Beginner’s guide: OSSIM Part 2

-
Image
Hope all of you are keeping well. Thank you all for the overwhelming support you people are giving me. So today we’ll deal with everything from basic OSSIM configuration to integrating different types of assets. Before we jump in to all of that I hope all of you are ready with installation. If not please visit my previous post, which is actually the first part. Beginner’s guide: OSSIM (Open Source Security Information Management) part 1 Make sure you have an active internet connection for your OSSIM. As you all know the Alienvault platform has five modules in it, which are the Asset discovery, vulnerability assessment, threat detection, behavioural monitoring and security intelligence. In simple words we add assets first, and then we’ll configure all those assets under each and every module of Alienvault respectively. If you're ready with everything mentioned in part 1, we can now move forward with the configurations. Here we’re just considering only OSSIM not USM.
13 comments

How to virtualize using vmware

-

Today we’ll build or technically speaking “virtualize” our demo labs. Most of the intentionally vulnerable applications which we see in internet are in a specific format known as “ova (open virtualization archive)” or “ovf (open virtualization format)”, which you can directly import without any issues. Before we start building a virtual machine we need to know some essential basics. The real machine in which you’ve have installed virtualization software is called as host / physical machine. And the virtual machine running inside host machine is known as guest / virtual machines

  1. First step is, obviously enabling virtualization in you system. Most of the machine supports virtualization, but it is disabled by default in BIOS. So you need to reboot your pc, jump into bios setup and hopefully under security or advanced features you’ll see virtualization. Make sure it’s enabled
  2. The second thing is, you need to know is how much free hardware resources can you guest machine suck from host machine. Say for example, my system is equipped with 4 GB RAM when I open task manager -> performance ,I see my system uses 1.24 GB of RAM so out of 4GB I can only use 2.76 GB of RAM. Also make a note of number of processor and its cores.
  3. The third thing or the toughest part is to set up the network interface. Usually there are three types of interfaces bridged, NAT and host only. If you set an interface to bridged mode then, your guest machine will act as a host machine in network. Which means it take IP from your modem / router DHCP, if your physical machine has an IP 192.168.1.100 then your guest will have an IP address 192.168.1.101. If you’ve have setting up in NAT mode then the guest will have a separate its own internal network and host will act as a gateway which translates request from internal network to external network. Any guest is NAT mode can access the entire machines in same NAT network and also in host machines network. The third mode is host only in which all those guest have an isolated network, in which they communicate each other but not with any one out side
Bridged
Nat
Host only
Takes IP from modem / router
Has internal private network provided by virtualization software
Has internal private network provided by virtualization software
Takes internet directly from router/ modem
Host act as modem, which translates packets to and fro from the network, hence shared internet access
No internet connection
Only communicate with any machines under router /modem’s DHCP.
Communicate to all machines in NAT network and also to all machines in router / modem’s network
Only communicate with machines in same ‘host only’ network



Today I’ll be showing how to virtualize Ubuntu. First you need an iso image of the ubuntu. Download ubuntu from http://www.ubuntu.com/download/desktop
After that open vmware click on file -> new virtual machine

select typical and click next
 browse the location of the iso file and click next
 The vmware will ask for few information which is essential for installation to continue
Then the next window will ask you for the name of the virtual machine and storage location of the guest's files
 The next window will ask for the size of guest machine's hard drive
 In the next window you have click on customize hardware
 With respect to the free RAM space in host, set appropriate memory for guest machine
Then click on processors and set appropriate value, if you're using a laptop with intel i5 then , probably you'll have one processor and 4 cores. 
Click on USB and uncheck all the boxes in it.
 After you click on close, remove tick mark on "power on this..." and click finish.
 Then you'll notice an additional cd/dvd sata drive has come up saying it has autoinst.iso in it. This drive has the quick install utility of the vm, if enabled it'll will create partitions and enable all basic deafult settings by itself and thus saves time. If you want to customize partitions , mount points etc then "edit virtual machine settings" and remove the drive
 Clicking on "power on this virtual machine" will automatically starts installation and completes it for you

If you want to type something or click something in guest machine then definitely you have to click in it. But if you want to bring the control of mouse and keyboard then you have to press ctrl+alt

Comments

Post a Comment

Popular posts from this blog

Beginner’s guide: OSSIM (Open Source Security Information Management) part 1

-
Image
As we always do, we’ll start from the scratch, the very basics. OSSIM is most widely used open source SIM tool. The appliance is developed by the Alienvault. Other than OSSIM there are lots of open source SIM like LOGalyze, Kustodian, Prelude etc. But out of these SIM tools, OSSIM is my favorite. It is much user friendly and very stable with respect to performance and resilience. They also have a very good documentation center which gives step-by-step instructions and very good community forum to get help Before we start, if you haven’t seen my blog post on SOC please go through it first. http://pentesterblogs.blogspot.in/2017/05/beginners-guide-how-to-setup-soc.html
Read more

Beginner’s guide: OSSIM Part 2

-
Image
Hope all of you are keeping well. Thank you all for the overwhelming support you people are giving me. So today we’ll deal with everything from basic OSSIM configuration to integrating different types of assets. Before we jump in to all of that I hope all of you are ready with installation. If not please visit my previous post, which is actually the first part. Beginner’s guide: OSSIM (Open Source Security Information Management) part 1 Make sure you have an active internet connection for your OSSIM. As you all know the Alienvault platform has five modules in it, which are the Asset discovery, vulnerability assessment, threat detection, behavioural monitoring and security intelligence. In simple words we add assets first, and then we’ll configure all those assets under each and every module of Alienvault respectively. If you're ready with everything mentioned in part 1, we can now move forward with the configurations. Here we’re just considering only OSSIM not USM.
Read more

Beginner’s guide: How to setup a SOC (Security Operations Center)

-
Image
Lot of people asks me to put something about setting up a SOC. So from today onwards, I’ll be posting articles about, how to set up a SOC. Unlike my other tutorials, SOC is not a specific tool/device, which you can simply ‘fit and forget’. So you need lots of patience and hard work to build one. As usual I’ll posting set-by-step instructions from planning to setting up the SOC.   But before that we need to learn some basics. We need all of you networking, system administration and security skills for this. As a minimum requirement to start, you need to have the following skills Networking basics (Preferred CCNA) Basic system administration (Linux and windows) Security administration (Firewall / UTM management) In other words if know how to configure networking devices, knows how to install package in windows and Linux, and knows at least how to open close ports in firewall, then we’re good to go. I’ve tried my best to write the article from the very basics stuff.
Read more