure the](https://reader031.vdocument.in/reader031/viewer/2022022514/5af434017f8b9a8d1c8bd7a7/html5/thumbnails/6.jpg)
Where is Linux used in the IT world today?
Job role Description
Systems administratorConfiguring Linux systems to support file sharing, database, and e-commerce.
Includes DNS, DHCP, and supporting services.
Web systems administrator Apache and Linux run over 50% of the Web.
Virtualization/ Linux and Windows administrator
Linux systems are often the foundation of virtualized environments. Therefore, even virtualized Windows and VMWare administrators are expected to know
Linux.
Intrusion detection technician / analyst / consultant
The Snort IDS, for example, was effectively “born” in Linux. Now owned by Cisco, it will never lose its Linux roots. Plus, many IDS systems remain live on
Linux systems
Penetration testerLinux systems allow for sophisticated applications and scripting that help testers
scan, penetrate, and test internal and external systems.
Linux developer / Mobile app developer / Application engineer
Believe it or not, developers often get Linux certified, because they need to know the environment.
Storage engineer For SAN and NAS-based solutions.
Hadoop administratorBig data isn’t all just about business intelligence, heat maps, and MapReduce.
Someone has to run the systems.
![Page 7: #ChannelCon16 - Amazon Web Services · even virtualized Windows and VMWare administrators are expected to know Linux. ... developers often get Linux certified, ... •onfigure the](https://reader031.vdocument.in/reader031/viewer/2022022514/5af434017f8b9a8d1c8bd7a7/html5/thumbnails/7.jpg)
infrastructure support – looking underneath the hood
![Page 8: #ChannelCon16 - Amazon Web Services · even virtualized Windows and VMWare administrators are expected to know Linux. ... developers often get Linux certified, ... •onfigure the](https://reader031.vdocument.in/reader031/viewer/2022022514/5af434017f8b9a8d1c8bd7a7/html5/thumbnails/8.jpg)
• Choice of environments
• Virtualbox: https://www.virtualbox.org/wiki/Downloads
• VMWare: https://my.vmware.com/web/vmware/downloads
• Hyper-V: https://www.microsoft.com/en-us/server-cloud/solutions/virtualization.aspx
Installing a VM
![Page 9: #ChannelCon16 - Amazon Web Services · even virtualized Windows and VMWare administrators are expected to know Linux. ... developers often get Linux certified, ... •onfigure the](https://reader031.vdocument.in/reader031/viewer/2022022514/5af434017f8b9a8d1c8bd7a7/html5/thumbnails/9.jpg)
• Obtain the ISOfile of the OS
• Settings
• OS type
• Architecture (32 or 64)
• RAM (1024 / 2048)
• Virtual hard disk size
• Fixed or virtual
• IDE controller (SATA)use the ISO
VM considerations
Additional settings – multiple net adapters, cut and paste, audio
![Page 10: #ChannelCon16 - Amazon Web Services · even virtualized Windows and VMWare administrators are expected to know Linux. ... developers often get Linux certified, ... •onfigure the](https://reader031.vdocument.in/reader031/viewer/2022022514/5af434017f8b9a8d1c8bd7a7/html5/thumbnails/10.jpg)
• More than just kind of fun
• Useful for showing locations
• Intermediaterouters
• To install ovtr:
• Uninstall openjava
• Install Oracle Java
• Update your install database
Open Visual Traceroute
![Page 11: #ChannelCon16 - Amazon Web Services · even virtualized Windows and VMWare administrators are expected to know Linux. ... developers often get Linux certified, ... •onfigure the](https://reader031.vdocument.in/reader031/viewer/2022022514/5af434017f8b9a8d1c8bd7a7/html5/thumbnails/11.jpg)
• sudo apt-get remove --purge openjdk*
• sudo apt-get install oracle-java8-installer gksu traceroute
• sudo apt-get whois
• sudo dpkg –I ovtr_1.6.3-1.amd64.deb
• You can then run ovtr from the menu: Open Visual Traceroute
Installing Open Visual Traceroute
