1
00:00:07,890 --> 00:00:13,770
OK, so when the last lecture we set up our corporate email and now we're going to dig into the routing

2
00:00:13,770 --> 00:00:15,170
infrastructure, right?

3
00:00:15,180 --> 00:00:17,560
So we're going to build out our intrusion detection system.

4
00:00:17,580 --> 00:00:19,190
We're going to set up our circle of rules.

5
00:00:19,500 --> 00:00:24,640
We're going to set up our Layer seven Next-Generation Firewall capabilities, all using open sets.

6
00:00:24,660 --> 00:00:25,950
It's going to be amazing.

7
00:00:26,250 --> 00:00:32,160
So before we do that, I just need to make sure that you are tracking the need to take snapshots.

8
00:00:32,610 --> 00:00:32,880
Right.

9
00:00:32,910 --> 00:00:35,670
So what you should do before we proceed is right.

10
00:00:35,670 --> 00:00:38,770
Click on the tab and then go to snapshot and take a snapshot.

11
00:00:39,360 --> 00:00:44,190
The last thing we want to happen is your VM crashes or something catastrophic happens with your host

12
00:00:44,190 --> 00:00:47,250
machine and you don't have a recent snapshot, right?

13
00:00:47,520 --> 00:00:51,980
Rebuilding everything from scratch is going to be laborious, not to mention vexing.

14
00:00:52,230 --> 00:00:56,900
So I'm trying to save you that frustration by recommending you take regular snapshots.

15
00:00:56,910 --> 00:01:02,490
OK, so make sure all your Vimes a snapshot it and make sure all VMS are in only mode to the adapter

16
00:01:02,490 --> 00:01:02,900
at the bottom.

17
00:01:03,360 --> 00:01:08,100
So you just click through each of the voice tabs and the mouse over the adapter to make sure it's the

18
00:01:08,110 --> 00:01:08,610
host only.

19
00:01:09,000 --> 00:01:09,310
Right.

20
00:01:09,360 --> 00:01:10,090
So we're good here.

21
00:01:10,460 --> 00:01:12,460
Now let's get into open sense.

22
00:01:13,500 --> 00:01:14,220
This is amazing.

23
00:01:14,940 --> 00:01:17,870
This is my opinion, one of the worst.

24
00:01:17,880 --> 00:01:24,210
I think it is the best opensource intrusion detection system and firewall combination right now that

25
00:01:24,210 --> 00:01:24,780
exists.

26
00:01:25,270 --> 00:01:30,990
Puissance is another excellent firewall, but open sense of the evolution of it.

27
00:01:31,210 --> 00:01:34,320
And if you want to look at piaffe sense and how you can set that up in a cyber range, you should look

28
00:01:34,350 --> 00:01:35,040
at my other course.

29
00:01:35,820 --> 00:01:38,280
That is basically kind of the ultimate cyber rage.

30
00:01:38,790 --> 00:01:40,410
And that's another course that's also here.

31
00:01:40,410 --> 00:01:43,230
And you have access to it if you if you want to view that course.

32
00:01:43,590 --> 00:01:46,550
But here we're going to do is we're going to set this up and it's going to be a lot of fun.

33
00:01:46,560 --> 00:01:47,520
So what can you do with this?

34
00:01:47,550 --> 00:01:49,740
Well, you know, you can look at your firewall rules.

35
00:01:49,740 --> 00:01:50,520
You can set all that up.

36
00:01:50,520 --> 00:01:53,970
You can set up Surakarta and it gets even better.

37
00:01:54,000 --> 00:01:54,720
So let's go down.

38
00:01:55,080 --> 00:01:55,410
Right.

39
00:01:56,070 --> 00:01:56,960
Stateful firewall.

40
00:01:57,390 --> 00:02:04,010
So by stateful, it means that the firewall can monitor the full state of active network sessions.

41
00:02:04,320 --> 00:02:04,620
Right.

42
00:02:04,620 --> 00:02:07,170
It is not such an agnostic.

43
00:02:07,650 --> 00:02:12,830
It understands the context of the traffic and can give you a big picture overview of what's happening.

44
00:02:13,140 --> 00:02:13,420
Right.

45
00:02:13,440 --> 00:02:15,030
So this is what modern firewalls use.

46
00:02:15,660 --> 00:02:17,250
And we have a bunch of other things here, right?

47
00:02:18,060 --> 00:02:19,320
Intrusion detection systems.

48
00:02:19,320 --> 00:02:19,620
Right.

49
00:02:19,620 --> 00:02:26,130
So you can detect Trojans and command and control bots using Surakarta, which is industry standard

50
00:02:26,130 --> 00:02:27,910
open source intrusion detection system.

