Virtualisation is not something we usually associate with intrusion detection capability (minus perhaps consolidating your back-office technology & the cost saving and green benefits that brings) however there is much to be gained from developing solutions around virtual environments. Take for example the traditional sensor configuration, many implementations will focus around a single product. From the open-source perspective this would usually be one built around Snort, or perhaps Bro. Most analysts will know the limitations this brings, and most will realise that the resulting view of the network is severely limited…. Continue reading ‘The Power of Virtualisation for Comprehensive Intrusion Detection’
Intrusion Detection, Analysis & Prevention
Monthly Archive for March, 2010
I will be using this post to review, day by day, the content of this course whilst I’m over here in Orlando. The course is being lead by Jonathan Ham, of jham corp and co-written by Sherri Davidoff, who have now both converged to form Lake Missoula Group – an independent, vendor-neutral consulting collective. The 558 course focuses on forensic investigations “without the hard drive” – can enough information be gathered through network analysis to make/break a case? Lets find out! Continue reading ‘Sans Security 558 – Network Forensics’
I wrote a little bash script on the weekend. Concept is simple, it takes a file name and directory as command line arguments, then searches IMDb for the title, returning the artwork (600x600px) and the genre. Script then moves the file to a given location under the “genre” folder. For example I have a folder setup with an incrontab entry that watches the folder for anything moved into it. When incron detects a file, the script is called with the monitored directory and filename as arguments. The movie and corresponding art is moved to my NAS “movies” folder, under the correct genre. Anyway, script is here (it serves my purpose, you will probably want to edit it for your own use):
Continue reading ‘Bash Script – Automatic IMDb Genre & Artwork For Movie Files’
Today I spent the majority of the day installing and configuring a new Snorby frontend server for testing. I am documenting the process here and will be submitting the process to Snorby.org to add to the wiki. I will be making some inital assumptions that you are comfortable using the command line, have some experience with SQL and Apache. Although pretty much anyone should be able to follow this guide through with no prior knowledge, it is useful to have the background knowledge so that you “understand” what it is you are typing! It’s worth noting I won’t be installing Snort, or detailing any configuration at this point, I am building a bare frontend with the intention that data will be fed into the database from elsewhere, as building a sensor, DB server and frontend onto a single box is a bad idea, and pretty un-realistic tbh! With that over, lets begin!
Updated 03/03/10 to include Apache configuration 
Continue reading ‘Installing Snorby With Apache2 on Ubuntu 9.04 Server’
About Me
Hi. I'm Matt Newham, 23 years old. I'm a network security engineer, specializing in Intrusion Detection.