![Page 12: #ChannelCon16 - Amazon Web Services · even virtualized Windows and VMWare administrators are expected to know Linux. ... developers often get Linux certified, ... •onfigure the](https://reader031.vdocument.in/reader031/viewer/2022022514/5af434017f8b9a8d1c8bd7a7/html5/thumbnails/12.jpg)
Top derivatives
– atop, htop, iotop, powertop,ntoping
– More useful than you thinkfor networking
ntop, jnettop and iftop
– For network traffic
– Ntop covered later
Bandwidthd and bmon
– Web-based access
– For long-term, like ntop
Additional tools: lynx andnetcat (nc)
Network monitoring
Iftop running – usefulfor short-term monitoring
![Page 13: #ChannelCon16 - Amazon Web Services · even virtualized Windows and VMWare administrators are expected to know Linux. ... developers often get Linux certified, ... •onfigure the](https://reader031.vdocument.in/reader031/viewer/2022022514/5af434017f8b9a8d1c8bd7a7/html5/thumbnails/13.jpg)
etherape
– High-leveloverview ofthe network
nethogs
– By app
– Useful for tracing
iptraf
– Interface stats
– Often a bitgrumpy onvirtualizedsystems
Network monitoring (cont’d)
![Page 14: #ChannelCon16 - Amazon Web Services · even virtualized Windows and VMWare administrators are expected to know Linux. ... developers often get Linux certified, ... •onfigure the](https://reader031.vdocument.in/reader031/viewer/2022022514/5af434017f8b9a8d1c8bd7a7/html5/thumbnails/14.jpg)
vnstat
– Persistent stats, even through boots
– Uses kernel-based logging
iptstate
– Monitors traffic acrossiptables
– Helps look for congestion
Darkstat
– Has own Web server
– Captures traffic
– Calculates stats
Even more network monitoring
![Page 15: #ChannelCon16 - Amazon Web Services · even virtualized Windows and VMWare administrators are expected to know Linux. ... developers often get Linux certified, ... •onfigure the](https://reader031.vdocument.in/reader031/viewer/2022022514/5af434017f8b9a8d1c8bd7a7/html5/thumbnails/15.jpg)
Configuring darkstat
![Page 16: #ChannelCon16 - Amazon Web Services · even virtualized Windows and VMWare administrators are expected to know Linux. ... developers often get Linux certified, ... •onfigure the](https://reader031.vdocument.in/reader031/viewer/2022022514/5af434017f8b9a8d1c8bd7a7/html5/thumbnails/16.jpg)
Nagios
– Like Ntop
– Bandwidth monitor
OpenNMS
– Still quite active
– Modular design
brainypdm
– Gathers data (Nagios)
Performance Co-Pilot (PCP)
– Gathers data from multiple hosts
– Web interface or GUI
Web-based network monitoring
Configuring PCP:$ sudo apt-get install pcp$ sudo update-rc.d pmcd defaults$ sudo update-rc.d pmlogger defaults$ sudo service pmcd restart$ sudo service pmlogger restart$ sudo apt-get install pcp-doc pcp-gui$ pcp –h localhost$ http://www.pcp.io/docs/guide.html$ pmdumptext -Xlimu -t 2sec 'kernel.all.load[1]' mem.util.used disk.partitions.write -h acme.com$ pmdumptext -Xlimu -t 2sec 'kernel.all.load[1]' mem.util.used disk.partitions.write -h acme.com$ pmchart –t 2sec –h localhost $ pmchart –t 2sec –h host1 –h host2
![Page 17: #ChannelCon16 - Amazon Web Services · even virtualized Windows and VMWare administrators are expected to know Linux. ... developers often get Linux certified, ... •onfigure the](https://reader031.vdocument.in/reader031/viewer/2022022514/5af434017f8b9a8d1c8bd7a7/html5/thumbnails/17.jpg)
pcp’s GUI interface
$ pmchart –t 2sec –h localhost
![Page 18: #ChannelCon16 - Amazon Web Services · even virtualized Windows and VMWare administrators are expected to know Linux. ... developers often get Linux certified, ... •onfigure the](https://reader031.vdocument.in/reader031/viewer/2022022514/5af434017f8b9a8d1c8bd7a7/html5/thumbnails/18.jpg)
Install (Ubuntu)
– Few, if any, dependencies
– URL: http://idroot.net/linux/install-ntopng-ubuntu-16-04/
Considerations
– What about switched networks?