51
00:02:28,350 --> 00:02:35,220
Now, you could use the emerging threats ruleset, which is free, but by signing up for it pro telemetry,

52
00:02:35,220 --> 00:02:38,630
you can actually you can actually get the paid version.

53
00:02:38,640 --> 00:02:40,950
I'm going to show you how to do that a little bit later, which is even better.

54
00:02:40,950 --> 00:02:43,090
It's a premium product for free.

55
00:02:43,620 --> 00:02:44,610
Well, it's not really for free.

56
00:02:44,620 --> 00:02:49,040
You're going to provide some telemetry about your system to open sets, but it's not that bad.

57
00:02:49,050 --> 00:02:50,100
You'll see what it is in a moment.

58
00:02:50,730 --> 00:02:52,080
It supports routing protocols.

59
00:02:52,080 --> 00:02:53,340
It supports web filtering.

60
00:02:53,670 --> 00:02:57,240
So, you know, DNS blacklists, things like that.

61
00:02:59,680 --> 00:03:05,320
And a whole bunch of other things, right, especially Sensa, which is absolutely amazing, this is

62
00:03:05,320 --> 00:03:12,250
what takes your open sense firewall into the next gen category, because with Sensa, it's a plug in.

63
00:03:14,170 --> 00:03:17,200
What we can do is we can set up, you know, application visibility.

64
00:03:17,590 --> 00:03:17,920
Right.

65
00:03:17,920 --> 00:03:19,180
So we can actually block.

66
00:03:20,150 --> 00:03:26,090
By the application layer, right, the layer seven, which is port agnostic, right, this is independent

67
00:03:26,090 --> 00:03:26,570
of the port.

68
00:03:26,570 --> 00:03:32,840
It actually analyzes the Layer seven app level traffic and can make intelligent blocking decisions based

69
00:03:32,840 --> 00:03:33,170
on that.

70
00:03:33,980 --> 00:03:35,200
You can see some examples here.

71
00:03:35,240 --> 00:03:36,500
We're going to set this up a little later.

72
00:03:37,700 --> 00:03:38,270
It's pretty cool.

73
00:03:38,600 --> 00:03:41,150
So you can, you know, drill down into your network visibility.

74
00:03:42,650 --> 00:03:44,480
Is active directory integration.

75
00:03:47,070 --> 00:03:51,490
And a bunch of other really, really cool stuff that you're not seeing here now, the only catch that

76
00:03:51,490 --> 00:03:56,870
in order to do this sense that you need to have eight gigabytes assigned to your virtual machine.

77
00:03:57,150 --> 00:03:59,310
So I don't know how many gigabytes you have in your host box.

78
00:03:59,340 --> 00:04:00,060
I have 32.

79
00:04:00,630 --> 00:04:02,280
If you have 16 is going to be a little tough.

80
00:04:02,970 --> 00:04:03,970
We'll make do with what we can.

81
00:04:03,990 --> 00:04:07,440
I'll even give you an option to install open sense without Sensa if you want.

82
00:04:08,470 --> 00:04:15,280
But let's close this out, let's just get open sense, so I'm going to click down that open sense and

83
00:04:15,280 --> 00:04:15,910
it will download.

84
00:04:17,470 --> 00:04:23,060
What we do is we select the architecture and we select the image, which should be a DVD.

85
00:04:24,100 --> 00:04:27,490
You select a mirror location and then you can download.

86
00:04:30,200 --> 00:04:32,780
So we'll come back after this finishes and then we'll jump into it.

87
00:04:33,680 --> 00:04:40,010
OK, so I'll download it pretty fast and all you need to do is extract the Beezy to file if you.

88
00:04:40,010 --> 00:04:40,160
Right.

89
00:04:40,160 --> 00:04:45,140
Click on it and you have seven zip installed, you can go to seven zip extract here or extract to a

90
00:04:45,140 --> 00:04:48,830
folder and then you'll get this beautiful ISIL in.

91
00:04:48,830 --> 00:04:52,160
When you get that ISO, we can create our appliance.

92
00:04:52,520 --> 00:05:00,110
So I'm going to shift right click copy his path, minimize, minimize and let's go to file new virtual

93
00:05:00,110 --> 00:05:00,560
machine.

94
00:05:01,640 --> 00:05:06,620
Typical and let's go ahead and paste in the path removing the quotes.

95
00:05:08,880 --> 00:05:12,120
Very cool, so FreeBSD was detected, so, you know, you've got the right path here.

96
00:05:13,030 --> 00:05:18,610
Click next, and I'm just going to name it Open Sense next.

97
00:05:19,520 --> 00:05:21,230
We'll set it to a single file.

98
00:05:22,150 --> 00:05:25,480
And then we'll change this to 40 gigabytes.

