Beginner’s guide: OSSIM Part 2

-
Image
Hope all of you are keeping well. Thank you all for the overwhelming support you people are giving me. So today we’ll deal with everything from basic OSSIM configuration to integrating different types of assets. Before we jump in to all of that I hope all of you are ready with installation. If not please visit my previous post, which is actually the first part. Beginner’s guide: OSSIM (Open Source Security Information Management) part 1 Make sure you have an active internet connection for your OSSIM. As you all know the Alienvault platform has five modules in it, which are the Asset discovery, vulnerability assessment, threat detection, behavioural monitoring and security intelligence. In simple words we add assets first, and then we’ll configure all those assets under each and every module of Alienvault respectively. If you're ready with everything mentioned in part 1, we can now move forward with the configurations. Here we’re just considering only OSSIM not USM.
11 comments

Basic networking terminologies

-

Networking Terminologies

Open System Interconnection (OSI)


The OSI model takes the task of inter-networking and divides that up into what is referred to as a vertical stack that consists of 7 layers. The Open Systems Interconnection model (OSI model) is a conceptual model, in fact, it's not even tangible. It doesn't perform any functions in the networking process. It is a conceptual framework so we can better understand complex interactions that are happening.

Layer 1 Physical


The physical layer consists of the basic networking hardware transmission technologies of a network. It conveys the bit stream electrical impulse, light or radio signal through the network. It provides the hardware means of sending and receiving data on a carrier, including defining cables, network interface cards and physical aspects. Fast Ethernet, RS232, and ATM etc., are the protocols with physical layer components. This is perhaps the most complex layer in the OSI architecture. examples include Ethernet, FDDI, B8ZS, V.35, V.24, RJ45.

Layer 2 Datalink


The data link layer or layer 2 is the second layer of the seven-layer OSI model of computer networking. It furnishes transmission protocol knowledge and management, and handles errors in the physical layer, flow control and frame synchronization. The data link layer is concerned with local delivery of frames between devices on the same LAN. Data-link frames, as these protocol data units are called, do not cross the boundaries of a local network. The data link layer is divided into two sub layers: The Media Access Control (MAC) layer and the Logical Link Control (LLC) layer. The MAC sub layer controls how a computer on the network gains access to the data and permission to transmit it. The LLC layer controls frame synchronization, flow control and error checking. Examples include PPP, FDDI, ATM, IEEE 802.5 / 802.2, IEEE 802.3/802.2, HDLC, and Frame Relay.

Layer 3 Network


Routing and forwarding are functions of this layer, as well as addressing, internetworking, error handling, congestion control and packet sequencing. The network layer is responsible for packet forwarding including routing through intermediate routers, since it knows the address of neighboring network nodes, and it also manages quality of service (QoS), and recognizes and forwards local host domain messages to the Transport layer. It provides routing technologies, creating logical paths, known as virtual circuits, for transmitting data from node to node. Examples include AppleTalk DDP, IP, and IPX.

Layer 4 Transport


Layer 4 provides transparent transfer of data between end systems, or hosts. This layer maintains flow control of data and provides error checking and recovery of data between the devices. It ensures complete data transfer from one node to another. It provides services such as connection-oriented data stream support, reliability, flow control, and multiplexing. Transport layer looks to see if data is coming from more than one application and integrates each application's data into a single stream for the physical network. Examples include SPX, TCP, UDP.

Layer 5 Sessions


Layer 5 establishes, maintains and ends communication with the receiving device. It provides the mechanism for opening, closing and managing a session between end-user applications. The session layer coordinates, and terminates conversations, exchanges, and dialogues between the applications at each end. Each sessions consist of requests and responses that occur between applications. It mainly deals with different sessions and connection coordination’s. Examples include NFS, NetBIOS names, RPC, SQL

Layer 6 Presentation


The presentation layer works to transform data into the form that the application layer can accept. This layer is responsible for the delivery and formatting of information to the application layer for further processing or display. It takes the data provided by the Application layer and converts it into a standard format that the other layers can understand. It is the lowest layer at which application programmers consider data structure and presentation. It relieves the application layer of concern regarding syntactical differences in data representation within the end-user systems. Examples include encryption, ASCII, EBCDIC, TIFF, GIF, PICT, JPEG, MPEG, MIDI.

Layer 7 Application


An application layer is an abstraction layer that specifies the shared protocols and interface methods used by hosts in a communications network. Layer 7, supports application and end-user processes. Communication partners are identified, quality of service is identified, user authentication and privacy are considered, and any constraints on data syntax are identified. This is the layer that actually interacts with the operating system or application whenever the user chooses to transfer files, read messages or perform other network-related activities. Examples include WWW browsers, NFS, SNMP, Telnet, HTTP, FTP.



Comments

Post a Comment

Popular posts from this blog

Beginner’s guide: OSSIM (Open Source Security Information Management) part 1

-
Image
As we always do, we’ll start from the scratch, the very basics. OSSIM is most widely used open source SIM tool. The appliance is developed by the Alienvault. Other than OSSIM there are lots of open source SIM like LOGalyze, Kustodian, Prelude etc. But out of these SIM tools, OSSIM is my favorite. It is much user friendly and very stable with respect to performance and resilience. They also have a very good documentation center which gives step-by-step instructions and very good community forum to get help Before we start, if you haven’t seen my blog post on SOC please go through it first. http://pentesterblogs.blogspot.in/2017/05/beginners-guide-how-to-setup-soc.html
Read more

Beginner’s guide: OSSIM Part 2

-
Image
Hope all of you are keeping well. Thank you all for the overwhelming support you people are giving me. So today we’ll deal with everything from basic OSSIM configuration to integrating different types of assets. Before we jump in to all of that I hope all of you are ready with installation. If not please visit my previous post, which is actually the first part. Beginner’s guide: OSSIM (Open Source Security Information Management) part 1 Make sure you have an active internet connection for your OSSIM. As you all know the Alienvault platform has five modules in it, which are the Asset discovery, vulnerability assessment, threat detection, behavioural monitoring and security intelligence. In simple words we add assets first, and then we’ll configure all those assets under each and every module of Alienvault respectively. If you're ready with everything mentioned in part 1, we can now move forward with the configurations. Here we’re just considering only OSSIM not USM.
Read more

Beginner’s guide: How to setup a SOC (Security Operations Center)

-
Image
Lot of people asks me to put something about setting up a SOC. So from today onwards, I’ll be posting articles about, how to set up a SOC. Unlike my other tutorials, SOC is not a specific tool/device, which you can simply ‘fit and forget’. So you need lots of patience and hard work to build one. As usual I’ll posting set-by-step instructions from planning to setting up the SOC.   But before that we need to learn some basics. We need all of you networking, system administration and security skills for this. As a minimum requirement to start, you need to have the following skills Networking basics (Preferred CCNA) Basic system administration (Linux and windows) Security administration (Firewall / UTM management) In other words if know how to configure networking devices, knows how to install package in windows and Linux, and knows at least how to open close ports in firewall, then we’re good to go. I’ve tried my best to write the article from the very basics stuff.
Read more