– TMI at port localhost:3000
– Narrow down according to: Business need – what your boss wants
Traffic type
Network sector
History of traffic and/or issues
Web-based network monitoring: Ntop
Default user: adminpassword – you set it
![Page 19: #ChannelCon16 - Amazon Web Services · even virtualized Windows and VMWare administrators are expected to know Linux. ... developers often get Linux certified, ... •onfigure the](https://reader031.vdocument.in/reader031/viewer/2022022514/5af434017f8b9a8d1c8bd7a7/html5/thumbnails/19.jpg)
Linux and security
![Page 20: #ChannelCon16 - Amazon Web Services · even virtualized Windows and VMWare administrators are expected to know Linux. ... developers often get Linux certified, ... •onfigure the](https://reader031.vdocument.in/reader031/viewer/2022022514/5af434017f8b9a8d1c8bd7a7/html5/thumbnails/20.jpg)
• Many available
• Lynis
• Chkrootkit
• ISPProtect
• Sophos
• They look for software
• They also look for dangerousconditions that invite rootkits
• Rootkits
• Necurs
• Ones you’ve never heard of
rootkit detection
![Page 21: #ChannelCon16 - Amazon Web Services · even virtualized Windows and VMWare administrators are expected to know Linux. ... developers often get Linux certified, ... •onfigure the](https://reader031.vdocument.in/reader031/viewer/2022022514/5af434017f8b9a8d1c8bd7a7/html5/thumbnails/21.jpg)
Open Source Software
Description URL
Wireshark Network protocol analyzer / packet capture tool
www.wireshark.org
Bro Event monitoring software –focusing on analysis
www.bro.org
AlienVault Open Source SIEM (OSSIM)
Event monitoring software www.alienvault.com
Snort IDS – now managed by Cisco www.snort.org
Typical open source security analyst tools
![Page 22: #ChannelCon16 - Amazon Web Services · even virtualized Windows and VMWare administrators are expected to know Linux. ... developers often get Linux certified, ... •onfigure the](https://reader031.vdocument.in/reader031/viewer/2022022514/5af434017f8b9a8d1c8bd7a7/html5/thumbnails/22.jpg)
• Use it securely
• Use dumpcap first, as root (sudo), to capture
• Can also use tshark (?)
• Then, use the Wireshark GUI as a standard user toread the packets
• Tips• Filtering packets
• Saving for reuse later
Using Wireshark
$ dumpcap –w wiresharkcapture.cap$ sudo chmod o+rw wiresharkcapture.cap$ wireshark –r wiresharkcapture.cap
![Page 23: #ChannelCon16 - Amazon Web Services · even virtualized Windows and VMWare administrators are expected to know Linux. ... developers often get Linux certified, ... •onfigure the](https://reader031.vdocument.in/reader031/viewer/2022022514/5af434017f8b9a8d1c8bd7a7/html5/thumbnails/23.jpg)
• Installation
• $ sudo apt-get install zlib
• $ sudo apt-get install zlib-headers
• $ sudo apt-get install cmake make gcc g++ bison libpcap-dev libssl-dev python-dev swig zlib1g-dev
• $ cd bro-2.4.1/
• $ ./configure –prefix=/nsm/bro
• $ make
• $ sudo make install
• $ export PATH=/nsm/bro/bin/:$PATH
You are now ready to run: broctl as root.
Installing bro
You can also edit the /etc/environment file to add the path.
![Page 24: #ChannelCon16 - Amazon Web Services · even virtualized Windows and VMWare administrators are expected to know Linux. ... developers often get Linux certified, ... •onfigure the](https://reader031.vdocument.in/reader031/viewer/2022022514/5af434017f8b9a8d1c8bd7a7/html5/thumbnails/24.jpg)
• Use the broctl command
• status
• netstats
• top
• Configuration files:
• All off of the /nsm/bro/etc/ directory; not the /etc/ directory
• node.cfg: Specify the interface
• networks.cfg: Specify the network to monitor
• broctl.cfg: Mail configuration – for notifications
• Restart: $/nsm/bro/bin/broctl, then start | stop
Configuring bro
![Page 25: #ChannelCon16 - Amazon Web Services · even virtualized Windows and VMWare administrators are expected to know Linux. ... developers often get Linux certified, ... •onfigure the](https://reader031.vdocument.in/reader031/viewer/2022022514/5af434017f8b9a8d1c8bd7a7/html5/thumbnails/25.jpg)
• View the following log files:
• /nsm/bro/logs/*
• Today’s date
• communication*loaded_scripts*
• Packet_filter*
• The “current” directory
• Files include weird.log dns.log, httpd.log, scripts.log
• Too much information / don’t like reading log files?
• Configure the ”ELK stack”
• Graphical visualization of the log files you’ve captured
• The wave of the future – make it so that even your CIO can read it!