99
00:05:26,450 --> 00:05:28,280
All right, that looks pretty good, quick next.

100
00:05:29,430 --> 00:05:33,900
Now, we need to customize a few things here, so if we go to customize hardware, we need to bump the

101
00:05:33,900 --> 00:05:34,860
memory up to eight gigs.

102
00:05:34,860 --> 00:05:40,320
If we want to use Sensa, if you're not going to use and say you can leave it too technically, although

103
00:05:40,320 --> 00:05:43,810
four is better, but if you have the memory on your host box, go for it.

104
00:05:44,400 --> 00:05:50,350
OK, CPU's two and the adapters.

105
00:05:51,000 --> 00:05:52,740
So what we're going to do is add a new adapter.

106
00:05:54,550 --> 00:05:55,780
And there's a couple of things here, right?

107
00:05:55,800 --> 00:06:00,430
If you were building a DMZ, you would add an additional dafter, but we're going to have one adapter

108
00:06:00,430 --> 00:06:01,580
for our win.

109
00:06:02,560 --> 00:06:04,280
So this is going to be our Internet connection.

110
00:06:04,300 --> 00:06:10,300
We'll make it bridgid to our physical network when our horsebox and then the other network adapter will

111
00:06:10,300 --> 00:06:10,920
be hosted only.

112
00:06:12,070 --> 00:06:15,670
So this will be the internal private network of our carbon like that local.

113
00:06:16,140 --> 00:06:22,390
And I was just saying, if you wanted to add additional adapter for like a DMZ for our own mass-produced

114
00:06:22,390 --> 00:06:23,770
shop application, you could do that here.

115
00:06:23,770 --> 00:06:28,990
But I don't want to complicate this too much because I, I get the sense that there's going to be a

116
00:06:28,990 --> 00:06:30,460
lot of problems as you guys are going through this.

117
00:06:30,460 --> 00:06:33,100
And I don't want to frustrate you with all the setting and configuration.

118
00:06:33,110 --> 00:06:35,330
So this is an infrastructure course, right?

119
00:06:35,350 --> 00:06:37,750
This is really a modern ethical hacking course.

120
00:06:38,050 --> 00:06:40,300
So I want to keep the focus on that.

121
00:06:40,540 --> 00:06:40,930
Right.

122
00:06:41,180 --> 00:06:42,370
I want to frustrate you guys too much.

123
00:06:42,670 --> 00:06:43,560
So we'll keep it here.

124
00:06:44,050 --> 00:06:48,760
Bridge and host only click OK, Reclose even when look over and then click.

125
00:06:48,760 --> 00:06:49,210
Finish.

126
00:06:52,670 --> 00:06:58,490
All right, so the box is booted, let's log in with user name installer open since is the password.

127
00:06:59,720 --> 00:07:05,210
And we're basically just going to next next finish through this installer, so let's go, we'll accept

128
00:07:05,210 --> 00:07:13,130
the settings, run the guided installation, keep the default disk, which is on our VM will use yafai

129
00:07:13,130 --> 00:07:18,560
mode and then we will set the recommended Soire partition size.

130
00:07:18,980 --> 00:07:23,450
And after this finishes, it's going to prompt us for a password and we'll put that in reboot and then

131
00:07:23,450 --> 00:07:25,280
we'll continue with the appliance configuration.

132
00:07:25,670 --> 00:07:26,060
All right.

133
00:07:26,060 --> 00:07:28,370
So that took about roughly four to five minutes.

134
00:07:28,790 --> 00:07:36,740
We're going to create a root password, going to hit tab and then click accept and set password and

135
00:07:36,740 --> 00:07:40,010
then we'll reboot control alt to escape the N.

136
00:07:41,390 --> 00:07:43,730
Then I'm going to drag this VM into the private group.

137
00:07:46,780 --> 00:07:50,620
Now it's starting to look pretty good, so we'll wait for this to boot and then we'll log in with our

138
00:07:50,620 --> 00:07:51,190
credentials.

139
00:07:51,780 --> 00:07:52,180
All right.

140
00:07:52,180 --> 00:07:55,360
Now we're booted blogging with route, the password we just created.

141
00:07:56,230 --> 00:08:01,720
And you can see we've got the land and the wind, but the interface types aren't what we want.

142
00:08:02,140 --> 00:08:04,600
It's just a little bit of interface configuration we need to do.

143
00:08:04,960 --> 00:08:06,720
And we'll kick that off in the next lecture.

144
00:08:07,120 --> 00:08:08,650
So we'll see you guys in the next lecture.

145
00:08:09,010 --> 00:08:09,230
All right.

146
00:08:09,310 --> 00:08:09,550
Bye.