Configuring bro (cont’d)
![Page 26: #ChannelCon16 - Amazon Web Services · even virtualized Windows and VMWare administrators are expected to know Linux. ... developers often get Linux certified, ... •onfigure the](https://reader031.vdocument.in/reader031/viewer/2022022514/5af434017f8b9a8d1c8bd7a7/html5/thumbnails/26.jpg)
Viewing logs generated from bro
• This is a copy of the /nsm/bro/logs/current/weird.log file
• Notice the “bad packets” section
![Page 27: #ChannelCon16 - Amazon Web Services · even virtualized Windows and VMWare administrators are expected to know Linux. ... developers often get Linux certified, ... •onfigure the](https://reader031.vdocument.in/reader031/viewer/2022022514/5af434017f8b9a8d1c8bd7a7/html5/thumbnails/27.jpg)
• Scapy
• Ostinato
• PackETH
packet manipulation
You’ll need to knowyour TCP/IP suitefrontwards andbackwards –IPv4 and IPv6
ARP/DatalinkUDPTCPAll IP options
![Page 28: #ChannelCon16 - Amazon Web Services · even virtualized Windows and VMWare administrators are expected to know Linux. ... developers often get Linux certified, ... •onfigure the](https://reader031.vdocument.in/reader031/viewer/2022022514/5af434017f8b9a8d1c8bd7a7/html5/thumbnails/28.jpg)
Packets created by Packeth shown in Wireshark
![Page 29: #ChannelCon16 - Amazon Web Services · even virtualized Windows and VMWare administrators are expected to know Linux. ... developers often get Linux certified, ... •onfigure the](https://reader031.vdocument.in/reader031/viewer/2022022514/5af434017f8b9a8d1c8bd7a7/html5/thumbnails/29.jpg)
packet manipulation and bro
![Page 30: #ChannelCon16 - Amazon Web Services · even virtualized Windows and VMWare administrators are expected to know Linux. ... developers often get Linux certified, ... •onfigure the](https://reader031.vdocument.in/reader031/viewer/2022022514/5af434017f8b9a8d1c8bd7a7/html5/thumbnails/30.jpg)
OpenVAS
– A working “fork” of Nessus
– Fully open source
– URL: www.openvas.org
Considerations
– Setting up the service
– Too much information
– Signature updates
– Customization Interface choice
Protocols/traffic types to analyze
Network segments
Regions
Scanning, vulnerability management, and SIEM
![Page 31: #ChannelCon16 - Amazon Web Services · even virtualized Windows and VMWare administrators are expected to know Linux. ... developers often get Linux certified, ... •onfigure the](https://reader031.vdocument.in/reader031/viewer/2022022514/5af434017f8b9a8d1c8bd7a7/html5/thumbnails/31.jpg)
• Disk encryption (strong)
• Available for Mac, Linux, Windows
• Successor to TrueCrypt
• Independently audited
• Several differentencryption algorithms available
• Viewable or hidden volumes
• GUI-based
• Many encryption key options
Disk encryption on Linux - Veracrypt
![Page 32: #ChannelCon16 - Amazon Web Services · even virtualized Windows and VMWare administrators are expected to know Linux. ... developers often get Linux certified, ... •onfigure the](https://reader031.vdocument.in/reader031/viewer/2022022514/5af434017f8b9a8d1c8bd7a7/html5/thumbnails/32.jpg)
questions?
![Page 33: #ChannelCon16 - Amazon Web Services · even virtualized Windows and VMWare administrators are expected to know Linux. ... developers often get Linux certified, ... •onfigure the](https://reader031.vdocument.in/reader031/viewer/2022022514/5af434017f8b9a8d1c8bd7a7/html5/thumbnails/33.jpg)
Coming in December
Live from HQ…A new continuing education event
for IT pros
Details/Call for speakers
coming soon
![Page 34: #ChannelCon16 - Amazon Web Services · even virtualized Windows and VMWare administrators are expected to know Linux. ... developers often get Linux certified, ... •onfigure the](https://reader031.vdocument.in/reader031/viewer/2022022514/5af434017f8b9a8d1c8bd7a7/html5/thumbnails/34.jpg)
Up Next12:00 Technology Vendor Fair Lunch and Exhibitor Raffles
2:15 Basic Malware Analysis Workshop
3:30 Enterprise Mobile Development
4:30 Wine Down Reception